TechSpot

Sirefef variant please help

Inactive
By infectedpeer
Nov 14, 2012
  1. Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.14.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Josh :: JOSH-PC [administrator]
    11/14/2012 3:22:54 AM
    mbam-log-2012-11-14 (03-22-54).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 272145
    Time elapsed: 47 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  2. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    No GMER logs
  3. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Josh at 3:32:13 on 2012-11-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8154.5789 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\HP\HP LaserJet Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe
    E:\Programs\steam\Steam.exe
    E:\Programs\TiVoServer.exe
    E:\Programs\TiVoTransfer.exe
    E:\Programs\TiVoNotify.exe
    C:\Users\Josh\AppData\Local\Apps\2.0\66KV6HPL.M5G\RKCRYQCN.GO7\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\CurseClient.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
    E:\Programs\MagicDisc\MagicDisc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Josh\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Users\Josh\Desktop\dqdn3zl8.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    mStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [AdobeBridge]
    uRun: [Steam] "E:\Programs\steam\Steam.exe" -silent
    uRun: [TivoServer] E:\Programs\TiVoServer.exe /service /registry /auto:TivoServer
    uRun: [TivoTransfer] E:\Programs\TiVoTransfer.exe
    uRun: [TivoNotify] E:\Programs\TiVoNotify.exe /service /registry /auto:TivoNotify
    uRun: [TranscodingService] E:\Programs\Plus\\TranscodingService.exe
    uRun: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n
    StartupFolder: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\Josh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - E:\Programs\MagicDisc\MagicDisc.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    TCP: DhcpNameServer = 209.6.86.178 208.59.247.45 208.59.247.46
    TCP: Interfaces\{0809D70A-7C13-4BC3-AAC9-8055F6B86E5D} : DhcpNameServer = 209.6.86.178 208.59.247.45 208.59.247.46
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    BHO-X64: TBSB07898 - No File
    TB-X64: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3k975bs9.default\
    FF - prefs.js: network.proxy.http - 210.212.29.147
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\Josh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: E:\Programs\VLC\npvlc.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-4-12 142336]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-16 1258856]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-11 382312]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-17 250808]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-17 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-20 115168]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 TivoBeacon2;TiVo Beacon Service;E:\Programs\TiVoBeacon.exe [2010-8-24 1104656]
    .
    =============== Created Last 30 ================
    .
    2012-11-14 05:55:43 -------- d-sh--w- C:\Windows\ftpcache
    2012-11-14 05:55:39 -------- d-----w- C:\Users\Josh\AppData\Local\HP
    2012-11-14 05:54:27 608 --sha-w- C:\Windows\System32\winzvprt5.sys
    2012-11-14 05:54:27 28984 ------w- C:\Windows\System32\hppfaxprintermon5.dll
    2012-11-14 05:54:27 23352 ------w- C:\Windows\System32\hppfaxprintermonui5.dll
    2012-11-14 05:54:27 -------- d-----w- C:\Program Files\HP
    2012-11-14 05:53:21 -------- d-----w- C:\Users\Josh\AppData\Roaming\Hewlett-Packard Company
    2012-11-14 05:52:26 323584 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp101.dll
    2012-11-14 05:18:59 977720 ----a-w- C:\Windows\System32\hpxp1530_x64.dll
    2012-11-14 05:18:59 752440 ----a-w- C:\Windows\SysWow64\hpptsp06.dll
    2012-11-14 05:18:59 218936 ----a-w- C:\Windows\System32\hppscancoins64.dll
    2012-11-14 05:18:59 1151800 ----a-w- C:\Windows\System32\hpptsp06_x64.dll
    2012-11-14 05:18:55 318264 ----a-w- C:\Windows\System32\hpbcoins64.dll
    2012-11-14 05:18:51 86528 ----a-w- C:\Windows\System32\hppdcompio.dll
    2012-11-14 05:18:51 79872 ----a-w- C:\Windows\SysWow64\hppccompio.dll
    2012-11-14 05:18:48 176128 ----a-w- C:\Windows\System32\hpcpn101.dll
    2012-11-14 05:18:44 491008 ----a-w- C:\Windows\SysWow64\hpcdmc32.dll
    2012-11-14 05:18:44 305664 ----a-w- C:\Windows\SysWow64\hpcc3101.dll
    2012-11-14 05:18:00 -------- d-----w- C:\Program Files (x86)\HP
    2012-11-11 14:47:29 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACB7CDA6-5BB2-4670-ACDF-6D45ABB9B24A}\mpengine.dll
    2012-11-05 08:50:12 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-05 04:04:44 -------- d-----w- C:\Users\Josh\AppData\Roaming\VC 2 Paradise Resort
    2012-11-05 04:04:44 -------- d-----w- C:\Users\Josh\AppData\Local\VC 2 Paradise Resort
    2012-11-04 20:01:30 -------- d-----w- C:\ProgramData\Playrix Entertainment
    2012-11-04 19:15:13 -------- d-----w- C:\Users\Josh\AppData\Roaming\Mean Hamster Software
    2012-11-04 19:15:13 -------- d-----w- C:\ProgramData\Mean Hamster Software
    2012-10-29 14:51:46 -------- d-----w- C:\Users\Josh\AppData\Roaming\Namco
    2012-10-29 14:51:46 -------- d-----w- C:\ProgramData\Namco
    2012-10-27 15:28:38 -------- d-----w- C:\ProgramData\eBay
    2012-10-27 15:28:38 -------- d-----w- C:\Program Files (x86)\eBay
    2012-10-19 06:06:58 -------- d-----w- C:\Users\Josh\AppData\Roaming\CDisplayEx
    2012-10-19 06:06:52 -------- d-----w- C:\Program Files (x86)\CDisplayEx
    2012-10-17 06:07:17 -------- d-----w- C:\Users\Josh\AppData\Roaming\calibre
    2012-10-17 06:07:12 -------- d-----w- C:\Program Files (x86)\Calibre2
    2012-10-16 13:59:48 -------- d-----w- C:\Program Files (x86)\Network Print Monitor
    .
    ==================== Find3M ====================
    .
    2012-10-09 23:11:10 49152 ----a-r- C:\Windows\SysWow64\inetwh32.dll
    2012-10-09 23:11:10 1044480 ----a-r- C:\Windows\SysWow64\roboex32.dll
    2012-10-09 06:19:38 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 06:19:38 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-03 16:37:36 60304 ----a-w- C:\Users\Josh\g2mdlhlpx.exe
    2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-29 19:30:31 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-29 19:30:31 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-29 19:30:31 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-20 03:45:31 328704 ----a-w- C:\Windows\System32\services.exe.4CDA5267D3D73056
    2012-09-20 03:41:22 328704 ----a-w- C:\Windows\System32\services.exe.8EEB077EB22E9072
    2012-09-20 03:38:41 328704 ----a-w- C:\Windows\System32\services.exe.A6D6C5163A06BE3D
    2012-09-20 03:36:04 328704 ----a-w- C:\Windows\System32\services.exe.898782B8D2797198
    2012-09-20 03:33:28 328704 ----a-w- C:\Windows\System32\services.exe.AED1D8513DB96E15
    2012-09-20 03:30:51 328704 ----a-w- C:\Windows\System32\services.exe.51BBD7E4C3E03003
    2012-09-20 03:28:21 328704 ----a-w- C:\Windows\System32\services.exe.5ACF7B799A8644D0
    2012-09-20 03:25:48 328704 ----a-w- C:\Windows\System32\services.exe.5ED602166F37B32B
    2012-09-20 03:21:58 328704 ----a-w- C:\Windows\System32\services.exe.C46F0F853C975B3D
    2012-09-20 03:18:14 328704 ----a-w- C:\Windows\System32\services.exe.86D2522B8F4AECF2
    2012-09-20 03:15:00 328704 ----a-w- C:\Windows\System32\services.exe.DFE44FEB37CBA4EF
    2012-09-20 02:40:32 328704 ----a-w- C:\Windows\System32\services.exe.5A69C4598E34BEE8
    2012-09-20 02:37:49 328704 ----a-w- C:\Windows\System32\services.exe.150F2C2F8A603280
    2012-09-20 02:34:26 328704 ----a-w- C:\Windows\System32\services.exe.F2D398AE30B1CE74
    2012-09-20 02:31:45 328704 ----a-w- C:\Windows\System32\services.exe.C0A99E4817514E8C
    2012-09-06 13:55:33 474 ----a-w- C:\Program Files (x86)\090620129553365.bat
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 3:32:22.20 ===============
  4. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/16/2012 1:06:14 PM
    System Uptime: 11/14/2012 3:19:54 AM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | Z77X-UD3H
    Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | 3801/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 60 GiB total, 3.72 GiB free.
    D: is CDROM (CDFS)
    E: is FIXED (NTFS) - 466 GiB total, 120.333 GiB free.
    F: is FIXED (NTFS) - 932 GiB total, 692.715 GiB free.
    G: is FIXED (NTFS) - 1863 GiB total, 252.923 GiB free.
    H: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_50011458&REV_04\3&11583659&0&FB
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1106&DEV_3432&SUBSYS_50071458&REV_03\4&1828E751&0&00E4
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1106&DEV_3432&SUBSYS_50071458&REV_03\4&1828E751&0&00E4
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    3 Days Zoo Mystery
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS6
    Adobe Reader X (10.1.4)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Big Kahuna Reef 3
    Bigasoft MKV Converter 3.6.18.4499
    Burger Time Deluxe
    calibre
    Cat Wash
    CDisplayEx 1.8
    Coupon Printer for Windows
    CouponBar
    Curse Client
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DHTML Editing Component
    EVE Online (remove only)
    File Secure Pro Viewer
    FLV to AVI MPEG WMV 3GP MP4 iPod Converter
    Gardenscapes - Mansion Makeover
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.2.0.952
    Happy Chef
    HMA! Pro VPN 2.6.9
    HP LaserJet Professional M1530 MFP Series
    HP LJ M1530 MFP Series HP Scan
    HPLaserJetHelp_LearnCenter
    HPLJUT
    hppFaxDrvM1530
    hppFaxUtilityM1530
    hppLaserJetService
    hppM1530LaserJetService
    hppSendFaxM1530
    hppTLBXFXM1530
    hpzTLBXFX
    I.R.I.S. OCR
    Isla Dorada
    Java 7 Update 7
    Java Auto Updater
    JavaFX 2.1.1
    Jewel Legends - Tree of Life
    Jewel Quest Mysteries The Seventh Gate
    Jungle Quest
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSI Afterburner 2.2.4
    Network Print Monitor for Windows 2000/XP/2003/Vista
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Paradise Quest
    PDF Settings CS6
    Pizza Frenzy
    SABnzbd 0.7.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Stamps.com
    Steam
    The Elder Scrolls V: Skyrim
    TiVo Desktop 2.8.3
    TubeDigger 2.2.2
    Turbo Lister 2
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Ventrilo Client
    ViewSonic Windows 7 Signed Files
    Virtual City 2
    VLC media player 2.0.2
    World of Warcraft
    Yahoo! Software Update
    Yahoo! Toolbar
    Zoo Vet
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2012 9:47:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/9/2012 9:46:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/8/2012 9:46:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/8/2012 9:46:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/7/2012 9:53:25 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    11/7/2012 9:46:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/7/2012 1:36:30 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort6.
    11/14/2012 3:30:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1835.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/14/2012 3:20:33 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    11/14/2012 3:20:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    11/14/2012 3:20:03 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    11/14/2012 3:20:00 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    11/14/2012 3:20:00 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    11/13/2012 9:48:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1835.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/13/2012 9:48:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1835.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/12/2012 9:47:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1835.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/12/2012 12:53:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1835.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/11/2012 9:46:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/10/2012 9:47:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    11/10/2012 9:46:59 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    .
    ==== End Of File ===========================
  5. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    If I leave Microsoft Security essentials running it automatically reboots pc after 60 seconds. I have to turn it off for me to be even able to post this.
  6. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    03:39:56.0195 1128 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    03:39:56.0420 1128 ============================================================
    03:39:56.0420 1128 Current date / time: 2012/11/14 03:39:56.0420
    03:39:56.0420 1128 SystemInfo:
    03:39:56.0420 1128
    03:39:56.0420 1128 OS Version: 6.1.7601 ServicePack: 1.0
    03:39:56.0420 1128 Product type: Workstation
    03:39:56.0420 1128 ComputerName: JOSH-PC
    03:39:56.0420 1128 UserName: Josh
    03:39:56.0420 1128 Windows directory: C:\Windows
    03:39:56.0420 1128 System windows directory: C:\Windows
    03:39:56.0420 1128 Running under WOW64
    03:39:56.0420 1128 Processor architecture: Intel x64
    03:39:56.0420 1128 Number of processors: 4
    03:39:56.0420 1128 Page size: 0x1000
    03:39:56.0420 1128 Boot type: Normal boot
    03:39:56.0420 1128 ============================================================
    03:39:56.0650 1128 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:39:56.0660 1128 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:39:56.0680 1128 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:39:56.0680 1128 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:39:56.0685 1128 ============================================================
    03:39:56.0685 1128 \Device\Harddisk0\DR0:
    03:39:56.0685 1128 MBR partitions:
    03:39:56.0685 1128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    03:39:56.0685 1128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
    03:39:56.0685 1128 \Device\Harddisk1\DR1:
    03:39:56.0685 1128 MBR partitions:
    03:39:56.0685 1128 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
    03:39:56.0685 1128 \Device\Harddisk2\DR2:
    03:39:56.0685 1128 MBR partitions:
    03:39:56.0685 1128 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
    03:39:56.0685 1128 \Device\Harddisk3\DR3:
    03:39:56.0685 1128 MBR partitions:
    03:39:56.0685 1128 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
    03:39:56.0685 1128 ============================================================
    03:39:56.0685 1128 C: <-> \Device\Harddisk0\DR0\Partition2
    03:39:56.0695 1128 E: <-> \Device\Harddisk1\DR1\Partition1
    03:39:56.0710 1128 F: <-> \Device\Harddisk2\DR2\Partition1
    03:39:56.0725 1128 G: <-> \Device\Harddisk3\DR3\Partition1
    03:39:56.0725 1128 ============================================================
    03:39:56.0725 1128 Initialize success
    03:39:56.0725 1128 ============================================================
    03:39:59.0190 4492 ============================================================
    03:39:59.0190 4492 Scan started
    03:39:59.0190 4492 Mode: Manual;
    03:39:59.0190 4492 ============================================================
    03:39:59.0375 4492 ================ Scan system memory ========================
    03:39:59.0375 4492 System memory - ok
    03:39:59.0375 4492 ================ Scan services =============================
    03:39:59.0405 4492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    03:39:59.0405 4492 1394ohci - ok
    03:39:59.0410 4492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    03:39:59.0410 4492 ACPI - ok
    03:39:59.0415 4492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    03:39:59.0415 4492 AcpiPmi - ok
    03:39:59.0420 4492 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    03:39:59.0420 4492 AdobeARMservice - ok
    03:39:59.0440 4492 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    03:39:59.0440 4492 AdobeFlashPlayerUpdateSvc - ok
    03:39:59.0445 4492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    03:39:59.0450 4492 adp94xx - ok
    03:39:59.0450 4492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    03:39:59.0455 4492 adpahci - ok
    03:39:59.0455 4492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    03:39:59.0460 4492 adpu320 - ok
    03:39:59.0465 4492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    03:39:59.0465 4492 AeLookupSvc - ok
    03:39:59.0470 4492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    03:39:59.0470 4492 AFD - ok
    03:39:59.0475 4492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    03:39:59.0475 4492 agp440 - ok
    03:39:59.0475 4492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    03:39:59.0480 4492 ALG - ok
    03:39:59.0480 4492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    03:39:59.0480 4492 aliide - ok
    03:39:59.0480 4492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    03:39:59.0485 4492 amdide - ok
    03:39:59.0485 4492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    03:39:59.0485 4492 AmdK8 - ok
    03:39:59.0490 4492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    03:39:59.0490 4492 AmdPPM - ok
    03:39:59.0490 4492 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    03:39:59.0495 4492 amdsata - ok
    03:39:59.0495 4492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    03:39:59.0500 4492 amdsbs - ok
    03:39:59.0500 4492 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    03:39:59.0500 4492 amdxata - ok
    03:39:59.0505 4492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    03:39:59.0505 4492 AppID - ok
    03:39:59.0505 4492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    03:39:59.0505 4492 AppIDSvc - ok
    03:39:59.0510 4492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    03:39:59.0510 4492 Appinfo - ok
    03:39:59.0510 4492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    03:39:59.0510 4492 arc - ok
    03:39:59.0515 4492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    03:39:59.0515 4492 arcsas - ok
    03:39:59.0520 4492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    03:39:59.0520 4492 AsyncMac - ok
    03:39:59.0520 4492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    03:39:59.0520 4492 atapi - ok
    03:39:59.0525 4492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    03:39:59.0530 4492 AudioEndpointBuilder - ok
    03:39:59.0535 4492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    03:39:59.0540 4492 AudioSrv - ok
    03:39:59.0540 4492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    03:39:59.0540 4492 AxInstSV - ok
    03:39:59.0550 4492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    03:39:59.0550 4492 b06bdrv - ok
    03:39:59.0555 4492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    03:39:59.0555 4492 b57nd60a - ok
    03:39:59.0560 4492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    03:39:59.0560 4492 BDESVC - ok
    03:39:59.0565 4492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    03:39:59.0565 4492 Beep - ok
    03:39:59.0565 4492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    03:39:59.0565 4492 blbdrive - ok
    03:39:59.0570 4492 [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    03:39:59.0575 4492 Bonjour Service - ok
    03:39:59.0575 4492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    03:39:59.0575 4492 bowser - ok
    03:39:59.0580 4492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    03:39:59.0580 4492 BrFiltLo - ok
    03:39:59.0580 4492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    03:39:59.0580 4492 BrFiltUp - ok
    03:39:59.0585 4492 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    03:39:59.0585 4492 Browser - ok
    03:39:59.0590 4492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    03:39:59.0590 4492 Brserid - ok
    03:39:59.0590 4492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    03:39:59.0595 4492 BrSerWdm - ok
    03:39:59.0595 4492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    03:39:59.0595 4492 BrUsbMdm - ok
    03:39:59.0600 4492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    03:39:59.0600 4492 BrUsbSer - ok
    03:39:59.0600 4492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    03:39:59.0600 4492 BTHMODEM - ok
    03:39:59.0605 4492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    03:39:59.0605 4492 bthserv - ok
    03:39:59.0610 4492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    03:39:59.0610 4492 cdfs - ok
    03:39:59.0610 4492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    03:39:59.0615 4492 cdrom - ok
    03:39:59.0615 4492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    03:39:59.0615 4492 CertPropSvc - ok
    03:39:59.0620 4492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    03:39:59.0620 4492 circlass - ok
    03:39:59.0625 4492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    03:39:59.0625 4492 CLFS - ok
    03:39:59.0630 4492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:39:59.0635 4492 clr_optimization_v2.0.50727_32 - ok
    03:39:59.0640 4492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    03:39:59.0640 4492 clr_optimization_v2.0.50727_64 - ok
    03:39:59.0645 4492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:39:59.0645 4492 clr_optimization_v4.0.30319_32 - ok
    03:39:59.0650 4492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    03:39:59.0650 4492 clr_optimization_v4.0.30319_64 - ok
    03:39:59.0655 4492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    03:39:59.0655 4492 CmBatt - ok
    03:39:59.0655 4492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    03:39:59.0655 4492 cmdide - ok
    03:39:59.0660 4492 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    03:39:59.0665 4492 CNG - ok
    03:39:59.0670 4492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    03:39:59.0670 4492 Compbatt - ok
    03:39:59.0670 4492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    03:39:59.0670 4492 CompositeBus - ok
    03:39:59.0675 4492 COMSysApp - ok
    03:39:59.0675 4492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    03:39:59.0675 4492 crcdisk - ok
    03:39:59.0680 4492 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    03:39:59.0685 4492 CryptSvc - ok
    03:39:59.0690 4492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    03:39:59.0690 4492 DcomLaunch - ok
    03:39:59.0695 4492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    03:39:59.0700 4492 defragsvc - ok
    03:39:59.0700 4492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    03:39:59.0700 4492 DfsC - ok
    03:39:59.0710 4492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    03:39:59.0710 4492 Dhcp - ok
    03:39:59.0715 4492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    03:39:59.0715 4492 discache - ok
    03:39:59.0715 4492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    03:39:59.0715 4492 Disk - ok
    03:39:59.0720 4492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    03:39:59.0720 4492 Dnscache - ok
    03:39:59.0725 4492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    03:39:59.0725 4492 dot3svc - ok
    03:39:59.0730 4492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    03:39:59.0730 4492 DPS - ok
    03:39:59.0735 4492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    03:39:59.0735 4492 drmkaud - ok
    03:39:59.0740 4492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    03:39:59.0745 4492 DXGKrnl - ok
    03:39:59.0750 4492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    03:39:59.0750 4492 EapHost - ok
    03:39:59.0770 4492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    03:39:59.0795 4492 ebdrv - ok
    03:39:59.0800 4492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    03:39:59.0800 4492 EFS - ok
    03:39:59.0805 4492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    03:39:59.0810 4492 ehRecvr - ok
    03:39:59.0815 4492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    03:39:59.0815 4492 ehSched - ok
    03:39:59.0820 4492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    03:39:59.0820 4492 elxstor - ok
    03:39:59.0825 4492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    03:39:59.0825 4492 ErrDev - ok
    03:39:59.0830 4492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    03:39:59.0835 4492 EventSystem - ok
    03:39:59.0840 4492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    03:39:59.0840 4492 exfat - ok
    03:39:59.0845 4492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    03:39:59.0845 4492 fastfat - ok
    03:39:59.0850 4492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    03:39:59.0855 4492 Fax - ok
    03:39:59.0860 4492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    03:39:59.0860 4492 fdc - ok
    03:39:59.0860 4492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    03:39:59.0860 4492 fdPHost - ok
    03:39:59.0865 4492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    03:39:59.0865 4492 FDResPub - ok
    03:39:59.0865 4492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    03:39:59.0865 4492 FileInfo - ok
    03:39:59.0870 4492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    03:39:59.0870 4492 Filetrace - ok
    03:39:59.0870 4492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    03:39:59.0870 4492 flpydisk - ok
    03:39:59.0875 4492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    03:39:59.0880 4492 FltMgr - ok
    03:39:59.0885 4492 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    03:39:59.0895 4492 FontCache - ok
    03:39:59.0895 4492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    03:39:59.0900 4492 FontCache3.0.0.0 - ok
    03:39:59.0900 4492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    03:39:59.0900 4492 FsDepends - ok
    03:39:59.0905 4492 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    03:39:59.0905 4492 Fs_Rec - ok
    03:39:59.0905 4492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    03:39:59.0910 4492 fvevol - ok
    03:39:59.0910 4492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    03:39:59.0910 4492 gagp30kx - ok
    03:39:59.0910 4492 gdrv - ok
    03:39:59.0920 4492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    03:39:59.0925 4492 gpsvc - ok
    03:39:59.0930 4492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:39:59.0930 4492 gupdate - ok
    03:39:59.0930 4492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:39:59.0930 4492 gupdatem - ok
    03:39:59.0935 4492 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    03:39:59.0940 4492 gusvc - ok
    03:39:59.0940 4492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    03:39:59.0940 4492 hcw85cir - ok
    03:39:59.0945 4492 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    03:39:59.0945 4492 HdAudAddService - ok
    03:39:59.0950 4492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    03:39:59.0950 4492 HDAudBus - ok
    03:39:59.0955 4492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    03:39:59.0955 4492 HidBatt - ok
    03:39:59.0955 4492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    03:39:59.0955 4492 HidBth - ok
    03:39:59.0960 4492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    03:39:59.0960 4492 HidIr - ok
    03:39:59.0960 4492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    03:39:59.0965 4492 hidserv - ok
    03:39:59.0965 4492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    03:39:59.0965 4492 HidUsb - ok
    03:39:59.0970 4492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    03:39:59.0970 4492 hkmsvc - ok
    03:39:59.0975 4492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    03:39:59.0975 4492 HomeGroupListener - ok
    03:39:59.0980 4492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    03:39:59.0980 4492 HomeGroupProvider - ok
    03:39:59.0985 4492 [ 16959F84844DC9B2CEF0D5B1A412370F ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    03:39:59.0985 4492 HP LaserJet Service - ok
    03:39:59.0985 4492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    03:39:59.0990 4492 HpSAMD - ok
    03:39:59.0995 4492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    03:40:00.0000 4492 HTTP - ok
    03:40:00.0000 4492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    03:40:00.0000 4492 hwpolicy - ok
    03:40:00.0005 4492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    03:40:00.0005 4492 i8042prt - ok
    03:40:00.0010 4492 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    03:40:00.0015 4492 iaStorV - ok
    03:40:00.0020 4492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    03:40:00.0025 4492 idsvc - ok
    03:40:00.0025 4492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    03:40:00.0030 4492 iirsp - ok
    03:40:00.0035 4492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    03:40:00.0040 4492 IKEEXT - ok
    03:40:00.0045 4492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    03:40:00.0045 4492 intelide - ok
    03:40:00.0045 4492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    03:40:00.0045 4492 intelppm - ok
    03:40:00.0050 4492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    03:40:00.0050 4492 IPBusEnum - ok
    03:40:00.0055 4492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:40:00.0055 4492 IpFilterDriver - ok
    03:40:00.0055 4492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    03:40:00.0060 4492 IPMIDRV - ok
    03:40:00.0060 4492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    03:40:00.0060 4492 IPNAT - ok
    03:40:00.0065 4492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    03:40:00.0065 4492 IRENUM - ok
    03:40:00.0070 4492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    03:40:00.0070 4492 isapnp - ok
    03:40:00.0080 4492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    03:40:00.0085 4492 iScsiPrt - ok
    03:40:00.0090 4492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    03:40:00.0090 4492 kbdclass - ok
    03:40:00.0090 4492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    03:40:00.0095 4492 kbdhid - ok
    03:40:00.0095 4492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    03:40:00.0095 4492 KeyIso - ok
    03:40:00.0100 4492 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    03:40:00.0100 4492 KSecDD - ok
    03:40:00.0105 4492 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    03:40:00.0105 4492 KSecPkg - ok
    03:40:00.0105 4492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    03:40:00.0105 4492 ksthunk - ok
    03:40:00.0115 4492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    03:40:00.0120 4492 KtmRm - ok
    03:40:00.0120 4492 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    03:40:00.0120 4492 L1C - ok
    03:40:00.0125 4492 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
  7. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    03:40:00.0130 4492 LanmanServer - ok
    03:40:00.0130 4492 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    03:40:00.0135 4492 LanmanWorkstation - ok
    03:40:00.0135 4492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    03:40:00.0135 4492 lltdio - ok
    03:40:00.0140 4492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    03:40:00.0145 4492 lltdsvc - ok
    03:40:00.0145 4492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    03:40:00.0150 4492 lmhosts - ok
    03:40:00.0150 4492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    03:40:00.0150 4492 LSI_FC - ok
    03:40:00.0155 4492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    03:40:00.0155 4492 LSI_SAS - ok
    03:40:00.0160 4492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    03:40:00.0160 4492 LSI_SAS2 - ok
    03:40:00.0160 4492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    03:40:00.0160 4492 LSI_SCSI - ok
    03:40:00.0165 4492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    03:40:00.0165 4492 luafv - ok
    03:40:00.0170 4492 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    03:40:00.0170 4492 mcdbus - ok
    03:40:00.0190 4492 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    03:40:00.0190 4492 Mcx2Svc - ok
    03:40:00.0195 4492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    03:40:00.0195 4492 megasas - ok
    03:40:00.0195 4492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    03:40:00.0200 4492 MegaSR - ok
    03:40:00.0200 4492 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    03:40:00.0200 4492 MEIx64 - ok
    03:40:00.0205 4492 Microsoft SharePoint Workspace Audit Service - ok
    03:40:00.0210 4492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    03:40:00.0210 4492 MMCSS - ok
    03:40:00.0210 4492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    03:40:00.0215 4492 Modem - ok
    03:40:00.0215 4492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    03:40:00.0215 4492 monitor - ok
    03:40:00.0215 4492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    03:40:00.0215 4492 mouclass - ok
    03:40:00.0220 4492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    03:40:00.0220 4492 mouhid - ok
    03:40:00.0220 4492 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    03:40:00.0225 4492 mountmgr - ok
    03:40:00.0225 4492 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    03:40:00.0225 4492 MozillaMaintenance - ok
    03:40:00.0230 4492 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    03:40:00.0230 4492 MpFilter - ok
    03:40:00.0235 4492 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    03:40:00.0235 4492 mpio - ok
    03:40:00.0235 4492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    03:40:00.0240 4492 mpsdrv - ok
    03:40:00.0240 4492 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    03:40:00.0245 4492 MRxDAV - ok
    03:40:00.0245 4492 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:40:00.0250 4492 mrxsmb - ok
    03:40:00.0250 4492 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:40:00.0255 4492 mrxsmb10 - ok
    03:40:00.0255 4492 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:40:00.0260 4492 mrxsmb20 - ok
    03:40:00.0260 4492 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    03:40:00.0260 4492 msahci - ok
    03:40:00.0265 4492 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    03:40:00.0265 4492 msdsm - ok
    03:40:00.0270 4492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    03:40:00.0270 4492 MSDTC - ok
    03:40:00.0275 4492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    03:40:00.0275 4492 Msfs - ok
    03:40:00.0275 4492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    03:40:00.0275 4492 mshidkmdf - ok
    03:40:00.0280 4492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    03:40:00.0280 4492 msisadrv - ok
    03:40:00.0280 4492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    03:40:00.0285 4492 MSiSCSI - ok
    03:40:00.0285 4492 msiserver - ok
    03:40:00.0285 4492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    03:40:00.0290 4492 MSKSSRV - ok
    03:40:00.0290 4492 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    03:40:00.0290 4492 MsMpSvc - ok
    03:40:00.0290 4492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    03:40:00.0295 4492 MSPCLOCK - ok
    03:40:00.0295 4492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    03:40:00.0295 4492 MSPQM - ok
    03:40:00.0300 4492 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    03:40:00.0305 4492 MsRPC - ok
    03:40:00.0305 4492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    03:40:00.0305 4492 mssmbios - ok
    03:40:00.0310 4492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    03:40:00.0310 4492 MSTEE - ok
    03:40:00.0310 4492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    03:40:00.0310 4492 MTConfig - ok
    03:40:00.0315 4492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    03:40:00.0315 4492 Mup - ok
    03:40:00.0320 4492 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    03:40:00.0325 4492 napagent - ok
    03:40:00.0325 4492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    03:40:00.0330 4492 NativeWifiP - ok
    03:40:00.0335 4492 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    03:40:00.0345 4492 NDIS - ok
    03:40:00.0345 4492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    03:40:00.0345 4492 NdisCap - ok
    03:40:00.0350 4492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    03:40:00.0350 4492 NdisTapi - ok
    03:40:00.0350 4492 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    03:40:00.0350 4492 Ndisuio - ok
    03:40:00.0355 4492 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    03:40:00.0360 4492 NdisWan - ok
    03:40:00.0360 4492 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    03:40:00.0360 4492 NDProxy - ok
    03:40:00.0365 4492 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    03:40:00.0365 4492 Net Driver HPZ12 - ok
    03:40:00.0370 4492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    03:40:00.0370 4492 NetBIOS - ok
    03:40:00.0370 4492 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    03:40:00.0375 4492 NetBT - ok
    03:40:00.0375 4492 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    03:40:00.0375 4492 Netlogon - ok
    03:40:00.0380 4492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    03:40:00.0385 4492 Netman - ok
    03:40:00.0390 4492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    03:40:00.0395 4492 netprofm - ok
    03:40:00.0395 4492 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    03:40:00.0395 4492 NetTcpPortSharing - ok
    03:40:00.0400 4492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    03:40:00.0400 4492 nfrd960 - ok
    03:40:00.0405 4492 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    03:40:00.0405 4492 NisDrv - ok
    03:40:00.0410 4492 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    03:40:00.0410 4492 NisSrv - ok
    03:40:00.0415 4492 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    03:40:00.0415 4492 NlaSvc - ok
    03:40:00.0420 4492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    03:40:00.0420 4492 Npfs - ok
    03:40:00.0420 4492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    03:40:00.0420 4492 nsi - ok
    03:40:00.0425 4492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    03:40:00.0425 4492 nsiproxy - ok
    03:40:00.0440 4492 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    03:40:00.0450 4492 Ntfs - ok
    03:40:00.0450 4492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    03:40:00.0450 4492 Null - ok
    03:40:00.0455 4492 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    03:40:00.0455 4492 NVHDA - ok
    03:40:00.0540 4492 [ 8917336C07FA25D37D460FE49195A7EA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    03:40:00.0585 4492 nvlddmkm - ok
    03:40:00.0590 4492 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    03:40:00.0590 4492 nvraid - ok
    03:40:00.0595 4492 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    03:40:00.0595 4492 nvstor - ok
    03:40:00.0605 4492 [ 37D1F21763FF1B40AE8715AA793B1A33 ] nvsvc C:\Windows\system32\nvvsvc.exe
    03:40:00.0610 4492 nvsvc - ok
    03:40:00.0620 4492 [ 16775FC73AC10DA31CF61382B1927FA4 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    03:40:00.0625 4492 nvUpdatusService - ok
    03:40:00.0635 4492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    03:40:00.0635 4492 nv_agp - ok
    03:40:00.0635 4492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    03:40:00.0640 4492 ohci1394 - ok
    03:40:00.0640 4492 [ D8A0164A79D4BFD6083945C5431E41E7 ] OpenVPNService C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
    03:40:00.0640 4492 OpenVPNService - ok
    03:40:00.0645 4492 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    03:40:00.0645 4492 ose - ok
    03:40:00.0680 4492 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    03:40:00.0695 4492 osppsvc - ok
    03:40:00.0705 4492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    03:40:00.0705 4492 p2pimsvc - ok
    03:40:00.0710 4492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    03:40:00.0715 4492 p2psvc - ok
    03:40:00.0715 4492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    03:40:00.0720 4492 Parport - ok
    03:40:00.0720 4492 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    03:40:00.0720 4492 partmgr - ok
    03:40:00.0725 4492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    03:40:00.0725 4492 PcaSvc - ok
    03:40:00.0730 4492 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    03:40:00.0730 4492 pci - ok
    03:40:00.0735 4492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    03:40:00.0735 4492 pciide - ok
    03:40:00.0735 4492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    03:40:00.0740 4492 pcmcia - ok
    03:40:00.0740 4492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    03:40:00.0740 4492 pcw - ok
    03:40:00.0745 4492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    03:40:00.0750 4492 PEAUTH - ok
    03:40:00.0770 4492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    03:40:00.0770 4492 PerfHost - ok
    03:40:00.0780 4492 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    03:40:00.0790 4492 pla - ok
    03:40:00.0795 4492 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    03:40:00.0800 4492 PlugPlay - ok
    03:40:00.0805 4492 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    03:40:00.0805 4492 Pml Driver HPZ12 - ok
    03:40:00.0805 4492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    03:40:00.0805 4492 PNRPAutoReg - ok
    03:40:00.0810 4492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    03:40:00.0815 4492 PNRPsvc - ok
    03:40:00.0820 4492 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    03:40:00.0820 4492 PolicyAgent - ok
    03:40:00.0825 4492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    03:40:00.0830 4492 Power - ok
    03:40:00.0830 4492 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    03:40:00.0835 4492 PptpMiniport - ok
    03:40:00.0835 4492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    03:40:00.0835 4492 Processor - ok
    03:40:00.0840 4492 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    03:40:00.0840 4492 ProfSvc - ok
    03:40:00.0845 4492 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    03:40:00.0845 4492 ProtectedStorage - ok
    03:40:00.0845 4492 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    03:40:00.0850 4492 Psched - ok
    03:40:00.0860 4492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    03:40:00.0870 4492 ql2300 - ok
    03:40:00.0870 4492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    03:40:00.0875 4492 ql40xx - ok
    03:40:00.0880 4492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    03:40:00.0880 4492 QWAVE - ok
    03:40:00.0885 4492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    03:40:00.0885 4492 QWAVEdrv - ok
    03:40:00.0885 4492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    03:40:00.0885 4492 RasAcd - ok
    03:40:00.0890 4492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    03:40:00.0890 4492 RasAgileVpn - ok
    03:40:00.0890 4492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    03:40:00.0895 4492 RasAuto - ok
    03:40:00.0895 4492 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:40:00.0895 4492 Rasl2tp - ok
    03:40:00.0900 4492 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    03:40:00.0905 4492 RasMan - ok
    03:40:00.0905 4492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    03:40:00.0905 4492 RasPppoe - ok
    03:40:00.0910 4492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    03:40:00.0910 4492 RasSstp - ok
    03:40:00.0915 4492 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    03:40:00.0915 4492 rdbss - ok
    03:40:00.0920 4492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    03:40:00.0920 4492 rdpbus - ok
    03:40:00.0920 4492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:40:00.0920 4492 RDPCDD - ok
    03:40:00.0925 4492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    03:40:00.0925 4492 RDPENCDD - ok
    03:40:00.0925 4492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    03:40:00.0930 4492 RDPREFMP - ok
    03:40:00.0930 4492 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    03:40:00.0935 4492 RDPWD - ok
    03:40:00.0935 4492 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    03:40:00.0940 4492 rdyboost - ok
    03:40:00.0940 4492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    03:40:00.0945 4492 RemoteAccess - ok
    03:40:00.0945 4492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    03:40:00.0950 4492 RemoteRegistry - ok
    03:40:00.0950 4492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    03:40:00.0950 4492 RpcEptMapper - ok
    03:40:00.0955 4492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    03:40:00.0955 4492 RpcLocator - ok
    03:40:00.0960 4492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    03:40:00.0960 4492 RpcSs - ok
    03:40:00.0965 4492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    03:40:00.0965 4492 rspndr - ok
    03:40:00.0965 4492 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    03:40:00.0970 4492 SamSs - ok
    03:40:00.0970 4492 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    03:40:00.0970 4492 sbp2port - ok
    03:40:00.0975 4492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    03:40:00.0975 4492 SCardSvr - ok
    03:40:00.0980 4492 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    03:40:00.0980 4492 scfilter - ok
    03:40:00.0990 4492 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    03:40:00.0995 4492 Schedule - ok
    03:40:01.0000 4492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    03:40:01.0000 4492 SCPolicySvc - ok
    03:40:01.0005 4492 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    03:40:01.0005 4492 SDRSVC - ok
    03:40:01.0005 4492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    03:40:01.0010 4492 secdrv - ok
    03:40:01.0010 4492 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    03:40:01.0010 4492 seclogon - ok
    03:40:01.0015 4492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    03:40:01.0015 4492 SENS - ok
    03:40:01.0015 4492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    03:40:01.0020 4492 SensrSvc - ok
    03:40:01.0020 4492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    03:40:01.0020 4492 Serenum - ok
    03:40:01.0025 4492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    03:40:01.0025 4492 Serial - ok
    03:40:01.0025 4492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
  8. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    03:40:01.0025 4492 sermouse - ok
    03:40:01.0030 4492 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    03:40:01.0035 4492 SessionEnv - ok
    03:40:01.0035 4492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    03:40:01.0040 4492 sffdisk - ok
    03:40:01.0040 4492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    03:40:01.0040 4492 sffp_mmc - ok
    03:40:01.0040 4492 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    03:40:01.0045 4492 sffp_sd - ok
    03:40:01.0045 4492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    03:40:01.0045 4492 sfloppy - ok
    03:40:01.0050 4492 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    03:40:01.0055 4492 ShellHWDetection - ok
    03:40:01.0055 4492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    03:40:01.0060 4492 SiSRaid2 - ok
    03:40:01.0060 4492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    03:40:01.0060 4492 SiSRaid4 - ok
    03:40:01.0065 4492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    03:40:01.0065 4492 Smb - ok
    03:40:01.0070 4492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    03:40:01.0070 4492 SNMPTRAP - ok
    03:40:01.0075 4492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    03:40:01.0075 4492 spldr - ok
    03:40:01.0080 4492 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    03:40:01.0085 4492 Spooler - ok
    03:40:01.0110 4492 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    03:40:01.0130 4492 sppsvc - ok
    03:40:01.0135 4492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    03:40:01.0135 4492 sppuinotify - ok
    03:40:01.0140 4492 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    03:40:01.0145 4492 srv - ok
    03:40:01.0150 4492 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    03:40:01.0150 4492 srv2 - ok
    03:40:01.0155 4492 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    03:40:01.0155 4492 srvnet - ok
    03:40:01.0160 4492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    03:40:01.0160 4492 SSDPSRV - ok
    03:40:01.0165 4492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    03:40:01.0165 4492 SstpSvc - ok
    03:40:01.0165 4492 Steam Client Service - ok
    03:40:01.0170 4492 [ FAF7BF30B496E839A87C024E309B2A3F ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    03:40:01.0175 4492 Stereo Service - ok
    03:40:01.0175 4492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    03:40:01.0175 4492 stexstor - ok
    03:40:01.0180 4492 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    03:40:01.0180 4492 StillCam - ok
    03:40:01.0185 4492 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    03:40:01.0190 4492 stisvc - ok
    03:40:01.0190 4492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    03:40:01.0190 4492 swenum - ok
    03:40:01.0200 4492 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    03:40:01.0200 4492 SwitchBoard - ok
    03:40:01.0205 4492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    03:40:01.0210 4492 swprv - ok
    03:40:01.0225 4492 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    03:40:01.0235 4492 SysMain - ok
    03:40:01.0240 4492 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    03:40:01.0240 4492 TabletInputService - ok
    03:40:01.0240 4492 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    03:40:01.0240 4492 tap0901 - ok
    03:40:01.0245 4492 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    03:40:01.0250 4492 TapiSrv - ok
    03:40:01.0250 4492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    03:40:01.0250 4492 TBS - ok
    03:40:01.0265 4492 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    03:40:01.0280 4492 Tcpip - ok
    03:40:01.0295 4492 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    03:40:01.0300 4492 TCPIP6 - ok
    03:40:01.0305 4492 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    03:40:01.0305 4492 tcpipreg - ok
    03:40:01.0305 4492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    03:40:01.0305 4492 TDPIPE - ok
    03:40:01.0310 4492 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    03:40:01.0310 4492 TDTCP - ok
    03:40:01.0315 4492 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    03:40:01.0315 4492 tdx - ok
    03:40:01.0315 4492 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    03:40:01.0315 4492 TermDD - ok
    03:40:01.0325 4492 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    03:40:01.0330 4492 TermService - ok
    03:40:01.0330 4492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    03:40:01.0330 4492 Themes - ok
    03:40:01.0335 4492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    03:40:01.0335 4492 THREADORDER - ok
    03:40:01.0360 4492 TivoBeacon2 - ok
    03:40:01.0360 4492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    03:40:01.0365 4492 TrkWks - ok
    03:40:01.0365 4492 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    03:40:01.0370 4492 TrustedInstaller - ok
    03:40:01.0370 4492 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:40:01.0370 4492 tssecsrv - ok
    03:40:01.0375 4492 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    03:40:01.0375 4492 TsUsbFlt - ok
    03:40:01.0380 4492 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    03:40:01.0380 4492 tunnel - ok
    03:40:01.0380 4492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    03:40:01.0385 4492 uagp35 - ok
    03:40:01.0385 4492 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    03:40:01.0390 4492 udfs - ok
    03:40:01.0395 4492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    03:40:01.0395 4492 UI0Detect - ok
    03:40:01.0395 4492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    03:40:01.0395 4492 uliagpkx - ok
    03:40:01.0400 4492 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    03:40:01.0400 4492 umbus - ok
    03:40:01.0400 4492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    03:40:01.0405 4492 UmPass - ok
    03:40:01.0405 4492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    03:40:01.0410 4492 upnphost - ok
    03:40:01.0415 4492 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    03:40:01.0415 4492 usbccgp - ok
    03:40:01.0415 4492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    03:40:01.0420 4492 usbcir - ok
    03:40:01.0420 4492 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    03:40:01.0420 4492 usbehci - ok
    03:40:01.0425 4492 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    03:40:01.0425 4492 usbhub - ok
    03:40:01.0430 4492 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    03:40:01.0430 4492 usbohci - ok
    03:40:01.0435 4492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    03:40:01.0435 4492 usbprint - ok
    03:40:01.0435 4492 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:40:01.0435 4492 USBSTOR - ok
    03:40:01.0440 4492 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    03:40:01.0440 4492 usbuhci - ok
    03:40:01.0440 4492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    03:40:01.0445 4492 UxSms - ok
    03:40:01.0445 4492 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    03:40:01.0445 4492 VaultSvc - ok
    03:40:01.0450 4492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    03:40:01.0450 4492 vdrvroot - ok
    03:40:01.0455 4492 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    03:40:01.0460 4492 vds - ok
    03:40:01.0460 4492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    03:40:01.0460 4492 vga - ok
    03:40:01.0465 4492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    03:40:01.0465 4492 VgaSave - ok
    03:40:01.0465 4492 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    03:40:01.0470 4492 vhdmp - ok
    03:40:01.0470 4492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    03:40:01.0470 4492 viaide - ok
    03:40:01.0475 4492 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    03:40:01.0475 4492 volmgr - ok
    03:40:01.0480 4492 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    03:40:01.0485 4492 volmgrx - ok
    03:40:01.0485 4492 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    03:40:01.0490 4492 volsnap - ok
    03:40:01.0490 4492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    03:40:01.0495 4492 vsmraid - ok
    03:40:01.0505 4492 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    03:40:01.0515 4492 VSS - ok
    03:40:01.0520 4492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    03:40:01.0520 4492 vwifibus - ok
    03:40:01.0525 4492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    03:40:01.0525 4492 W32Time - ok
    03:40:01.0530 4492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    03:40:01.0530 4492 WacomPen - ok
    03:40:01.0535 4492 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    03:40:01.0535 4492 WANARP - ok
    03:40:01.0535 4492 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    03:40:01.0535 4492 Wanarpv6 - ok
    03:40:01.0545 4492 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    03:40:01.0555 4492 WatAdminSvc - ok
    03:40:01.0565 4492 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    03:40:01.0590 4492 wbengine - ok
    03:40:01.0590 4492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    03:40:01.0595 4492 WbioSrvc - ok
    03:40:01.0600 4492 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    03:40:01.0600 4492 wcncsvc - ok
    03:40:01.0605 4492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    03:40:01.0605 4492 WcsPlugInService - ok
    03:40:01.0605 4492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    03:40:01.0610 4492 Wd - ok
    03:40:01.0615 4492 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    03:40:01.0620 4492 Wdf01000 - ok
    03:40:01.0620 4492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    03:40:01.0625 4492 WdiServiceHost - ok
    03:40:01.0625 4492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    03:40:01.0625 4492 WdiSystemHost - ok
    03:40:01.0630 4492 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    03:40:01.0630 4492 WebClient - ok
    03:40:01.0635 4492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    03:40:01.0640 4492 Wecsvc - ok
    03:40:01.0640 4492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    03:40:01.0645 4492 wercplsupport - ok
    03:40:01.0645 4492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    03:40:01.0645 4492 WerSvc - ok
    03:40:01.0650 4492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    03:40:01.0650 4492 WfpLwf - ok
    03:40:01.0650 4492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    03:40:01.0650 4492 WIMMount - ok
    03:40:01.0655 4492 WinHttpAutoProxySvc - ok
    03:40:01.0660 4492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    03:40:01.0665 4492 Winmgmt - ok
    03:40:01.0680 4492 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    03:40:01.0690 4492 WinRM - ok
    03:40:01.0695 4492 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    03:40:01.0695 4492 WinUsb - ok
    03:40:01.0705 4492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    03:40:01.0710 4492 Wlansvc - ok
    03:40:01.0715 4492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    03:40:01.0715 4492 WmiAcpi - ok
    03:40:01.0720 4492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    03:40:01.0720 4492 wmiApSrv - ok
    03:40:01.0720 4492 WMPNetworkSvc - ok
    03:40:01.0725 4492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    03:40:01.0725 4492 WPCSvc - ok
    03:40:01.0725 4492 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    03:40:01.0730 4492 WPDBusEnum - ok
    03:40:01.0730 4492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    03:40:01.0735 4492 ws2ifsl - ok
    03:40:01.0735 4492 WSearch - ok
    03:40:01.0735 4492 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    03:40:01.0740 4492 WudfPf - ok
    03:40:01.0740 4492 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:40:01.0745 4492 WUDFRd - ok
    03:40:01.0745 4492 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    03:40:01.0750 4492 wudfsvc - ok
    03:40:01.0750 4492 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    03:40:01.0755 4492 WwanSvc - ok
    03:40:01.0760 4492 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    03:40:01.0765 4492 YahooAUService - ok
    03:40:01.0770 4492 ================ Scan global ===============================
    03:40:01.0785 4492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    03:40:01.0790 4492 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    03:40:01.0795 4492 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    03:40:01.0795 4492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    03:40:01.0800 4492 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    03:40:01.0805 4492 [Global] - ok
    03:40:01.0805 4492 ================ Scan MBR ==================================
    03:40:01.0805 4492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    03:40:01.0870 4492 \Device\Harddisk0\DR0 - ok
    03:40:01.0870 4492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    03:40:01.0875 4492 \Device\Harddisk1\DR1 - ok
    03:40:01.0895 4492 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    03:40:01.0895 4492 \Device\Harddisk2\DR2 - ok
    03:40:01.0900 4492 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
    03:40:01.0900 4492 \Device\Harddisk3\DR3 - ok
    03:40:01.0900 4492 ================ Scan VBR ==================================
    03:40:01.0900 4492 [ DFE69C27BEBE97DC5D3C7F593A2FCBC2 ] \Device\Harddisk0\DR0\Partition1
    03:40:01.0900 4492 \Device\Harddisk0\DR0\Partition1 - ok
    03:40:01.0905 4492 [ D8B263DB5A321ED1C2D89AF7B947ED20 ] \Device\Harddisk0\DR0\Partition2
    03:40:01.0905 4492 \Device\Harddisk0\DR0\Partition2 - ok
    03:40:01.0905 4492 [ 3DBB43452688697AF0EA65D6B9C2DE45 ] \Device\Harddisk1\DR1\Partition1
    03:40:01.0905 4492 \Device\Harddisk1\DR1\Partition1 - ok
    03:40:01.0910 4492 [ 79A01381DC690A607446D431CBDB54A8 ] \Device\Harddisk2\DR2\Partition1
    03:40:01.0910 4492 \Device\Harddisk2\DR2\Partition1 - ok
    03:40:01.0910 4492 [ 7F3403343E2D9EB4369C880E2E02FE43 ] \Device\Harddisk3\DR3\Partition1
    03:40:01.0910 4492 \Device\Harddisk3\DR3\Partition1 - ok
    03:40:01.0910 4492 ============================================================
    03:40:01.0910 4492 Scan finished
    03:40:01.0910 4492 ============================================================
    03:40:01.0920 3824 Detected object count: 0
    03:40:01.0920 3824 Actual detected object count: 0
  9. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Josh [Admin rights]
    Mode : Remove -- Date : 11/14/2012 03:43:59
    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] CurseClient.exe -- C:\Users\Josh\AppData\Local\Apps\2.0\66KV6HPL.M5G\RKCRYQCN.GO7\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\CurseClient.exe -> KILLED [TermProc]
    [WIN][HJNAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    [WIN][HJNAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{cd9b547b-b152-d663-6c42-158dfeeb9499}\U --> REMOVED
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: M4-CT064M4SSD2 ATA Device +++++
    --- User ---
    [MBR] 63ce62db0955e1bf58010d7403a5d98f
    [BSP] 89c83c90f33d26c1dc8f1cc4e19b73ea : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD5000AAKX-00ERMA0 ATA Device +++++
    --- User ---
    [MBR] c5d8281cf5827797da03d2af29ab553a
    [BSP] 465509872d424eca03fc01a491dc4c74 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: ST31000340AS ATA Device +++++
    --- User ---
    [MBR] 3665e732a7e2bf519ab054b959db4128
    [BSP] f0b78c53b3081da88572610732e27b98 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive3: WDC WD20EARS-00S8B1 ATA Device +++++
    --- User ---
    [MBR] d5eab76e936916789a12fea7dc3747c5
    [BSP] ae0b496ff6c582bfed23098b3c32d0d2 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907718 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[4]_D_11142012_02d0343.txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3]_S_11142012_02d0343.txt ; RKreport[4]_D_11142012_02d0343.txt
  10. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-14 03:45:07
    -----------------------------
    03:45:07.554 OS Version: Windows x64 6.1.7601 Service Pack 1
    03:45:07.554 Number of processors: 4 586 0x3A09
    03:45:07.555 ComputerName: JOSH-PC UserName: Josh
    03:45:07.756 Initialize success
    03:45:44.007 AVAST engine defs: 12111301
    03:45:47.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    03:45:47.970 Disk 0 Vendor: M4-CT064M4SSD2 0309 Size: 61057MB BusType: 11
    03:45:47.972 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
    03:45:47.974 Disk 1 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 11
    03:45:47.977 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
    03:45:47.980 Disk 2 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 11
    03:45:47.982 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP6T0L0-6
    03:45:47.985 Disk 3 Vendor: WDC_WD20EARS-00S8B1 80.00A80 Size: 1907729MB BusType: 11
    03:45:47.989 Disk 0 MBR read successfully
    03:45:47.992 Disk 0 MBR scan
    03:45:47.997 Disk 0 Windows 7 default MBR code
    03:45:48.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    03:45:48.005 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
    03:45:48.011 Disk 0 scanning C:\Windows\system32\drivers
    03:45:49.706 Service scanning
    03:45:56.128 Modules scanning
    03:45:56.135 Disk 0 trace - called modules:
    03:45:56.555 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    03:45:56.561 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f68060]
    03:45:56.566 3 CLASSPNP.SYS[fffff880018fc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006d3f680]
    03:45:56.769 AVAST engine scan C:\Windows
    03:45:57.068 AVAST engine scan C:\Windows\system32
    03:46:37.289 AVAST engine scan C:\Windows\system32\drivers
    03:46:39.183 AVAST engine scan C:\Users\Josh
    03:47:17.584 File: C:\Users\Josh\AppData\Local\Temp\dfojcluw1znr6ogy.exe **INFECTED** Win32:Downloader-QPN [Trj]
    03:47:24.029 File: C:\Users\Josh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4146a7a6-54aa7fc3 **INFECTED** Win32:Downloader-QPN [Trj]
    03:47:31.718 AVAST engine scan C:\ProgramData
    03:47:43.082 Scan finished successfully
    03:47:54.099 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
    03:47:54.101 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-14 03:45:07
    -----------------------------
    03:45:07.554 OS Version: Windows x64 6.1.7601 Service Pack 1
    03:45:07.554 Number of processors: 4 586 0x3A09
    03:45:07.555 ComputerName: JOSH-PC UserName: Josh
    03:45:07.756 Initialize success
    03:45:44.007 AVAST engine defs: 12111301
    03:45:47.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    03:45:47.970 Disk 0 Vendor: M4-CT064M4SSD2 0309 Size: 61057MB BusType: 11
    03:45:47.972 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
    03:45:47.974 Disk 1 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 11
    03:45:47.977 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
    03:45:47.980 Disk 2 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 11
    03:45:47.982 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP6T0L0-6
    03:45:47.985 Disk 3 Vendor: WDC_WD20EARS-00S8B1 80.00A80 Size: 1907729MB BusType: 11
    03:45:47.989 Disk 0 MBR read successfully
    03:45:47.992 Disk 0 MBR scan
    03:45:47.997 Disk 0 Windows 7 default MBR code
    03:45:48.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    03:45:48.005 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
    03:45:48.011 Disk 0 scanning C:\Windows\system32\drivers
    03:45:49.706 Service scanning
    03:45:56.128 Modules scanning
    03:45:56.135 Disk 0 trace - called modules:
    03:45:56.555 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    03:45:56.561 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f68060]
    03:45:56.566 3 CLASSPNP.SYS[fffff880018fc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006d3f680]
    03:45:56.769 AVAST engine scan C:\Windows
    03:45:57.068 AVAST engine scan C:\Windows\system32
    03:46:37.289 AVAST engine scan C:\Windows\system32\drivers
    03:46:39.183 AVAST engine scan C:\Users\Josh
    03:47:17.584 File: C:\Users\Josh\AppData\Local\Temp\dfojcluw1znr6ogy.exe **INFECTED** Win32:Downloader-QPN [Trj]
    03:47:24.029 File: C:\Users\Josh\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4146a7a6-54aa7fc3 **INFECTED** Win32:Downloader-QPN [Trj]
    03:47:31.718 AVAST engine scan C:\ProgramData
    03:47:43.082 Scan finished successfully
    03:47:54.099 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
    03:47:54.101 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"
    03:48:38.207 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
    03:48:38.209 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"
  11. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
    Ran by SYSTEM at 14-11-2012 04:02:28
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\HP LaserJet Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax" [3707704 2010-04-09] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n [58936 2010-04-16] (Hewlett-Packard Company)
    HKU\Amber\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-17] (Google Inc.)
    HKU\Josh\...\Run: [AdobeBridge] [x]
    HKU\Josh\...\Run: [Steam] "E:\Programs\steam\Steam.exe" -silent [x]
    HKU\Josh\...\Run: [TivoServer] E:\Programs\TiVoServer.exe /service /registry /auto:TivoServer [x]
    HKU\Josh\...\Run: [TivoTransfer] E:\Programs\TiVoTransfer.exe [x]
    HKU\Josh\...\Run: [TivoNotify] E:\Programs\TiVoNotify.exe /service /registry /auto:TivoNotify [x]
    HKU\Josh\...\Run: [TranscodingService] E:\Programs\Plus\\TranscodingService.exe [x]
    HKU\Josh\...\Run: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-18] (Google Inc.)
    HKU\New Ebay account\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-17] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.6.86.178 208.59.247.45 208.59.247.46
    Startup: C:\Users\Josh\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    Startup: C:\Users\Josh\Start Menu\Programs\Startup\MagicDisc.lnk
    ShortcutTarget: MagicDisc.lnk -> C:\Programs\MagicDisc\MagicDisc.exe (No File)
    ==================== Services (Whitelisted) ===================
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    3 OpenVPNService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [36352 2011-07-13] ()
    4 TivoBeacon2; C:\Programs\TiVoBeacon.exe /service [x]
    ==================== Drivers (Whitelisted) =====================
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
    3 gdrv; \??\C:\Windows\gdrv.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-14 04:02 - 2012-11-14 04:02 - 00000000 ____D C:\FRST
    2012-11-14 00:44 - 2012-11-14 00:45 - 04732416 ____A (AVAST Software) C:\Users\Josh\Desktop\aswMBR.exe.cbb0qm3.partial
    2012-11-14 00:43 - 2012-11-14 00:43 - 00002633 ____A C:\Users\Josh\Desktop\RKreport[4]_D_11142012_02d0343.txt
    2012-11-14 00:43 - 2012-11-14 00:43 - 00002589 ____A C:\Users\Josh\Desktop\RKreport[3]_S_11142012_02d0343.txt
    2012-11-14 00:42 - 2012-11-14 00:42 - 00673280 ____A C:\Users\Josh\Desktop\RogueKiller.exe
    2012-11-14 00:39 - 2012-11-14 00:39 - 02195061 ____A C:\Users\Josh\Downloads\tdsskiller.zip
    2012-11-14 00:26 - 2012-11-14 00:26 - 00302592 ____A C:\Users\Josh\Desktop\dqdn3zl8.exe
    2012-11-13 23:53 - 2012-11-13 23:54 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad
    2012-11-13 21:55 - 2012-11-13 21:55 - 00000000 __SHD C:\Windows\ftpcache
    2012-11-13 21:55 - 2012-11-13 21:55 - 00000000 ____D C:\Users\Josh\AppData\Local\HP
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000608 __ASH C:\Windows\System32\winzvprt5.sys
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000256 ____A C:\Windows\System32\hppfaxprinter5.ini
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000000 ____D C:\Users\Public\Documents\HP
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000000 ____D C:\Users\All Users\HP
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000000 ____D C:\Program Files\HP
    2012-11-13 21:54 - 2010-04-09 12:08 - 00028984 ____N (Hewlett-Packard Company) C:\Windows\System32\hppfaxprintermon5.dll
    2012-11-13 21:54 - 2010-04-09 12:08 - 00023352 ____N (Hewlett-Packard Company) C:\Windows\System32\hppfaxprintermonui5.dll
    2012-11-13 21:53 - 2012-11-13 21:53 - 00001231 ____A C:\Users\Public\Desktop\HP LJ M1530 Scan.lnk
    2012-11-13 21:53 - 2012-11-13 21:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Hewlett-Packard Company
    2012-11-13 21:52 - 2012-11-13 21:53 - 00000121 ____A C:\Windows\SysWOW64\msiexec.log
    2012-11-13 21:52 - 2012-11-13 21:53 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
    2012-11-13 21:52 - 2012-11-13 21:52 - 00001367 ____A C:\Users\Public\Desktop\HP LaserJet Pro M1530 Series Help & Learn Center.lnk
    2012-11-13 21:52 - 2012-11-13 21:52 - 00000206 ____A C:\Windows\System32\AddPort.ini
    2012-11-13 21:18 - 2012-11-13 21:54 - 00000000 ____D C:\Program Files (x86)\HP
    2012-11-13 21:18 - 2010-04-22 12:59 - 00977720 ____A (Hewlett-Packard) C:\Windows\System32\hpxp1530_x64.dll
    2012-11-13 21:18 - 2010-04-22 12:58 - 01151800 ____A (Hewlett-Packard) C:\Windows\System32\hpptsp06_x64.dll
    2012-11-13 21:18 - 2010-04-22 12:58 - 00752440 ____A (Hewlett-Packard) C:\Windows\SysWOW64\hpptsp06.dll
    2012-11-13 21:18 - 2010-04-22 12:58 - 00318264 ____A (Hewlett-Packard) C:\Windows\System32\hpbcoins64.dll
    2012-11-13 21:18 - 2010-04-22 12:58 - 00218936 ____A (Hewlett Packard) C:\Windows\System32\hppscancoins64.dll
    2012-11-13 21:18 - 2010-04-22 12:58 - 00003211 ____A C:\Windows\System32\hppls1530.spf
    2012-11-13 21:18 - 2010-03-25 09:29 - 00176128 ____A (Hewlett-Packard Corporation) C:\Windows\System32\hpcpn101.dll
    2012-11-13 21:18 - 2010-03-25 09:26 - 00305664 ____A (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3101.dll
    2012-11-13 21:18 - 2010-03-25 06:53 - 00086528 ____A (Hewlett-Packard) C:\Windows\System32\hppdcompio.dll
    2012-11-13 21:18 - 2010-03-25 06:52 - 00079872 ____A (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
    2012-11-13 21:18 - 2010-02-11 07:19 - 00491008 ____A (HP) C:\Windows\SysWOW64\hpcdmc32.dll
    2012-11-11 18:50 - 2012-11-11 18:50 - 20526868 ____A C:\Users\Josh\Desktop\20121104_200710.psd
    2012-11-11 17:31 - 2012-11-11 17:31 - 04424012 ____A C:\Users\Josh\Downloads\attachments (7).zip
    2012-11-11 17:30 - 2012-11-11 17:30 - 00000000 ____D C:\Users\Josh\Documents\Turbo Lister Backup
    2012-11-11 17:29 - 2012-11-11 17:29 - 04600781 ____A C:\Users\Josh\Downloads\attachments (6).zip
    2012-11-10 19:15 - 2012-11-10 19:26 - 89531559 ____A C:\Users\Josh\Downloads\Mana World Comics.rar
    2012-11-10 18:55 - 2012-11-10 18:58 - 06194857 ____A C:\Users\Josh\Downloads\Mana World Comics Chapter 5 1-16.rar
    2012-11-10 18:54 - 2012-11-10 18:54 - 17319508 ____A C:\Users\Josh\Downloads\[Hexamous] Mana World Comics Chapter 1.zip
    2012-11-10 18:35 - 2012-11-10 18:37 - 19129860 ____A C:\Users\Josh\Downloads\Takeda_Hiromitsu,_Kontama_Plus_(www.hentairules.net)_(English,_Uncensored).zip
    2012-11-10 18:19 - 2012-11-10 19:19 - 182191332 ____A C:\Users\Josh\Downloads\kans5_1s.rar
    2012-11-10 18:09 - 2012-11-10 19:01 - 160037428 ____A C:\Users\Josh\Downloads\stale2.rar
    2012-11-10 09:11 - 2012-11-10 09:11 - 00446386 ____A C:\Users\Josh\Downloads\Total Recall 2012 EXTENDED DC 720p BRRip XviD AC3 ViSiON.nzb
    2012-11-09 20:07 - 2012-11-09 20:07 - 00163023 ____A C:\Users\Josh\Downloads\American Horror Story S02E04 720p HDTV X264 DIMENSION.nzb
    2012-11-09 20:07 - 2012-11-09 20:07 - 00050292 ____A C:\Users\Josh\Downloads\American Horror Story S02E03 HDTV x264 LOL.nzb
    2012-11-09 19:20 - 2012-11-09 19:20 - 00245829 ____A C:\Users\Josh\Downloads\Snow White and the Huntsman 2012 Theatrical Cut BDRip XviD EXViD.nzb
    2012-11-09 08:55 - 2012-11-09 08:55 - 06931945 ____A C:\Users\Josh\Downloads\attachments (5).zip
    2012-11-08 06:14 - 2012-11-08 06:14 - 00030401 ____A C:\Users\Josh\Downloads\136285.tiff
    2012-11-04 23:57 - 2012-11-05 00:03 - 224882970 ____A C:\Users\Josh\Downloads\kkng_061_full-rtmp2000.mp4
    2012-11-04 23:56 - 2012-11-05 00:07 - 336553720 ____A C:\Users\Josh\Downloads\lb_014_full-rtmp2000.mp4
    2012-11-04 23:56 - 2012-11-05 00:07 - 266398007 ____A C:\Users\Josh\Downloads\sdaf_131_full-rtmp2000.mp4
    2012-11-04 20:04 - 2012-11-04 20:04 - 00000000 ____D C:\Users\Josh\AppData\Roaming\VC 2 Paradise Resort
    2012-11-04 20:04 - 2012-11-04 20:04 - 00000000 ____D C:\Users\Josh\AppData\Local\VC 2 Paradise Resort
    2012-11-04 20:03 - 2012-11-04 20:03 - 00002169 ____A C:\Users\UpdatusUser\Desktop\Virtual City 2.lnk
    2012-11-04 20:03 - 2012-11-04 20:03 - 00002169 ____A C:\Users\New Ebay account\Desktop\Virtual City 2.lnk
    2012-11-04 20:03 - 2012-11-04 20:03 - 00002169 ____A C:\Users\Josh\Desktop\Virtual City 2.lnk
    2012-11-04 20:03 - 2012-11-04 20:03 - 00002169 ____A C:\Users\Amber\Desktop\Virtual City 2.lnk
    2012-11-04 19:14 - 2012-11-04 20:02 - 01112563 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-virtualcity2paradiseresort_99988877-setup-1 (1).exe
    2012-11-04 19:11 - 2012-11-04 19:14 - 242575696 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-virtualcity2paradiseresort_99988877-setup-1.exe
    2012-11-04 19:08 - 2012-11-04 19:08 - 20015432 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-Zoo_Vet-setup.exe
    2012-11-04 19:08 - 2012-11-04 19:08 - 00002084 ____A C:\Users\UpdatusUser\Desktop\Zoo Vet.lnk
    2012-11-04 19:08 - 2012-11-04 19:08 - 00002084 ____A C:\Users\New Ebay account\Desktop\Zoo Vet.lnk
    2012-11-04 19:08 - 2012-11-04 19:08 - 00002084 ____A C:\Users\Josh\Desktop\Zoo Vet.lnk
    2012-11-04 19:08 - 2012-11-04 19:08 - 00002084 ____A C:\Users\Amber\Desktop\Zoo Vet.lnk
    2012-11-04 17:04 - 2012-11-04 17:05 - 04151073 ____A C:\Users\Josh\Downloads\attachments (4).zip
    2012-11-04 17:02 - 2012-11-04 17:02 - 04180580 ____A C:\Users\Josh\Downloads\attachments (3).zip
    2012-11-04 12:01 - 2012-11-04 12:01 - 00000000 ____D C:\Users\All Users\Playrix Entertainment
    2012-11-04 11:43 - 2012-11-04 11:43 - 00002346 ____A C:\Users\UpdatusUser\Desktop\Gardenscapes - Mansion Makeover.lnk
    2012-11-04 11:43 - 2012-11-04 11:43 - 00002346 ____A C:\Users\New Ebay account\Desktop\Gardenscapes - Mansion Makeover.lnk
    2012-11-04 11:43 - 2012-11-04 11:43 - 00002346 ____A C:\Users\Josh\Desktop\Gardenscapes - Mansion Makeover.lnk
    2012-11-04 11:43 - 2012-11-04 11:43 - 00002346 ____A C:\Users\Amber\Desktop\Gardenscapes - Mansion Makeover.lnk
    2012-11-04 11:39 - 2012-11-04 11:40 - 167430184 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-gardenscapesmansionmakeover-510006029-setup.exe
    2012-11-04 11:15 - 2012-11-04 11:15 - 00002097 ____A C:\Users\UpdatusUser\Desktop\Cat Wash.lnk
    2012-11-04 11:15 - 2012-11-04 11:15 - 00002097 ____A C:\Users\New Ebay account\Desktop\Cat Wash.lnk
    2012-11-04 11:15 - 2012-11-04 11:15 - 00002097 ____A C:\Users\Josh\Desktop\Cat Wash.lnk
    2012-11-04 11:15 - 2012-11-04 11:15 - 00002097 ____A C:\Users\Amber\Desktop\Cat Wash.lnk
    2012-11-04 11:15 - 2012-11-04 11:15 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Mean Hamster Software
    2012-11-04 11:15 - 2012-11-04 11:15 - 00000000 ____D C:\Users\All Users\Mean Hamster Software
    2012-11-04 11:06 - 2012-11-04 11:07 - 46565800 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-cat_wash_54812155-setup-2.exe
    2012-11-01 19:13 - 2012-11-01 19:13 - 00242507 ____A C:\Users\Josh\Downloads\American Horror Story S02E03 1080p WEB DL DD5 1 H 264 HoodBag.nzb
    2012-10-30 21:58 - 2012-10-30 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-29 16:43 - 2012-10-29 16:43 - 00169436 ____A C:\Users\Josh\Downloads\American Horror Story S02E01 720p HDTV X264 DIMENSION.nzb
    2012-10-29 16:43 - 2012-10-29 16:43 - 00138849 ____A C:\Users\Josh\Downloads\American Horror Story S02E02 720p HDTV X264 DIMENSION.nzb
    2012-10-29 06:51 - 2012-10-29 06:51 - 00002203 ____A C:\Users\UpdatusUser\Desktop\Burger Time Deluxe.lnk
    2012-10-29 06:51 - 2012-10-29 06:51 - 00002203 ____A C:\Users\New Ebay account\Desktop\Burger Time Deluxe.lnk
    2012-10-29 06:51 - 2012-10-29 06:51 - 00002203 ____A C:\Users\Josh\Desktop\Burger Time Deluxe.lnk
    2012-10-29 06:51 - 2012-10-29 06:51 - 00002203 ____A C:\Users\Amber\Desktop\Burger Time Deluxe.lnk
    2012-10-29 06:51 - 2012-10-29 06:51 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Namco
    2012-10-29 06:51 - 2012-10-29 06:51 - 00000000 ____D C:\Users\All Users\Namco
    2012-10-29 06:50 - 2012-10-29 06:50 - 43172736 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-burger_time_deluxe-setup.exe
    2012-10-28 20:32 - 2012-10-28 20:32 - 00038540 ____A C:\Users\Josh\Downloads\01-Jan-2011_to_31-Dec-2011.csv
    2012-10-28 09:13 - 2012-10-28 09:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-10-27 22:58 - 2012-10-27 22:58 - 00000000 ____D C:\Users\Josh\Documents\Turbo Lister
    2012-10-27 07:36 - 2012-10-27 07:36 - 00000048 ____A C:\MyUpdateLogs.log
    2012-10-27 07:28 - 2012-10-27 07:28 - 00000398 ____A C:\InstallHelper.log
    2012-10-27 07:28 - 2012-10-27 07:28 - 00000000 ____D C:\Users\All Users\eBay
    2012-10-27 07:28 - 2012-10-27 07:28 - 00000000 ____D C:\Program Files (x86)\eBay
    2012-10-27 07:25 - 2012-10-27 07:27 - 37150744 ____A (eBay Inc. ) C:\Users\Josh\Downloads\setupIN.exe
    2012-10-23 03:26 - 2012-11-04 20:03 - 00001162 ____A C:\Users\New Ebay account\Desktop\Yahoo! Games - Games And Online Games.lnk
    2012-10-23 03:26 - 2012-10-23 03:26 - 00002128 ____A C:\Users\UpdatusUser\Desktop\Isla Dorada.lnk
    2012-10-23 03:26 - 2012-10-23 03:26 - 00002128 ____A C:\Users\New Ebay account\Desktop\Isla Dorada.lnk
    2012-10-23 03:26 - 2012-10-23 03:26 - 00002128 ____A C:\Users\Amber\Desktop\Isla Dorada.lnk
    2012-10-23 03:26 - 2012-10-23 03:26 - 00000000 ____D C:\Users\Josh\Documents\Green Gamer
    2012-10-23 03:24 - 2012-10-23 03:25 - 225966752 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\isladoradathesandsofephranis_510006623_setup.exe
    2012-10-22 19:04 - 2012-11-11 19:02 - 00000000 ____D C:\Users\Josh\Desktop\pics
    2012-10-22 19:04 - 2012-10-22 19:04 - 19564151 ____A C:\Users\Josh\Downloads\attachments (1).zip
    2012-10-22 19:04 - 2012-10-22 19:04 - 05539272 ____A C:\Users\Josh\Downloads\attachments (2).zip
    2012-10-22 19:03 - 2012-10-22 19:03 - 07389171 ____A C:\Users\Josh\Downloads\attachments.zip
    2012-10-20 15:44 - 2012-10-20 15:44 - 00000000 ____D C:\Users\Josh\Downloads\usb110511
    2012-10-20 15:42 - 2012-10-20 15:42 - 04278747 ____A C:\Users\Josh\Downloads\usb110511.zip
    2012-10-20 10:30 - 2012-10-20 10:30 - 02959344 ____A (Stellar Information Systems Ltd ) C:\Users\Josh\Downloads\PasswordRecovery (1).exe
    2012-10-20 10:29 - 2012-10-20 10:29 - 02959344 ____A (Stellar Information Systems Ltd ) C:\Users\Josh\Downloads\PasswordRecovery.exe
    2012-10-20 10:27 - 2012-10-20 10:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-10-19 22:30 - 2012-10-19 22:30 - 00000356 ____A C:\Users\Josh\Downloads\[isoHunt] 4D7FF34173B603D70DA9FE7052ACA001349650A5.torrent
    2012-10-18 22:06 - 2012-10-18 22:07 - 00000000 ____D C:\Users\Josh\AppData\Roaming\CDisplayEx
    2012-10-18 22:06 - 2012-10-18 22:06 - 05749280 ____A (Henri Gourvest. ) C:\Users\Josh\Downloads\CDisplayEx_V1.8.exe
    2012-10-18 22:06 - 2012-10-18 22:06 - 00000000 ____D C:\Program Files (x86)\CDisplayEx
    2012-10-18 22:03 - 2012-10-18 22:03 - 00012333 ____A C:\Users\Josh\Downloads\[isoHunt] X-MEN SCHISM Complete (2011) (Empire).torrent
    2012-10-18 21:58 - 2012-10-18 21:58 - 00020365 ____A C:\Users\Josh\Downloads\[isoHunt] Age of X.torrent
    2012-10-18 21:52 - 2012-10-18 21:52 - 00070634 ____A C:\Users\Josh\Downloads\[isoHunt] Fantastic_Four.6221604.TPB.torrent
    2012-10-18 20:21 - 2012-10-18 20:21 - 00000162 ___AH C:\Users\Josh\Downloads\~$rsing Care Plan
    2012-10-18 20:02 - 2012-10-18 20:02 - 00072192 ____A C:\Users\Josh\Downloads\Nursing Care Plan
    2012-10-17 21:17 - 2012-10-17 21:17 - 01876931 ____A C:\Users\Josh\Desktop\The Twelve (Book Two of The Passage Tril - Justin Cronin.mobi
    2012-10-17 21:12 - 2012-10-17 21:12 - 03076321 ____A C:\Users\Josh\Desktop\The Twelve (Book Two of The Passage Tril - Justin Cronin.epub
    2012-10-16 22:09 - 2012-10-16 22:09 - 00000000 ____D C:\Users\Josh\Desktop\The Twelve - Justin Cronin
    2012-10-16 22:07 - 2012-10-17 22:25 - 00000000 ____D C:\Users\Josh\Documents\Calibre Library
    2012-10-16 22:07 - 2012-10-17 21:21 - 00000000 ____D C:\Users\Josh\AppData\Roaming\calibre
    2012-10-16 22:07 - 2012-10-16 22:07 - 00000995 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
    2012-10-16 22:07 - 2012-10-16 22:07 - 00000000 ____D C:\Program Files (x86)\Calibre2
    2012-10-16 22:06 - 2012-10-16 22:06 - 50139648 ____A C:\Users\Josh\Downloads\calibre-0.9.2.msi
    2012-10-16 22:04 - 2012-10-16 22:05 - 04723935 ____A C:\Users\Josh\Downloads\JC_TT.zip
    2012-10-16 05:59 - 2012-10-16 06:04 - 00001067 ____A C:\Users\Public\Desktop\PSWizard.lnk
    2012-10-16 05:59 - 2012-10-16 06:04 - 00000000 ____D C:\Program Files (x86)\Network Print Monitor
    2012-10-16 05:52 - 2012-10-16 05:52 - 10349030 ____A C:\Users\Josh\Downloads\IOGEAR_GPSU21_v2.zip
    ==================== One Month Modified Files and Folders =======
    2012-11-14 04:02 - 2012-11-14 04:02 - 00000000 ____D C:\FRST
    2012-11-14 00:58 - 2009-07-13 21:13 - 00729578 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-14 00:56 - 2009-07-13 20:45 - 00015328 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-14 00:56 - 2009-07-13 20:45 - 00015328 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-14 00:48 - 2012-09-19 20:42 - 00010958 ____A C:\Users\Josh\Desktop\aswMBR.txt
    2012-11-14 00:48 - 2012-09-19 20:42 - 00000512 ____A C:\Users\Josh\Desktop\MBR.dat
    2012-11-14 00:45 - 2012-11-14 00:44 - 04732416 ____A (AVAST Software) C:\Users\Josh\Desktop\aswMBR.exe.cbb0qm3.partial
    2012-11-14 00:43 - 2012-11-14 00:43 - 00002633 ____A C:\Users\Josh\Desktop\RKreport[4]_D_11142012_02d0343.txt
    2012-11-14 00:43 - 2012-11-14 00:43 - 00002589 ____A C:\Users\Josh\Desktop\RKreport[3]_S_11142012_02d0343.txt
    2012-11-14 00:43 - 2012-09-19 20:36 - 00000000 ____D C:\Users\Josh\Desktop\RK_Quarantine
    2012-11-14 00:42 - 2012-11-14 00:42 - 00673280 ____A C:\Users\Josh\Desktop\RogueKiller.exe
    2012-11-14 00:40 - 2012-09-12 21:51 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728356122-4016808283-4161673576-1000UA.job
    2012-11-14 00:39 - 2012-11-14 00:39 - 02195061 ____A C:\Users\Josh\Downloads\tdsskiller.zip
    2012-11-14 00:30 - 2012-07-16 12:05 - 01698181 ____A C:\Windows\WindowsUpdate.log
    2012-11-14 00:26 - 2012-11-14 00:26 - 00302592 ____A C:\Users\Josh\Desktop\dqdn3zl8.exe
    2012-11-14 00:20 - 2012-07-18 17:15 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment
    2012-11-14 00:20 - 2012-07-17 07:27 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-14 00:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-14 00:19 - 2012-07-16 11:33 - 00021346 ____A C:\Windows\PFRO.log
    2012-11-14 00:19 - 2012-07-16 10:01 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-11-14 00:19 - 2009-07-13 20:51 - 00022044 ____A C:\Windows\setupact.log
    2012-11-14 00:18 - 2012-09-13 03:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-14 00:17 - 2012-09-19 18:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-14 00:01 - 2012-07-17 07:27 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-13 23:55 - 2012-07-17 09:58 - 00000000 ____D C:\Users\Josh\AppData\Roaming\uTorrent
    2012-11-13 23:54 - 2012-11-13 23:53 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad
    2012-11-13 23:00 - 2012-07-17 08:57 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
    2012-11-13 21:55 - 2012-11-13 21:55 - 00000000 __SHD C:\Windows\ftpcache
    2012-11-13 21:55 - 2012-11-13 21:55 - 00000000 ____D C:\Users\Josh\AppData\Local\HP
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000608 __ASH C:\Windows\System32\winzvprt5.sys
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000256 ____A C:\Windows\System32\hppfaxprinter5.ini
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000000 ____D C:\Users\Public\Documents\HP
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000000 ____D C:\Users\All Users\HP
    2012-11-13 21:54 - 2012-11-13 21:54 - 00000000 ____D C:\Program Files\HP
    2012-11-13 21:54 - 2012-11-13 21:18 - 00000000 ____D C:\Program Files (x86)\HP
    2012-11-13 21:53 - 2012-11-13 21:53 - 00001231 ____A C:\Users\Public\Desktop\HP LJ M1530 Scan.lnk
    2012-11-13 21:53 - 2012-11-13 21:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Hewlett-Packard Company
    2012-11-13 21:53 - 2012-11-13 21:52 - 00000121 ____A C:\Windows\SysWOW64\msiexec.log
    2012-11-13 21:53 - 2012-11-13 21:52 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
    2012-11-13 21:52 - 2012-11-13 21:52 - 00001367 ____A C:\Users\Public\Desktop\HP LaserJet Pro M1530 Series Help & Learn Center.lnk
    2012-11-13 21:52 - 2012-11-13 21:52 - 00000206 ____A C:\Windows\System32\AddPort.ini
    2012-11-13 20:19 - 2012-08-03 19:17 - 00000000 ___RD C:\Users\Josh\Documents\My TiVo Recordings
    2012-11-13 04:40 - 2012-09-12 21:51 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728356122-4016808283-4161673576-1000Core.job
    2012-11-12 20:46 - 2012-09-06 05:52 - 00000000 ____D C:\Users\Josh\Desktop\amber crap
    2012-11-12 20:45 - 2012-07-18 19:29 - 00000000 ____D C:\Users\Josh\Desktop\Ebay
    2012-11-11 19:02 - 2012-10-22 19:04 - 00000000 ____D C:\Users\Josh\Desktop\pics
    2012-11-11 18:50 - 2012-11-11 18:50 - 20526868 ____A C:\Users\Josh\Desktop\20121104_200710.psd
    2012-11-11 17:31 - 2012-11-11 17:31 - 04424012 ____A C:\Users\Josh\Downloads\attachments (7).zip
    2012-11-11 17:30 - 2012-11-11 17:30 - 00000000 ____D C:\Users\Josh\Documents\Turbo Lister Backup
    2012-11-11 17:29 - 2012-11-11 17:29 - 04600781 ____A C:\Users\Josh\Downloads\attachments (6).zip
    2012-11-10 19:26 - 2012-11-10 19:15 - 89531559 ____A C:\Users\Josh\Downloads\Mana World Comics.rar
    2012-11-10 19:23 - 2012-07-19 21:44 - 00000000 ____D C:\Users\Josh\AppData\Roaming\vlc
    2012-11-10 19:19 - 2012-11-10 18:19 - 182191332 ____A C:\Users\Josh\Downloads\kans5_1s.rar
    2012-11-10 19:01 - 2012-11-10 18:09 - 160037428 ____A C:\Users\Josh\Downloads\stale2.rar
    2012-11-10 18:58 - 2012-11-10 18:55 - 06194857 ____A C:\Users\Josh\Downloads\Mana World Comics Chapter 5 1-16.rar
    2012-11-10 18:54 - 2012-11-10 18:54 - 17319508 ____A C:\Users\Josh\Downloads\[Hexamous] Mana World Comics Chapter 1.zip
    2012-11-10 18:37 - 2012-11-10 18:35 - 19129860 ____A C:\Users\Josh\Downloads\Takeda_Hiromitsu,_Kontama_Plus_(www.hentairules.net)_(English,_Uncensored).zip
    2012-11-10 09:11 - 2012-11-10 09:11 - 00446386 ____A C:\Users\Josh\Downloads\Total Recall 2012 EXTENDED DC 720p BRRip XviD AC3 ViSiON.nzb
    2012-11-09 20:07 - 2012-11-09 20:07 - 00163023 ____A C:\Users\Josh\Downloads\American Horror Story S02E04 720p HDTV X264 DIMENSION.nzb
    2012-11-09 20:07 - 2012-11-09 20:07 - 00050292 ____A C:\Users\Josh\Downloads\American Horror Story S02E03 HDTV x264 LOL.nzb
    2012-11-09 19:20 - 2012-11-09 19:20 - 00245829 ____A C:\Users\Josh\Downloads\Snow White and the Huntsman 2012 Theatrical Cut BDRip XviD EXViD.nzb
    2012-11-09 08:55 - 2012-11-09 08:55 - 06931945 ____A C:\Users\Josh\Downloads\attachments (5).zip
    2012-11-08 06:14 - 2012-11-08 06:14 - 00030401 ____A C:\Users\Josh\Downloads\136285.tiff
    2012-11-07 14:01 - 2012-07-17 07:28 - 00002378 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-11-05 06:36 - 2012-07-19 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-11-05 00:07 - 2012-11-04 23:56 - 336553720 ____A C:\Users\Josh\Downloads\lb_014_full-rtmp2000.mp4
    2012-11-05 00:07 - 2012-11-04 23:56 - 266398007 ____A C:\Users\Josh\Downloads\sdaf_131_full-rtmp2000.mp4
    2012-11-05 00:03 - 2012-11-04 23:57 - 224882970 ____A C:\Users\Josh\Downloads\kkng_061_full-rtmp2000.mp4
    2012-11-04 20:04 - 2012-11-04 20:04 - 00000000 ____D C:\Users\Josh\AppData\Roaming\VC 2 Paradise Resort
    2012-11-04 20:04 - 2012-11-04 20:04 - 00000000 ____D C:\Users\Josh\AppData\Local\VC 2 Paradise Resort
    2012-11-04 20:03 - 2012-11-04 20:03 - 00002169 ____A C:\Users\UpdatusUser\Desktop\Virtual City 2.lnk
    2012-11-04 20:03 - 2012-11-04 20:03 - 00002169 ____A C:\Users\New Ebay account\Desktop\Virtual City 2.lnk
    2012-11-04 20:03 - 2012-11-04 20:03 - 00002169 ____A C:\Users\Josh\Desktop\Virtual City 2.lnk
    2012-11-04 20:03 - 2012-11-04 20:03 - 00002169 ____A C:\Users\Amber\Desktop\Virtual City 2.lnk
    2012-11-04 20:03 - 2012-10-23 03:26 - 00001162 ____A C:\Users\New Ebay account\Desktop\Yahoo! Games - Games And Online Games.lnk
    2012-11-04 20:03 - 2012-07-21 06:15 - 00001162 ____A C:\Users\UpdatusUser\Desktop\Yahoo! Games - Games And Online Games.lnk
    2012-11-04 20:03 - 2012-07-21 06:15 - 00001162 ____A C:\Users\Josh\Desktop\Yahoo! Games - Games And Online Games.lnk
    2012-11-04 20:03 - 2012-07-21 06:15 - 00001162 ____A C:\Users\Amber\Desktop\Yahoo! Games - Games And Online Games.lnk
    2012-11-04 20:03 - 2012-07-21 06:14 - 00000000 ____D C:\Program Files (x86)\Yahoo! Games
    2012-11-04 20:03 - 2012-07-21 06:14 - 00000000 ____D C:\Program Files (x86)\Oberon Media
    2012-11-04 20:02 - 2012-11-04 19:14 - 01112563 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-virtualcity2paradiseresort_99988877-setup-1 (1).exe
    2012-11-04 19:14 - 2012-11-04 19:11 - 242575696 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-virtualcity2paradiseresort_99988877-setup-1.exe
    2012-11-04 19:08 - 2012-11-04 19:08 - 20015432 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-Zoo_Vet-setup.exe
    2012-11-04 19:08 - 2012-11-04 19:08 - 00002084 ____A C:\Users\UpdatusUser\Desktop\Zoo Vet.lnk
    2012-11-04 19:08 - 2012-11-04 19:08 - 00002084 ____A C:\Users\New Ebay account\Desktop\Zoo Vet.lnk
    2012-11-04 19:08 - 2012-11-04 19:08 - 00002084 ____A C:\Users\Josh\Desktop\Zoo Vet.lnk
    2012-11-04 19:08 - 2012-11-04 19:08 - 00002084 ____A C:\Users\Amber\Desktop\Zoo Vet.lnk
    2012-11-04 17:05 - 2012-11-04 17:04 - 04151073 ____A C:\Users\Josh\Downloads\attachments (4).zip
    2012-11-04 17:02 - 2012-11-04 17:02 - 04180580 ____A C:\Users\Josh\Downloads\attachments (3).zip
    2012-11-04 12:01 - 2012-11-04 12:01 - 00000000 ____D C:\Users\All Users\Playrix Entertainment
    2012-11-04 11:43 - 2012-11-04 11:43 - 00002346 ____A C:\Users\UpdatusUser\Desktop\Gardenscapes - Mansion Makeover.lnk
    2012-11-04 11:43 - 2012-11-04 11:43 - 00002346 ____A C:\Users\New Ebay account\Desktop\Gardenscapes - Mansion Makeover.lnk
    2012-11-04 11:43 - 2012-11-04 11:43 - 00002346 ____A C:\Users\Josh\Desktop\Gardenscapes - Mansion Makeover.lnk
    2012-11-04 11:43 - 2012-11-04 11:43 - 00002346 ____A C:\Users\Amber\Desktop\Gardenscapes - Mansion Makeover.lnk
    2012-11-04 11:40 - 2012-11-04 11:39 - 167430184 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-gardenscapesmansionmakeover-510006029-setup.exe
    2012-11-04 11:15 - 2012-11-04 11:15 - 00002097 ____A C:\Users\UpdatusUser\Desktop\Cat Wash.lnk
    2012-11-04 11:15 - 2012-11-04 11:15 - 00002097 ____A C:\Users\New Ebay account\Desktop\Cat Wash.lnk
    2012-11-04 11:15 - 2012-11-04 11:15 - 00002097 ____A C:\Users\Josh\Desktop\Cat Wash.lnk
    2012-11-04 11:15 - 2012-11-04 11:15 - 00002097 ____A C:\Users\Amber\Desktop\Cat Wash.lnk
    2012-11-04 11:15 - 2012-11-04 11:15 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Mean Hamster Software
    2012-11-04 11:15 - 2012-11-04 11:15 - 00000000 ____D C:\Users\All Users\Mean Hamster Software
    2012-11-04 11:07 - 2012-11-04 11:06 - 46565800 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-cat_wash_54812155-setup-2.exe
    2012-11-03 15:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-11-03 15:40 - 2012-07-19 21:18 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Mozilla
    2012-11-01 19:13 - 2012-11-01 19:13 - 00242507 ____A C:\Users\Josh\Downloads\American Horror Story S02E03 1080p WEB DL DD5 1 H 264 HoodBag.nzb
    2012-10-30 21:58 - 2012-10-30 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-30 10:25 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2012-10-29 16:43 - 2012-10-29 16:43 - 00169436 ____A C:\Users\Josh\Downloads\American Horror Story S02E01 720p HDTV X264 DIMENSION.nzb
    2012-10-29 16:43 - 2012-10-29 16:43 - 00138849 ____A C:\Users\Josh\Downloads\American Horror Story S02E02 720p HDTV X264 DIMENSION.nzb
    2012-10-29 06:51 - 2012-10-29 06:51 - 00002203 ____A C:\Users\UpdatusUser\Desktop\Burger Time Deluxe.lnk
    2012-10-29 06:51 - 2012-10-29 06:51 - 00002203 ____A C:\Users\New Ebay account\Desktop\Burger Time Deluxe.lnk
    2012-10-29 06:51 - 2012-10-29 06:51 - 00002203 ____A C:\Users\Josh\Desktop\Burger Time Deluxe.lnk
    2012-10-29 06:51 - 2012-10-29 06:51 - 00002203 ____A C:\Users\Amber\Desktop\Burger Time Deluxe.lnk
    2012-10-29 06:51 - 2012-10-29 06:51 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Namco
    2012-10-29 06:51 - 2012-10-29 06:51 - 00000000 ____D C:\Users\All Users\Namco
    2012-10-29 06:50 - 2012-10-29 06:50 - 43172736 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\yahoo-burger_time_deluxe-setup.exe
    2012-10-28 20:32 - 2012-10-28 20:32 - 00038540 ____A C:\Users\Josh\Downloads\01-Jan-2011_to_31-Dec-2011.csv
    2012-10-28 09:18 - 2012-09-06 05:53 - 00000000 ____D C:\Users\Josh\Desktop\games
    2012-10-28 09:13 - 2012-10-28 09:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-10-27 22:58 - 2012-10-27 22:58 - 00000000 ____D C:\Users\Josh\Documents\Turbo Lister
    2012-10-27 07:36 - 2012-10-27 07:36 - 00000048 ____A C:\MyUpdateLogs.log
    2012-10-27 07:28 - 2012-10-27 07:28 - 00000398 ____A C:\InstallHelper.log
    2012-10-27 07:28 - 2012-10-27 07:28 - 00000000 ____D C:\Users\All Users\eBay
    2012-10-27 07:28 - 2012-10-27 07:28 - 00000000 ____D C:\Program Files (x86)\eBay
    2012-10-27 07:27 - 2012-10-27 07:25 - 37150744 ____A (eBay Inc. ) C:\Users\Josh\Downloads\setupIN.exe
    2012-10-25 19:54 - 2012-07-17 07:27 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Adobe
    2012-10-25 19:34 - 2012-07-16 09:06 - 00000000 ____D C:\users\Josh
    2012-10-23 03:26 - 2012-10-23 03:26 - 00002128 ____A C:\Users\UpdatusUser\Desktop\Isla Dorada.lnk
    2012-10-23 03:26 - 2012-10-23 03:26 - 00002128 ____A C:\Users\New Ebay account\Desktop\Isla Dorada.lnk
    2012-10-23 03:26 - 2012-10-23 03:26 - 00002128 ____A C:\Users\Amber\Desktop\Isla Dorada.lnk
    2012-10-23 03:26 - 2012-10-23 03:26 - 00000000 ____D C:\Users\Josh\Documents\Green Gamer
    2012-10-23 03:25 - 2012-10-23 03:24 - 225966752 ____A (Oberon Media Inc.) C:\Users\Josh\Downloads\isladoradathesandsofephranis_510006623_setup.exe
    2012-10-22 19:04 - 2012-10-22 19:04 - 19564151 ____A C:\Users\Josh\Downloads\attachments (1).zip
    2012-10-22 19:04 - 2012-10-22 19:04 - 05539272 ____A C:\Users\Josh\Downloads\attachments (2).zip
    2012-10-22 19:03 - 2012-10-22 19:03 - 07389171 ____A C:\Users\Josh\Downloads\attachments.zip
    2012-10-20 15:44 - 2012-10-20 15:44 - 00000000 ____D C:\Users\Josh\Downloads\usb110511
    2012-10-20 15:42 - 2012-10-20 15:42 - 04278747 ____A C:\Users\Josh\Downloads\usb110511.zip
    2012-10-20 10:30 - 2012-10-20 10:30 - 02959344 ____A (Stellar Information Systems Ltd ) C:\Users\Josh\Downloads\PasswordRecovery (1).exe
    2012-10-20 10:29 - 2012-10-20 10:29 - 02959344 ____A (Stellar Information Systems Ltd ) C:\Users\Josh\Downloads\PasswordRecovery.exe
    2012-10-20 10:27 - 2012-10-20 10:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-10-19 22:30 - 2012-10-19 22:30 - 00000356 ____A C:\Users\Josh\Downloads\[isoHunt] 4D7FF34173B603D70DA9FE7052ACA001349650A5.torrent
    2012-10-18 22:07 - 2012-10-18 22:06 - 00000000 ____D C:\Users\Josh\AppData\Roaming\CDisplayEx
    2012-10-18 22:06 - 2012-10-18 22:06 - 05749280 ____A (Henri Gourvest. ) C:\Users\Josh\Downloads\CDisplayEx_V1.8.exe
    2012-10-18 22:06 - 2012-10-18 22:06 - 00000000 ____D C:\Program Files (x86)\CDisplayEx
    2012-10-18 22:03 - 2012-10-18 22:03 - 00012333 ____A C:\Users\Josh\Downloads\[isoHunt] X-MEN SCHISM Complete (2011) (Empire).torrent
    2012-10-18 21:58 - 2012-10-18 21:58 - 00020365 ____A C:\Users\Josh\Downloads\[isoHunt] Age of X.torrent
    2012-10-18 21:52 - 2012-10-18 21:52 - 00070634 ____A C:\Users\Josh\Downloads\[isoHunt] Fantastic_Four.6221604.TPB.torrent
    2012-10-18 20:21 - 2012-10-18 20:21 - 00000162 ___AH C:\Users\Josh\Downloads\~$rsing Care Plan
    2012-10-18 20:02 - 2012-10-18 20:02 - 00072192 ____A C:\Users\Josh\Downloads\Nursing Care Plan
    2012-10-17 22:25 - 2012-10-16 22:07 - 00000000 ____D C:\Users\Josh\Documents\Calibre Library
    2012-10-17 21:21 - 2012-10-16 22:07 - 00000000 ____D C:\Users\Josh\AppData\Roaming\calibre
    2012-10-17 21:17 - 2012-10-17 21:17 - 01876931 ____A C:\Users\Josh\Desktop\The Twelve (Book Two of The Passage Tril - Justin Cronin.mobi
    2012-10-17 21:12 - 2012-10-17 21:12 - 03076321 ____A C:\Users\Josh\Desktop\The Twelve (Book Two of The Passage Tril - Justin Cronin.epub
    2012-10-16 22:09 - 2012-10-16 22:09 - 00000000 ____D C:\Users\Josh\Desktop\The Twelve - Justin Cronin
    2012-10-16 22:07 - 2012-10-16 22:07 - 00000995 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
    2012-10-16 22:07 - 2012-10-16 22:07 - 00000000 ____D C:\Program Files (x86)\Calibre2
    2012-10-16 22:06 - 2012-10-16 22:06 - 50139648 ____A C:\Users\Josh\Downloads\calibre-0.9.2.msi
    2012-10-16 22:05 - 2012-10-16 22:04 - 04723935 ____A C:\Users\Josh\Downloads\JC_TT.zip
    2012-10-16 06:04 - 2012-10-16 05:59 - 00001067 ____A C:\Users\Public\Desktop\PSWizard.lnk
    2012-10-16 06:04 - 2012-10-16 05:59 - 00000000 ____D C:\Program Files (x86)\Network Print Monitor
    2012-10-16 05:52 - 2012-10-16 05:52 - 10349030 ____A C:\Users\Josh\Downloads\IOGEAR_GPSU21_v2.zip
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 9%
    Total physical RAM: 8152.22 MB
    Available physical RAM: 7358.48 MB
    Total Pagefile: 8150.37 MB
    Available Pagefile: 7361.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:59.53 GB) (Free:3.64 GB) NTFS
    2 Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:120.33 GB) NTFS
    3 Drive e: (DATA) (Fixed) (Total:931.5 GB) (Free:692.71 GB) NTFS
    4 Drive f: (DATA) (Fixed) (Total:1863.01 GB) (Free:252.92 GB) NTFS
    5 Drive h: (LJM1530) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
    6 Drive I: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 59 GB 0 B
    Disk 1 Online 465 GB 1024 KB
    Disk 2 Online 931 GB 8 MB
    Disk 3 Online 1863 GB 9 MB
    Disk 4 Online 3817 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 59 GB 101 MB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 59 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D New Volume NTFS Partition 465 GB Healthy
    =========================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E DATA NTFS Partition 931 GB Healthy
    =========================================================
    Partitions of Disk 3:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 31 KB
    ==================================================================================
    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F DATA NTFS Partition 1863 GB Healthy
    =========================================================
    Partitions of Disk 4:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3813 MB 4032 KB
    ==================================================================================
    Disk: 4
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT32 Removable 3813 MB Healthy
    =========================================================
    Last Boot: 2012-11-05 11:21
    ==================== End Of Log =============================
     
  12. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    Farbar Recovery Scan Tool (x64) Version: 12-11-2012
    Ran by SYSTEM at 2012-11-14 04:03:43
    Running from I:\
    ================== Search: "services.exe" ===================
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Looks like quite a few scans were run. Please do the following next:

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  14. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    03:22:29.0958 7496 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    03:22:30.0239 7496 ============================================================
    03:22:30.0239 7496 Current date / time: 2012/11/16 03:22:30.0239
    03:22:30.0240 7496 SystemInfo:
    03:22:30.0240 7496
    03:22:30.0240 7496 OS Version: 6.1.7601 ServicePack: 1.0
    03:22:30.0240 7496 Product type: Workstation
    03:22:30.0240 7496 ComputerName: JOSH-PC
    03:22:30.0240 7496 UserName: Josh
    03:22:30.0240 7496 Windows directory: C:\Windows
    03:22:30.0240 7496 System windows directory: C:\Windows
    03:22:30.0240 7496 Running under WOW64
    03:22:30.0240 7496 Processor architecture: Intel x64
    03:22:30.0240 7496 Number of processors: 4
    03:22:30.0240 7496 Page size: 0x1000
    03:22:30.0240 7496 Boot type: Normal boot
    03:22:30.0240 7496 ============================================================
    03:22:30.0477 7496 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:22:30.0489 7496 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:22:30.0491 7496 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    03:22:40.0466 7496 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K1', Flags 0x00000040
    03:22:40.0493 7496 Drive \Device\Harddisk4\DR4 - Size: 0xEE998000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    03:22:40.0496 7496 ============================================================
    03:22:40.0496 7496 \Device\Harddisk0\DR0:
    03:22:40.0497 7496 MBR partitions:
    03:22:40.0497 7496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    03:22:40.0497 7496 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
    03:22:40.0497 7496 \Device\Harddisk1\DR1:
    03:22:40.0497 7496 MBR partitions:
    03:22:40.0497 7496 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
    03:22:40.0497 7496 \Device\Harddisk2\DR2:
    03:22:40.0498 7496 MBR partitions:
    03:22:40.0498 7496 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
    03:22:40.0498 7496 \Device\Harddisk3\DR3:
    03:22:40.0498 7496 MBR partitions:
    03:22:40.0498 7496 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
    03:22:40.0498 7496 \Device\Harddisk4\DR4:
    03:22:40.0500 7496 MBR partitions:
    03:22:40.0500 7496 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x772D40
    03:22:40.0500 7496 ============================================================
    03:22:40.0501 7496 C: <-> \Device\Harddisk0\DR0\Partition2
    03:22:40.0523 7496 E: <-> \Device\Harddisk1\DR1\Partition1
    03:22:40.0525 7496 F: <-> \Device\Harddisk2\DR2\Partition1
    03:22:40.0566 7496 G: <-> \Device\Harddisk3\DR3\Partition1
    03:22:40.0566 7496 ============================================================
    03:22:40.0566 7496 Initialize success
    03:22:40.0567 7496 ============================================================
    03:23:15.0219 7296 ============================================================
    03:23:15.0219 7296 Scan started
    03:23:15.0219 7296 Mode: Manual; SigCheck; TDLFS;
    03:23:15.0219 7296 ============================================================
    03:23:25.0050 7296 ================ Scan system memory ========================
    03:23:25.0050 7296 System memory - ok
    03:23:25.0050 7296 ================ Scan services =============================
    03:23:25.0084 7296 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    03:23:25.0121 7296 1394ohci - ok
    03:23:25.0126 7296 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    03:23:25.0138 7296 ACPI - ok
    03:23:25.0140 7296 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    03:23:25.0156 7296 AcpiPmi - ok
    03:23:25.0160 7296 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    03:23:25.0165 7296 AdobeARMservice - ok
    03:23:25.0184 7296 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    03:23:25.0191 7296 AdobeFlashPlayerUpdateSvc - ok
    03:23:25.0196 7296 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    03:23:25.0208 7296 adp94xx - ok
    03:23:25.0212 7296 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    03:23:25.0221 7296 adpahci - ok
    03:23:25.0224 7296 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    03:23:25.0231 7296 adpu320 - ok
    03:23:25.0236 7296 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    03:23:25.0273 7296 AeLookupSvc - ok
    03:23:25.0279 7296 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    03:23:25.0291 7296 AFD - ok
    03:23:25.0294 7296 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    03:23:25.0299 7296 agp440 - ok
    03:23:25.0302 7296 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    03:23:25.0312 7296 ALG - ok
    03:23:25.0314 7296 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    03:23:25.0319 7296 aliide - ok
    03:23:25.0322 7296 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    03:23:25.0327 7296 amdide - ok
    03:23:25.0330 7296 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    03:23:25.0339 7296 AmdK8 - ok
    03:23:25.0342 7296 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    03:23:25.0350 7296 AmdPPM - ok
    03:23:25.0353 7296 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    03:23:25.0359 7296 amdsata - ok
    03:23:25.0363 7296 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    03:23:25.0370 7296 amdsbs - ok
    03:23:25.0372 7296 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    03:23:25.0377 7296 amdxata - ok
    03:23:25.0380 7296 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    03:23:25.0422 7296 AppID - ok
    03:23:25.0425 7296 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    03:23:25.0445 7296 AppIDSvc - ok
    03:23:25.0448 7296 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    03:23:25.0466 7296 Appinfo - ok
    03:23:25.0469 7296 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    03:23:25.0475 7296 arc - ok
    03:23:25.0479 7296 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    03:23:25.0485 7296 arcsas - ok
    03:23:25.0487 7296 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    03:23:25.0506 7296 AsyncMac - ok
    03:23:25.0508 7296 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    03:23:25.0513 7296 atapi - ok
    03:23:25.0519 7296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    03:23:25.0543 7296 AudioEndpointBuilder - ok
    03:23:25.0548 7296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    03:23:25.0569 7296 AudioSrv - ok
    03:23:25.0572 7296 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    03:23:25.0588 7296 AxInstSV - ok
    03:23:25.0593 7296 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    03:23:25.0604 7296 b06bdrv - ok
    03:23:25.0608 7296 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    03:23:25.0617 7296 b57nd60a - ok
    03:23:25.0622 7296 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    03:23:25.0631 7296 BDESVC - ok
    03:23:25.0633 7296 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    03:23:25.0651 7296 Beep - ok
    03:23:25.0653 7296 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    03:23:25.0660 7296 blbdrive - ok
    03:23:25.0665 7296 [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    03:23:25.0673 7296 Bonjour Service - ok
    03:23:25.0676 7296 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    03:23:25.0683 7296 bowser - ok
    03:23:25.0685 7296 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    03:23:25.0700 7296 BrFiltLo - ok
    03:23:25.0702 7296 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    03:23:25.0709 7296 BrFiltUp - ok
    03:23:25.0712 7296 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    03:23:25.0720 7296 Browser - ok
    03:23:25.0724 7296 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    03:23:25.0735 7296 Brserid - ok
    03:23:25.0737 7296 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    03:23:25.0745 7296 BrSerWdm - ok
    03:23:25.0747 7296 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    03:23:25.0755 7296 BrUsbMdm - ok
    03:23:25.0757 7296 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    03:23:25.0763 7296 BrUsbSer - ok
    03:23:25.0766 7296 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows
  15. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    \system32\DRIVERS\bthmodem.sys
    03:23:25.0774 7296 BTHMODEM - ok
    03:23:25.0777 7296 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    03:23:25.0797 7296 bthserv - ok
    03:23:25.0799 7296 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    03:23:25.0818 7296 cdfs - ok
    03:23:25.0821 7296 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    03:23:25.0829 7296 cdrom - ok
    03:23:25.0832 7296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    03:23:25.0850 7296 CertPropSvc - ok
    03:23:25.0852 7296 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    03:23:25.0860 7296 circlass - ok
    03:23:25.0865 7296 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    03:23:25.0874 7296 CLFS - ok
    03:23:25.0879 7296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:23:25.0885 7296 clr_optimization_v2.0.50727_32 - ok
    03:23:25.0891 7296 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    03:23:25.0896 7296 clr_optimization_v2.0.50727_64 - ok
    03:23:25.0902 7296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:23:25.0908 7296 clr_optimization_v4.0.30319_32 - ok
    03:23:25.0914 7296 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    03:23:25.0920 7296 clr_optimization_v4.0.30319_64 - ok
    03:23:25.0922 7296 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    03:23:25.0929 7296 CmBatt - ok
    03:23:25.0931 7296 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    03:23:25.0936 7296 cmdide - ok
    03:23:25.0941 7296 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    03:23:25.0956 7296 CNG - ok
    03:23:25.0958 7296 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    03:23:25.0964 7296 Compbatt - ok
    03:23:25.0966 7296 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    03:23:25.0973 7296 CompositeBus - ok
    03:23:25.0975 7296 COMSysApp - ok
    03:23:25.0978 7296 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    03:23:25.0983 7296 crcdisk - ok
    03:23:25.0988 7296 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    03:23:25.0997 7296 CryptSvc - ok
    03:23:26.0003 7296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    03:23:26.0028 7296 DcomLaunch - ok
    03:23:26.0033 7296 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    03:23:26.0053 7296 defragsvc - ok
    03:23:26.0056 7296 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    03:23:26.0135 7296 DfsC - ok
    03:23:26.0139 7296 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    03:23:26.0175 7296 Dhcp - ok
    03:23:26.0178 7296 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    03:23:26.0197 7296 discache - ok
    03:23:26.0200 7296 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    03:23:26.0207 7296 Disk - ok
    03:23:26.0210 7296 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    03:23:26.0218 7296 Dnscache - ok
    03:23:26.0222 7296 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    03:23:26.0253 7296 dot3svc - ok
    03:23:26.0257 7296 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    03:23:26.0276 7296 DPS - ok
    03:23:26.0278 7296 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    03:23:26.0285 7296 drmkaud - ok
    03:23:26.0295 7296 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    03:23:26.0310 7296 DXGKrnl - ok
    03:23:26.0314 7296 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    03:23:26.0333 7296 EapHost - ok
    03:23:26.0357 7296 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    03:23:26.0391 7296 ebdrv - ok
    03:23:26.0394 7296 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    03:23:26.0403 7296 EFS - ok
    03:23:26.0410 7296 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    03:23:26.0425 7296 ehRecvr - ok
    03:23:26.0428 7296 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    03:23:26.0437 7296 ehSched - ok
    03:23:26.0443 7296 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    03:23:26.0454 7296 elxstor - ok
    03:23:26.0457 7296 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    03:23:26.0463 7296 ErrDev - ok
    03:23:26.0470 7296 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    03:23:26.0492 7296 EventSystem - ok
    03:23:26.0495 7296 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    03:23:26.0516 7296 exfat - ok
    03:23:26.0519 7296 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    03:23:26.0539 7296 fastfat - ok
    03:23:26.0546 7296 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    03:23:26.0557 7296 Fax - ok
    03:23:26.0561 7296 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    03:23:26.0567 7296 fdc - ok
    03:23:26.0569 7296 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    03:23:26.0588 7296 fdPHost - ok
    03:23:26.0591 7296 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    03:23:26.0610 7296 FDResPub - ok
    03:23:26.0614 7296 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    03:23:26.0620 7296 FileInfo - ok
    03:23:26.0622 7296 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    03:23:26.0642 7296 Filetrace - ok
    03:23:26.0645 7296 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    03:23:26.0651 7296 flpydisk - ok
    03:23:26.0656 7296 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    03:23:26.0664 7296 FltMgr - ok
    03:23:26.0674 7296 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    03:23:26.0691 7296 FontCache - ok
    03:23:26.0694 7296 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    03:23:26.0699 7296 FontCache3.0.0.0 - ok
    03:23:26.0702 7296 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    03:23:26.0707 7296 FsDepends - ok
    03:23:26.0709 7296 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    03:23:26.0715 7296 Fs_Rec - ok
    03:23:26.0718 7296 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    03:23:26.0728 7296 fvevol - ok
    03:23:26.0730 7296 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    03:23:26.0736 7296 gagp30kx - ok
    03:23:26.0738 7296 gdrv - ok
    03:23:26.0746 7296 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    03:23:26.0771 7296 gpsvc - ok
    03:23:26.0775 7296 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:23:26.0781 7296 gupdate - ok
    03:23:26.0783 7296 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:23:26.0788 7296 gupdatem - ok
    03:23:26.0792 7296 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    03:23:26.0798 7296 gusvc - ok
    03:23:26.0800 7296 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    03:23:26.0808 7296 hcw85cir - ok
    03:23:26.0812 7296 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    03:23:26.0823 7296 HdAudAddService - ok
    03:23:26.0826 7296 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    03:23:26.0834 7296 HDAudBus - ok
    03:23:26.0836 7296 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    03:23:26.0843 7296 HidBatt - ok
    03:23:26.0846 7296 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    03:23:26.0854 7296 HidBth - ok
    03:23:26.0857 7296 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    03:23:26.0865 7296 HidIr - ok
    03:23:26.0867 7296 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    03:23:26.0886 7296 hidserv - ok
    03:23:26.0888 7296 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    03:23:26.0894 7296 HidUsb - ok
    03:23:26.0897 7296 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    03:23:26.0915 7296 hkmsvc - ok
    03:23:26.0919 7296 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    03:23:26.0928 7296 HomeGroupListener - ok
    03:23:26.0932 7296 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    03:23:26.0940 7296 HomeGroupProvider - ok
    03:23:26.0944 7296 [ 16959F84844DC9B2CEF0D5B1A412370F ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    03:23:26.0947 7296 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
    03:23:26.0947 7296 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
    03:23:26.0950 7296 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    03:23:26.0956 7296 HpSAMD - ok
    03:23:26.0964 7296 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    03:23:26.0988 7296 HTTP - ok
    03:23:26.0991 7296 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    03:23:26.0996 7296 hwpolicy - ok
    03:23:26.0999 7296 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    03:23:27.0005 7296 i8042prt - ok
    03:23:27.0010 7296 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    03:23:27.0019 7296 iaStorV - ok
    03:23:27.0027 7296 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    03:23:27.0041 7296 idsvc - ok
    03:23:27.0043 7296 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    03:23:27.0048 7296 iirsp - ok
    03:23:27.0056 7296 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    03:23:27.0081 7296 IKEEXT - ok
    03:23:27.0084 7296 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    03:23:27.0089 7296 intelide - ok
    03:23:27.0092 7296 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    03:23:27.0098 7296 intelppm - ok
    03:23:27.0100 7296 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    03:23:27.0120 7296 IPBusEnum - ok
    03:23:27.0122 7296 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:23:27.0141 7296 IpFilterDriver - ok
    03:23:27.0143 7296 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    03:23:27.0151 7296 IPMIDRV - ok
    03:23:27.0153 7296 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    03:23:27.0173 7296 IPNAT - ok
    03:23:27.0175 7296 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    03:23:27.0184 7296 IRENUM - ok
    03:23:27.0186 7296 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    03:23:27.0191 7296 isapnp - ok
    03:23:27.0195 7296 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    03:23:27.0203 7296 iScsiPrt - ok
    03:23:27.0206 7296 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    03:23:27.0211 7296 kbdclass - ok
    03:23:27.0213 7296 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    03:23:27.0219 7296 kbdhid - ok
    03:23:27.0221 7296 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    03:23:27.0227 7296 KeyIso - ok
    03:23:27.0229 7296 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    03:23:27.0236 7296 KSecDD - ok
    03:23:27.0239 7296 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    03:23:27.0246 7296 KSecPkg - ok
    03:23:27.0248 7296 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    03:23:27.0266 7296 ksthunk - ok
    03:23:27.0271 7296 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    03:23:27.0293 7296 KtmRm - ok
    03:23:27.0296 7296 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    03:23:27.0303 7296 L1C - ok
    03:23:27.0307 7296 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    03:23:27.0329 7296 LanmanServer - ok
    03:23:27.0332 7296 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    03:23:27.0351 7296 LanmanWorkstation - ok
    03:23:27.0354 7296 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    03:23:27.0374 7296 lltdio - ok
    03:23:27.0378 7296 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    03:23:27.0400 7296 lltdsvc - ok
    03:23:27.0402 7296 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    03:23:27.0421 7296 lmhosts - ok
    03:23:27.0424 7296 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    03:23:27.0431 7296 LSI_FC - ok
    03:23:27.0434 7296 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    03:23:27.0440 7296 LSI_SAS - ok
    03:23:27.0442 7296 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    03:23:27.0448 7296 LSI_SAS2 - ok
    03:23:27.0451 7296 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    03:23:27.0458 7296 LSI_SCSI - ok
    03:23:27.0480 7296 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    03:23:27.0515 7296 luafv - ok
    03:23:27.0520 7296 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    03:23:27.0528 7296 mcdbus - ok
    03:23:27.0531 7296 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    03:23:27.0539 7296 Mcx2Svc - ok
    03:23:27.0541 7296 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    03:23:27.0547 7296 megasas - ok
    03:23:27.0551 7296 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    03:23:27.0559 7296 MegaSR - ok
    03:23:27.0561 7296 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    03:23:27.0567 7296 MEIx64 - ok
    03:23:27.0572 7296 Microsoft SharePoint Workspace Audit Service - ok
    03:23:27.0575 7296 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    03:23:27.0593 7296 MMCSS - ok
    03:23:27.0596 7296 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    03:23:27.0615 7296 Modem - ok
    03:23:27.0617 7296 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    03:23:27.0625 7296 monitor - ok
    03:23:27.0627 7296 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    03:23:27.0633 7296 mouclass - ok
    03:23:27.0635 7296 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    03:23:27.0641 7296 mouhid - ok
    03:23:27.0644 7296 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    03:23:27.0651 7296 mountmgr - ok
    03:23:27.0653 7296 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    03:23:27.0659 7296 MozillaMaintenance - ok
    03:23:27.0664 7296 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    03:23:27.0672 7296 MpFilter - ok
    03:23:27.0676 7296 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    03:23:27.0683 7296 mpio - ok
    03:23:27.0685 7296 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    03:23:27.0704 7296 mpsdrv - ok
    03:23:27.0709 7296 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    03:23:27.0718 7296 MRxDAV - ok
    03:23:27.0721 7296 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:23:27.0730 7296 mrxsmb - ok
    03:23:27.0734 7296 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:23:27.0743 7296 mrxsmb10 - ok
    03:23:27.0746 7296 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:23:27.0753 7296 mrxsmb20 - ok
    03:23:27.0757 7296 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    03:23:27.0762 7296 msahci - ok
    03:23:27.0765 7296 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    03:23:27.0772 7296 msdsm - ok
    03:23:27.0775 7296 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    03:23:27.0783 7296 MSDTC - ok
    03:23:27.0788 7296 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    03:23:27.0805 7296 Msfs - ok
    03:23:27.0807 7296 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    03:23:27.0825 7296 mshidkmdf - ok
    03:23:27.0828 7296 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    03:23:27.0833 7296 msisadrv - ok
    03:23:27.0836 7296 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    03:23:27.0856 7296 MSiSCSI - ok
    03:23:27.0858 7296 msiserver - ok
    03:23:27.0860 7296 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    03:23:27.0878 7296 MSKSSRV - ok
    03:23:27.0881 7296 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    03:23:27.0886 7296 MsMpSvc - ok
    03:23:27.0888 7296 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    03:23:27.0907 7296 MSPCLOCK - ok
    03:23:27.0909 7296 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    03:23:27.0927 7296 MSPQM - ok
    03:23:27.0932 7296 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    03:23:27.0941 7296 MsRPC - ok
    03:23:27.0945 7296 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    03:23:27.0950 7296 mssmbios - ok
    03:23:27.0952 7296 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    03:23:27.0972 7296 MSTEE - ok
    03:23:27.0974 7296 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    03:23:27.0981 7296 MTConfig - ok
    03:23:27.0983 7296 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    03:23:27.0989 7296 Mup - ok
    03:23:27.0994 7296 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    03:23:28.0017 7296 napagent - ok
    03:23:28.0021 7296 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    03:23:28.0032 7296 NativeWifiP - ok
    03:23:28.0040 7296 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    03:23:28.0056 7296 NDIS - ok
  16. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    03:23:28.0058 7296 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    03:23:28.0077 7296 NdisCap - ok
    03:23:28.0079 7296 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    03:23:28.0098 7296 NdisTapi - ok
    03:23:28.0100 7296 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    03:23:28.0119 7296 Ndisuio - ok
    03:23:28.0122 7296 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    03:23:28.0142 7296 NdisWan - ok
    03:23:28.0145 7296 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    03:23:28.0163 7296 NDProxy - ok
    03:23:28.0166 7296 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    03:23:28.0170 7296 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    03:23:28.0170 7296 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    03:23:28.0172 7296 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    03:23:28.0191 7296 NetBIOS - ok
    03:23:28.0195 7296 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    03:23:28.0215 7296 NetBT - ok
    03:23:28.0217 7296 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    03:23:28.0223 7296 Netlogon - ok
    03:23:28.0227 7296 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    03:23:28.0250 7296 Netman - ok
    03:23:28.0255 7296 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    03:23:28.0278 7296 netprofm - ok
    03:23:28.0281 7296 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    03:23:28.0287 7296 NetTcpPortSharing - ok
    03:23:28.0290 7296 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    03:23:28.0296 7296 nfrd960 - ok
    03:23:28.0299 7296 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    03:23:28.0304 7296 NisDrv - ok
    03:23:28.0308 7296 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    03:23:28.0316 7296 NisSrv - ok
    03:23:28.0321 7296 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    03:23:28.0341 7296 NlaSvc - ok
    03:23:28.0344 7296 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    03:23:28.0362 7296 Npfs - ok
    03:23:28.0364 7296 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    03:23:28.0383 7296 nsi - ok
    03:23:28.0385 7296 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    03:23:28.0404 7296 nsiproxy - ok
    03:23:28.0417 7296 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    03:23:28.0441 7296 Ntfs - ok
    03:23:28.0443 7296 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    03:23:28.0462 7296 Null - ok
    03:23:28.0468 7296 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    03:23:28.0475 7296 NVHDA - ok
    03:23:28.0577 7296 [ 8917336C07FA25D37D460FE49195A7EA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    03:23:28.0767 7296 nvlddmkm - ok
    03:23:28.0773 7296 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    03:23:28.0779 7296 nvraid - ok
    03:23:28.0782 7296 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    03:23:28.0789 7296 nvstor - ok
    03:23:28.0797 7296 [ 37D1F21763FF1B40AE8715AA793B1A33 ] nvsvc C:\Windows\system32\nvvsvc.exe
    03:23:28.0811 7296 nvsvc - ok
    03:23:28.0821 7296 [ 16775FC73AC10DA31CF61382B1927FA4 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    03:23:28.0839 7296 nvUpdatusService - ok
    03:23:28.0842 7296 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    03:23:28.0849 7296 nv_agp - ok
    03:23:28.0852 7296 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    03:23:28.0858 7296 ohci1394 - ok
    03:23:28.0861 7296 [ D8A0164A79D4BFD6083945C5431E41E7 ] OpenVPNService C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
    03:23:28.0864 7296 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
    03:23:28.0864 7296 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
    03:23:28.0867 7296 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    03:23:28.0873 7296 ose - ok
    03:23:28.0909 7296 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    03:23:28.0970 7296 osppsvc - ok
    03:23:28.0977 7296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    03:23:28.0988 7296 p2pimsvc - ok
    03:23:28.0993 7296 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    03:23:29.0004 7296 p2psvc - ok
    03:23:29.0007 7296 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    03:23:29.0014 7296 Parport - ok
    03:23:29.0016 7296 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    03:23:29.0023 7296 partmgr - ok
    03:23:29.0026 7296 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    03:23:29.0037 7296 PcaSvc - ok
    03:23:29.0040 7296 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    03:23:29.0047 7296 pci - ok
    03:23:29.0049 7296 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    03:23:29.0054 7296 pciide - ok
    03:23:29.0058 7296 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    03:23:29.0066 7296 pcmcia - ok
    03:23:29.0068 7296 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    03:23:29.0074 7296 pcw - ok
    03:23:29.0080 7296 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    03:23:29.0103 7296 PEAUTH - ok
    03:23:29.0119 7296 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    03:23:29.0126 7296 PerfHost - ok
    03:23:29.0141 7296 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    03:23:29.0172 7296 pla - ok
    03:23:29.0177 7296 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    03:23:29.0188 7296 PlugPlay - ok
    03:23:29.0190 7296 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    03:23:29.0194 7296 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    03:23:29.0194 7296 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    03:23:29.0196 7296 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    03:23:29.0203 7296 PNRPAutoReg - ok
    03:23:29.0207 7296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    03:23:29.0214 7296 PNRPsvc - ok
    03:23:29.0219 7296 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    03:23:29.0241 7296 PolicyAgent - ok
    03:23:29.0245 7296 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    03:23:29.0265 7296 Power - ok
    03:23:29.0268 7296 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    03:23:29.0286 7296 PptpMiniport - ok
    03:23:29.0290 7296 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    03:23:29.0296 7296 Processor - ok
    03:23:29.0300 7296 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    03:23:29.0308 7296 ProfSvc - ok
    03:23:29.0310 7296 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    03:23:29.0316 7296 ProtectedStorage - ok
    03:23:29.0319 7296 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    03:23:29.0337 7296 Psched - ok
    03:23:29.0349 7296 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    03:23:29.0372 7296 ql2300 - ok
    03:23:29.0375 7296 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    03:23:29.0381 7296 ql40xx - ok
    03:23:29.0386 7296 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    03:23:29.0396 7296 QWAVE - ok
    03:23:29.0398 7296 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    03:23:29.0407 7296 QWAVEdrv - ok
    03:23:29.0409 7296 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    03:23:29.0427 7296 RasAcd - ok
    03:23:29.0430 7296 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    03:23:29.0448 7296 RasAgileVpn - ok
    03:23:29.0451 7296 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    03:23:29.0471 7296 RasAuto - ok
    03:23:29.0474 7296 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:23:29.0493 7296 Rasl2tp - ok
    03:23:29.0498 7296 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    03:23:29.0519 7296 RasMan - ok
    03:23:29.0522 7296 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    03:23:29.0541 7296 RasPppoe - ok
    03:23:29.0544 7296 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    03:23:29.0563 7296 RasSstp - ok
    03:23:29.0567 7296 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    03:23:29.0588 7296 rdbss - ok
    03:23:29.0590 7296 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    03:23:29.0598 7296 rdpbus - ok
    03:23:29.0600 7296 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:23:29.0619 7296 RDPCDD - ok
    03:23:29.0622 7296 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    03:23:29.0641 7296 RDPENCDD - ok
    03:23:29.0644 7296 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    03:23:29.0662 7296 RDPREFMP - ok
    03:23:29.0666 7296 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    03:23:29.0674 7296 RDPWD - ok
    03:23:29.0678 7296 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    03:23:29.0686 7296 rdyboost - ok
    03:23:29.0689 7296 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    03:23:29.0708 7296 RemoteAccess - ok
    03:23:29.0711 7296 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    03:23:29.0732 7296 RemoteRegistry - ok
    03:23:29.0735 7296 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    03:23:29.0754 7296 RpcEptMapper - ok
    03:23:29.0756 7296 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    03:23:29.0763 7296 RpcLocator - ok
    03:23:29.0768 7296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    03:23:29.0788 7296 RpcSs - ok
    03:23:29.0791 7296 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    03:23:29.0810 7296 rspndr - ok
    03:23:29.0812 7296 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    03:23:29.0818 7296 SamSs - ok
    03:23:29.0820 7296 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    03:23:29.0826 7296 sbp2port - ok
    03:23:29.0830 7296 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    03:23:29.0850 7296 SCardSvr - ok
    03:23:29.0853 7296 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    03:23:29.0871 7296 scfilter - ok
    03:23:29.0880 7296 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    03:23:29.0907 7296 Schedule - ok
    03:23:29.0910 7296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    03:23:29.0928 7296 SCPolicySvc - ok
    03:23:29.0931 7296 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    03:23:29.0940 7296 SDRSVC - ok
    03:23:29.0942 7296 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    03:23:29.0960 7296 secdrv - ok
    03:23:29.0963 7296 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    03:23:29.0981 7296 seclogon - ok
    03:23:29.0984 7296 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    03:23:30.0003 7296 SENS - ok
    03:23:30.0005 7296 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    03:23:30.0012 7296 SensrSvc - ok
    03:23:30.0014 7296 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    03:23:30.0021 7296 Serenum - ok
    03:23:30.0023 7296 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    03:23:30.0030 7296 Serial - ok
    03:23:30.0032 7296 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    03:23:30.0038 7296 sermouse - ok
    03:23:30.0043 7296 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    03:23:30.0062 7296 SessionEnv - ok
    03:23:30.0069 7296 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    03:23:30.0079 7296 sffdisk - ok
    03:23:30.0081 7296 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    03:23:30.0088 7296 sffp_mmc - ok
    03:23:30.0090 7296 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    03:23:30.0098 7296 sffp_sd - ok
    03:23:30.0100 7296 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    03:23:30.0106 7296 sfloppy - ok
    03:23:30.0111 7296 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    03:23:30.0132 7296 ShellHWDetection - ok
    03:23:30.0135 7296 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    03:23:30.0140 7296 SiSRaid2 - ok
    03:23:30.0143 7296 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    03:23:30.0149 7296 SiSRaid4 - ok
    03:23:30.0152 7296 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    03:23:30.0170 7296 Smb - ok
    03:23:30.0175 7296 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    03:23:30.0181 7296 SNMPTRAP - ok
    03:23:30.0183 7296 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    03:23:30.0188 7296 spldr - ok
    03:23:30.0194 7296 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    03:23:30.0205 7296 Spooler - ok
    03:23:30.0230 7296 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    03:23:30.0279 7296 sppsvc - ok
    03:23:30.0282 7296 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    03:23:30.0301 7296 sppuinotify - ok
    03:23:30.0306 7296 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    03:23:30.0316 7296 srv - ok
    03:23:30.0321 7296 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    03:23:30.0330 7296 srv2 - ok
    03:23:30.0335 7296 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    03:23:30.0341 7296 srvnet - ok
    03:23:30.0345 7296 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    03:23:30.0365 7296 SSDPSRV - ok
    03:23:30.0368 7296 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    03:23:30.0387 7296 SstpSvc - ok
    03:23:30.0389 7296 Steam Client Service - ok
    03:23:30.0394 7296 [ FAF7BF30B496E839A87C024E309B2A3F ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    03:23:30.0402 7296 Stereo Service - ok
    03:23:30.0405 7296 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    03:23:30.0410 7296 stexstor - ok
    03:23:30.0412 7296 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    03:23:30.0420 7296 StillCam - ok
    03:23:30.0426 7296 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    03:23:30.0440 7296 stisvc - ok
    03:23:30.0443 7296 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    03:23:30.0448 7296 swenum - ok
    03:23:30.0454 7296 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    03:23:30.0468 7296 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
    03:23:30.0468 7296 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
    03:23:30.0475 7296 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    03:23:30.0498 7296 swprv - ok
    03:23:30.0512 7296 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    03:23:30.0537 7296 SysMain - ok
    03:23:30.0540 7296 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    03:23:30.0550 7296 TabletInputService - ok
    03:23:30.0552 7296 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    03:23:30.0558 7296 tap0901 - ok
    03:23:30.0562 7296 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    03:23:30.0582 7296 TapiSrv - ok
    03:23:30.0585 7296 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    03:23:30.0603 7296 TBS - ok
    03:23:30.0617 7296 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    03:23:30.0643 7296 Tcpip - ok
    03:23:30.0657 7296 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    03:23:30.0677 7296 TCPIP6 - ok
    03:23:30.0681 7296 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    03:23:30.0698 7296 tcpipreg - ok
    03:23:30.0701 7296 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    03:23:30.0708 7296 TDPIPE - ok
    03:23:30.0710 7296 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    03:23:30.0715 7296 TDTCP - ok
    03:23:30.0718 7296 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    03:23:30.0736 7296 tdx - ok
    03:23:30.0738 7296 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    03:23:30.0744 7296 TermDD - ok
    03:23:30.0750 7296 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    03:23:30.0774 7296 TermService - ok
    03:23:30.0777 7296 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    03:23:30.0786 7296 Themes - ok
    03:23:30.0788 7296 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    03:23:30.0806 7296 THREADORDER - ok
    03:23:30.0834 7296 TivoBeacon2 - ok
    03:23:30.0837 7296 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    03:23:30.0872 7296 TrkWks - ok
    03:23:30.0876 7296 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    03:23:30.0896 7296 TrustedInstaller - ok
    03:23:30.0899 7296 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:23:30.0918 7296 tssecsrv - ok
    03:23:30.0920 7296 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    03:23:30.0927 7296 TsUsbFlt - ok
    03:23:30.0931 7296 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    03:23:30.0950 7296 tunnel - ok
    03:23:30.0952 7296 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    03:23:30.0958 7296 uagp35 - ok
    03:23:30.0962 7296 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    03:23:30.0983 7296 udfs - ok
    03:23:30.0987 7296 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    03:23:30.0995 7296 UI0Detect - ok
    03:23:30.0997 7296 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    03:23:31.0003 7296 uliagpkx - ok
    03:23:31.0006 7296 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    03:23:31.0012 7296 umbus - ok
    03:23:31.0014 7296 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    03:23:31.0021 7296 UmPass - ok
    03:23:31.0026 7296 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    03:23:31.0048 7296 upnphost - ok
    03:23:31.0050 7296 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    03:23:31.0058 7296 usbccgp - ok
    03:23:31.0060 7296 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    03:23:31.0068 7296 usbcir - ok
    03:23:31.0071 7296 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    03:23:31.0077 7296 usbehci - ok
    03:23:31.0082 7296 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    03:23:31.0090 7296 usbhub - ok
    03:23:31.0093 7296 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    03:23:31.0099 7296 usbohci - ok
    03:23:31.0101 7296 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    03:23:31.0109 7296 usbprint - ok
    03:23:31.0111 7296 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:23:31.0118 7296 USBSTOR - ok
    03:23:31.0120 7296 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    03:23:31.0126 7296 usbuhci - ok
    03:23:31.0128 7296 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    03:23:31.0148 7296 UxSms - ok
    03:23:31.0151 7296 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    03:23:31.0156 7296 VaultSvc - ok
    03:23:31.0158 7296 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    03:23:31.0164 7296 vdrvroot - ok
    03:23:31.0169 7296 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    03:23:31.0191 7296 vds - ok
    03:23:31.0194 7296 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    03:23:31.0201 7296 vga - ok
    03:23:31.0203 7296 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    03:23:31.0222 7296 VgaSave - ok
    03:23:31.0225 7296 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    03:23:31.0232 7296 vhdmp - ok
    03:23:31.0234 7296 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    03:23:31.0239 7296 viaide - ok
  17. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    03:23:31.0243 7296 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    03:23:31.0248 7296 volmgr - ok
    03:23:31.0254 7296 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    03:23:31.0263 7296 volmgrx - ok
    03:23:31.0267 7296 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    03:23:31.0275 7296 volsnap - ok
    03:23:31.0279 7296 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    03:23:31.0286 7296 vsmraid - ok
    03:23:31.0298 7296 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    03:23:31.0330 7296 VSS - ok
    03:23:31.0332 7296 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    03:23:31.0340 7296 vwifibus - ok
    03:23:31.0344 7296 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    03:23:31.0366 7296 W32Time - ok
    03:23:31.0369 7296 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    03:23:31.0375 7296 WacomPen - ok
    03:23:31.0378 7296 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    03:23:31.0397 7296 WANARP - ok
    03:23:31.0399 7296 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    03:23:31.0416 7296 Wanarpv6 - ok
    03:23:31.0427 7296 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    03:23:31.0445 7296 WatAdminSvc - ok
    03:23:31.0457 7296 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    03:23:31.0487 7296 wbengine - ok
    03:23:31.0490 7296 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    03:23:31.0500 7296 WbioSrvc - ok
    03:23:31.0505 7296 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    03:23:31.0517 7296 wcncsvc - ok
    03:23:31.0519 7296 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    03:23:31.0526 7296 WcsPlugInService - ok
    03:23:31.0529 7296 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    03:23:31.0534 7296 Wd - ok
    03:23:31.0540 7296 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    03:23:31.0553 7296 Wdf01000 - ok
    03:23:31.0555 7296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    03:23:31.0575 7296 WdiServiceHost - ok
    03:23:31.0577 7296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    03:23:31.0586 7296 WdiSystemHost - ok
    03:23:31.0590 7296 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    03:23:31.0602 7296 WebClient - ok
    03:23:31.0605 7296 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    03:23:31.0626 7296 Wecsvc - ok
    03:23:31.0628 7296 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    03:23:31.0648 7296 wercplsupport - ok
    03:23:31.0651 7296 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    03:23:31.0670 7296 WerSvc - ok
    03:23:31.0674 7296 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    03:23:31.0691 7296 WfpLwf - ok
    03:23:31.0694 7296 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    03:23:31.0699 7296 WIMMount - ok
    03:23:31.0701 7296 WinHttpAutoProxySvc - ok
    03:23:31.0709 7296 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    03:23:31.0729 7296 Winmgmt - ok
    03:23:31.0744 7296 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    03:23:31.0779 7296 WinRM - ok
    03:23:31.0784 7296 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    03:23:31.0792 7296 WinUsb - ok
    03:23:31.0800 7296 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    03:23:31.0816 7296 Wlansvc - ok
    03:23:31.0819 7296 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    03:23:31.0825 7296 WmiAcpi - ok
    03:23:31.0829 7296 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    03:23:31.0837 7296 wmiApSrv - ok
    03:23:31.0839 7296 WMPNetworkSvc - ok
    03:23:31.0842 7296 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    03:23:31.0849 7296 WPCSvc - ok
    03:23:31.0851 7296 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    03:23:31.0859 7296 WPDBusEnum - ok
    03:23:31.0862 7296 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    03:23:31.0880 7296 ws2ifsl - ok
    03:23:31.0881 7296 WSearch - ok
    03:23:31.0885 7296 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    03:23:31.0903 7296 WudfPf - ok
    03:23:31.0907 7296 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:23:31.0926 7296 WUDFRd - ok
    03:23:31.0928 7296 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    03:23:31.0946 7296 wudfsvc - ok
    03:23:31.0950 7296 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    03:23:31.0962 7296 WwanSvc - ok
    03:23:31.0969 7296 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    03:23:31.0980 7296 YahooAUService - ok
    03:23:31.0984 7296 ================ Scan global ===============================
    03:23:31.0986 7296 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    03:23:31.0989 7296 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    03:23:31.0994 7296 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    03:23:31.0997 7296 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    03:23:32.0001 7296 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    03:23:32.0004 7296 [Global] - ok
    03:23:32.0005 7296 ================ Scan MBR ==================================
    03:23:32.0006 7296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    03:23:32.0075 7296 \Device\Harddisk0\DR0 - ok
    03:23:32.0080 7296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    03:23:32.0146 7296 \Device\Harddisk1\DR1 - ok
    03:23:32.0149 7296 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    03:23:32.0237 7296 \Device\Harddisk2\DR2 - ok
    03:23:32.0240 7296 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
    03:23:32.0324 7296 \Device\Harddisk3\DR3 - ok
    03:23:32.0331 7296 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk4\DR4
    03:23:32.0503 7296 \Device\Harddisk4\DR4 - ok
    03:23:32.0503 7296 ================ Scan VBR ==================================
    03:23:32.0505 7296 [ DFE69C27BEBE97DC5D3C7F593A2FCBC2 ] \Device\Harddisk0\DR0\Partition1
    03:23:32.0506 7296 \Device\Harddisk0\DR0\Partition1 - ok
    03:23:32.0508 7296 [ D8B263DB5A321ED1C2D89AF7B947ED20 ] \Device\Harddisk0\DR0\Partition2
    03:23:32.0510 7296 \Device\Harddisk0\DR0\Partition2 - ok
    03:23:32.0538 7296 [ 3DBB43452688697AF0EA65D6B9C2DE45 ] \Device\Harddisk1\DR1\Partition1
    03:23:32.0539 7296 \Device\Harddisk1\DR1\Partition1 - ok
    03:23:32.0541 7296 [ 79A01381DC690A607446D431CBDB54A8 ] \Device\Harddisk2\DR2\Partition1
    03:23:32.0542 7296 \Device\Harddisk2\DR2\Partition1 - ok
    03:23:32.0544 7296 [ 7F3403343E2D9EB4369C880E2E02FE43 ] \Device\Harddisk3\DR3\Partition1
    03:23:32.0545 7296 \Device\Harddisk3\DR3\Partition1 - ok
    03:23:32.0549 7296 [ D577F8F1A985933FA3BACF3900BAD56F ] \Device\Harddisk4\DR4\Partition1
    03:23:32.0552 7296 \Device\Harddisk4\DR4\Partition1 - ok
    03:23:32.0552 7296 ============================================================
    03:23:32.0552 7296 Scan finished
    03:23:32.0552 7296 ============================================================
    03:23:32.0558 8096 Detected object count: 5
    03:23:32.0558 8096 Actual detected object count: 5
    03:23:47.0690 8096 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
    03:23:47.0690 8096 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:23:47.0691 8096 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    03:23:47.0691 8096 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:23:47.0692 8096 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
    03:23:47.0692 8096 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:23:47.0694 8096 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    03:23:47.0694 8096 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:23:47.0695 8096 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
    03:23:47.0695 8096 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:23:58.0166 4308 ============================================================
    03:23:58.0166 4308 Scan started
    03:23:58.0166 4308 Mode: Manual; SigCheck; TDLFS;
    03:23:58.0166 4308 ============================================================
    03:23:58.0306 4308 ================ Scan system memory ========================
    03:23:58.0306 4308 System memory - ok
    03:23:58.0306 4308 ================ Scan services =============================
    03:23:58.0336 4308 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    03:23:58.0350 4308 1394ohci - ok
    03:23:58.0357 4308 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    03:23:58.0366 4308 ACPI - ok
    03:23:58.0369 4308 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    03:23:58.0378 4308 AcpiPmi - ok
    03:23:58.0382 4308 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    03:23:58.0387 4308 AdobeARMservice - ok
    03:23:58.0405 4308 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    03:23:58.0411 4308 AdobeFlashPlayerUpdateSvc - ok
    03:23:58.0417 4308 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    03:23:58.0425 4308 adp94xx - ok
    03:23:58.0430 4308 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    03:23:58.0438 4308 adpahci - ok
    03:23:58.0441 4308 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    03:23:58.0447 4308 adpu320 - ok
    03:23:58.0451 4308 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    03:23:58.0469 4308 AeLookupSvc - ok
    03:23:58.0474 4308 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    03:23:58.0482 4308 AFD - ok
    03:23:58.0485 4308 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    03:23:58.0490 4308 agp440 - ok
    03:23:58.0492 4308 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    03:23:58.0498 4308 ALG - ok
    03:23:58.0500 4308 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    03:23:58.0505 4308 aliide - ok
    03:23:58.0507 4308 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    03:23:58.0511 4308 amdide - ok
    03:23:58.0514 4308 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    03:23:58.0520 4308 AmdK8 - ok
    03:23:58.0522 4308 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    03:23:58.0528 4308 AmdPPM - ok
    03:23:58.0530 4308 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    03:23:58.0535 4308 amdsata - ok
    03:23:58.0539 4308 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    03:23:58.0545 4308 amdsbs - ok
    03:23:58.0547 4308 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    03:23:58.0552 4308 amdxata - ok
    03:23:58.0554 4308 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    03:23:58.0571 4308 AppID - ok
    03:23:58.0573 4308 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    03:23:58.0591 4308 AppIDSvc - ok
    03:23:58.0594 4308 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    03:23:58.0611 4308 Appinfo - ok
    03:23:58.0613 4308 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    03:23:58.0619 4308 arc - ok
    03:23:58.0622 4308 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    03:23:58.0627 4308 arcsas - ok
    03:23:58.0629 4308 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    03:23:58.0647 4308 AsyncMac - ok
    03:23:58.0650 4308 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    03:23:58.0654 4308 atapi - ok
    03:23:58.0661 4308 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    03:23:58.0682 4308 AudioEndpointBuilder - ok
    03:23:58.0687 4308 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    03:23:58.0707 4308 AudioSrv - ok
    03:23:58.0712 4308 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    03:23:58.0721 4308 AxInstSV - ok
    03:23:58.0727 4308 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    03:23:58.0734 4308 b06bdrv - ok
    03:23:58.0738 4308 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    03:23:58.0745 4308 b57nd60a - ok
    03:23:58.0748 4308 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    03:23:58.0754 4308 BDESVC - ok
    03:23:58.0756 4308 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    03:23:58.0773 4308 Beep - ok
    03:23:58.0775 4308 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    03:23:58.0780 4308 blbdrive - ok
    03:23:58.0786 4308 [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    03:23:58.0792 4308 Bonjour Service - ok
    03:23:58.0795 4308 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    03:23:58.0801 4308 bowser - ok
    03:23:58.0803 4308 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    03:23:58.0810 4308 BrFiltLo - ok
    03:23:58.0812 4308 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    03:23:58.0818 4308 BrFiltUp - ok
    03:23:58.0821 4308 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    03:23:58.0826 4308 Browser - ok
    03:23:58.0831 4308 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    03:23:58.0837 4308 Brserid - ok
    03:23:58.0840 4308 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    03:23:58.0846 4308 BrSerWdm - ok
    03:23:58.0849 4308 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    03:23:58.0856 4308 BrUsbMdm - ok
    03:23:58.0858 4308 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    03:23:58.0863 4308 BrUsbSer - ok
    03:23:58.0866 4308 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    03:23:58.0872 4308 BTHMODEM - ok
    03:23:58.0876 4308 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    03:23:58.0893 4308 bthserv - ok
    03:23:58.0896 4308 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    03:23:58.0914 4308 cdfs - ok
    03:23:58.0917 4308 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    03:23:58.0923 4308 cdrom - ok
    03:23:58.0926 4308 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    03:23:58.0943 4308 CertPropSvc - ok
    03:23:58.0945 4308 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    03:23:58.0952 4308 circlass - ok
    03:23:58.0957 4308 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    03:23:58.0964 4308 CLFS - ok
    03:23:58.0970 4308 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:23:58.0975 4308 clr_optimization_v2.0.50727_32 - ok
    03:23:58.0981 4308 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    03:23:58.0985 4308 clr_optimization_v2.0.50727_64 - ok
    03:23:58.0992 4308 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:23:58.0997 4308 clr_optimization_v4.0.30319_32 - ok
    03:23:59.0002 4308 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    03:23:59.0007 4308 clr_optimization_v4.0.30319_64 - ok
    03:23:59.0010 4308 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    03:23:59.0015 4308 CmBatt - ok
    03:23:59.0017 4308 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    03:23:59.0021 4308 cmdide - ok
    03:23:59.0027 4308 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    03:23:59.0038 4308 CNG - ok
    03:23:59.0040 4308 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    03:23:59.0045 4308 Compbatt - ok
    03:23:59.0047 4308 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    03:23:59.0054 4308 CompositeBus - ok
    03:23:59.0056 4308 COMSysApp - ok
    03:23:59.0059 4308 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    03:23:59.0063 4308 crcdisk - ok
    03:23:59.0069 4308 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    03:23:59.0075 4308 CryptSvc - ok
    03:23:59.0082 4308 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    03:23:59.0101 4308 DcomLaunch - ok
    03:23:59.0106 4308 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    03:23:59.0125 4308 defragsvc - ok
    03:23:59.0128 4308 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    03:23:59.0145 4308 DfsC - ok
    03:23:59.0150 4308 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    03:23:59.0168 4308 Dhcp - ok
    03:23:59.0171 4308 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    03:23:59.0188 4308 discache - ok
    03:23:59.0191 4308 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    03:23:59.0196 4308 Disk - ok
    03:23:59.0200 4308 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    03:23:59.0206 4308 Dnscache - ok
    03:23:59.0210 4308 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    03:23:59.0228 4308 dot3svc - ok
    03:23:59.0231 4308 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    03:23:59.0249 4308 DPS - ok
    03:23:59.0251 4308 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    03:23:59.0258 4308 drmkaud - ok
    03:23:59.0266 4308 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    03:23:59.0278 4308 DXGKrnl - ok
    03:23:59.0282 4308 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    03:23:59.0300 4308 EapHost - ok
    03:23:59.0322 4308 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    03:23:59.0346 4308 ebdrv - ok
    03:23:59.0349 4308 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    03:23:59.0355 4308 EFS - ok
    03:23:59.0363 4308 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    03:23:59.0372 4308 ehRecvr - ok
    03:23:59.0375 4308 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    03:23:59.0381 4308 ehSched - ok
    03:23:59.0387 4308 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    03:23:59.0396 4308 elxstor - ok
    03:23:59.0399 4308 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    03:23:59.0404 4308 ErrDev - ok
    03:23:59.0410 4308 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    03:23:59.0430 4308 EventSystem - ok
    03:23:59.0434 4308 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    03:23:59.0452 4308 exfat - ok
    03:23:59.0456 4308 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    03:23:59.0474 4308 fastfat - ok
    03:23:59.0481 4308 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    03:23:59.0489 4308 Fax - ok
    03:23:59.0492 4308 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    03:23:59.0497 4308 fdc - ok
    03:23:59.0499 4308 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    03:23:59.0517 4308 fdPHost - ok
    03:23:59.0519 4308 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    03:23:59.0537 4308 FDResPub - ok
    03:23:59.0540 4308 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    03:23:59.0545 4308 FileInfo - ok
    03:23:59.0547 4308 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    03:23:59.0565 4308 Filetrace - ok
    03:23:59.0567 4308 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    03:23:59.0572 4308 flpydisk - ok
    03:23:59.0577 4308 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    03:23:59.0583 4308 FltMgr - ok
    03:23:59.0593 4308 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    03:23:59.0604 4308 FontCache - ok
    03:23:59.0607 4308 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    03:23:59.0611 4308 FontCache3.0.0.0 - ok
    03:23:59.0614 4308 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    03:23:59.0619 4308 FsDepends - ok
    03:23:59.0621 4308 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    03:23:59.0626 4308 Fs_Rec - ok
    03:23:59.0630 4308 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    03:23:59.0637 4308 fvevol - ok
    03:23:59.0640 4308 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    03:23:59.0645 4308 gagp30kx - ok
    03:23:59.0647 4308 gdrv - ok
    03:23:59.0655 4308 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    03:23:59.0676 4308 gpsvc - ok
    03:23:59.0680 4308 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:23:59.0684 4308 gupdate - ok
    03:23:59.0687 4308 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    03:23:59.0691 4308 gupdatem - ok
    03:23:59.0695 4308 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    03:23:59.0700 4308 gusvc - ok
    03:23:59.0703 4308 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    03:23:59.0708 4308 hcw85cir - ok
    03:23:59.0712 4308 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    03:23:59.0721 4308 HdAudAddService - ok
    03:23:59.0724 4308 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    03:23:59.0731 4308 HDAudBus - ok
    03:23:59.0733 4308 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    03:23:59.0739 4308 HidBatt - ok
    03:23:59.0742 4308 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    03:23:59.0749 4308 HidBth - ok
    03:23:59.0751 4308 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    03:23:59.0758 4308 HidIr - ok
    03:23:59.0760 4308 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    03:23:59.0778 4308 hidserv - ok
    03:23:59.0780 4308 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    03:23:59.0785 4308 HidUsb - ok
    03:23:59.0789 4308 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    03:23:59.0806 4308 hkmsvc - ok
    03:23:59.0810 4308 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    03:23:59.0817 4308 HomeGroupListener - ok
    03:23:59.0820 4308 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    03:23:59.0827 4308 HomeGroupProvider - ok
    03:23:59.0830 4308 [ 16959F84844DC9B2CEF0D5B1A412370F ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    03:23:59.0833 4308 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
    03:23:59.0833 4308 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
    03:23:59.0835 4308 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    03:23:59.0841 4308 HpSAMD - ok
    03:23:59.0848 4308 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    03:23:59.0868 4308 HTTP - ok
    03:23:59.0871 4308 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    03:23:59.0875 4308 hwpolicy - ok
    03:23:59.0878 4308 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    03:23:59.0883 4308 i8042prt - ok
    03:23:59.0888 4308 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    03:23:59.0896 4308 iaStorV - ok
    03:23:59.0904 4308 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    03:23:59.0914 4308 idsvc - ok
    03:23:59.0916 4308 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    03:23:59.0921 4308 iirsp - ok
    03:23:59.0929 4308 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    03:23:59.0950 4308 IKEEXT - ok
    03:23:59.0954 4308 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    03:23:59.0959 4308 intelide - ok
    03:23:59.0961 4308 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    03:23:59.0966 4308 intelppm - ok
    03:23:59.0969 4308 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    03:23:59.0987 4308 IPBusEnum - ok
    03:23:59.0990 4308 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:24:00.0007 4308 IpFilterDriver - ok
    03:24:00.0010 4308 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    03:24:00.0015 4308 IPMIDRV - ok
    03:24:00.0018 4308 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    03:24:00.0036 4308 IPNAT - ok
    03:24:00.0039 4308 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    03:24:00.0046 4308 IRENUM - ok
    03:24:00.0049 4308 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    03:24:00.0055 4308 isapnp - ok
    03:24:00.0067 4308 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    03:24:00.0074 4308 iScsiPrt - ok
    03:24:00.0082 4308 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    03:24:00.0086 4308 kbdclass - ok
    03:24:00.0089 4308 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    03:24:00.0094 4308 kbdhid - ok
    03:24:00.0096 4308 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    03:24:00.0102 4308 KeyIso - ok
    03:24:00.0104 4308 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    03:24:00.0110 4308 KSecDD - ok
    03:24:00.0113 4308 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    03:24:00.0119 4308 KSecPkg - ok
    03:24:00.0122 4308 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    03:24:00.0139 4308 ksthunk - ok
  18. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    03:24:00.0144 4308 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    03:24:00.0163 4308 KtmRm - ok
    03:24:00.0167 4308 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    03:24:00.0171 4308 L1C - ok
    03:24:00.0176 4308 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    03:24:00.0194 4308 LanmanServer - ok
    03:24:00.0197 4308 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    03:24:00.0215 4308 LanmanWorkstation - ok
    03:24:00.0218 4308 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    03:24:00.0236 4308 lltdio - ok
    03:24:00.0240 4308 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    03:24:00.0259 4308 lltdsvc - ok
    03:24:00.0261 4308 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    03:24:00.0280 4308 lmhosts - ok
    03:24:00.0284 4308 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    03:24:00.0289 4308 LSI_FC - ok
    03:24:00.0292 4308 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    03:24:00.0298 4308 LSI_SAS - ok
    03:24:00.0301 4308 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    03:24:00.0306 4308 LSI_SAS2 - ok
    03:24:00.0309 4308 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    03:24:00.0314 4308 LSI_SCSI - ok
    03:24:00.0317 4308 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    03:24:00.0334 4308 luafv - ok
    03:24:00.0339 4308 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    03:24:00.0346 4308 mcdbus - ok
    03:24:00.0349 4308 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    03:24:00.0355 4308 Mcx2Svc - ok
    03:24:00.0358 4308 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    03:24:00.0362 4308 megasas - ok
    03:24:00.0366 4308 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    03:24:00.0373 4308 MegaSR - ok
    03:24:00.0376 4308 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    03:24:00.0380 4308 MEIx64 - ok
    03:24:00.0385 4308 Microsoft SharePoint Workspace Audit Service - ok
    03:24:00.0388 4308 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    03:24:00.0406 4308 MMCSS - ok
    03:24:00.0408 4308 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    03:24:00.0426 4308 Modem - ok
    03:24:00.0428 4308 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    03:24:00.0435 4308 monitor - ok
    03:24:00.0437 4308 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    03:24:00.0442 4308 mouclass - ok
    03:24:00.0444 4308 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    03:24:00.0450 4308 mouhid - ok
    03:24:00.0452 4308 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    03:24:00.0458 4308 mountmgr - ok
    03:24:00.0461 4308 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    03:24:00.0466 4308 MozillaMaintenance - ok
    03:24:00.0469 4308 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    03:24:00.0477 4308 MpFilter - ok
    03:24:00.0480 4308 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    03:24:00.0486 4308 mpio - ok
    03:24:00.0488 4308 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    03:24:00.0506 4308 mpsdrv - ok
    03:24:00.0510 4308 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    03:24:00.0518 4308 MRxDAV - ok
    03:24:00.0522 4308 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:24:00.0527 4308 mrxsmb - ok
    03:24:00.0532 4308 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:24:00.0538 4308 mrxsmb10 - ok
    03:24:00.0541 4308 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:24:00.0547 4308 mrxsmb20 - ok
    03:24:00.0549 4308 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    03:24:00.0553 4308 msahci - ok
    03:24:00.0556 4308 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    03:24:00.0562 4308 msdsm - ok
    03:24:00.0565 4308 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    03:24:00.0571 4308 MSDTC - ok
    03:24:00.0576 4308 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    03:24:00.0593 4308 Msfs - ok
    03:24:00.0596 4308 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    03:24:00.0612 4308 mshidkmdf - ok
    03:24:00.0615 4308 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    03:24:00.0619 4308 msisadrv - ok
    03:24:00.0622 4308 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    03:24:00.0641 4308 MSiSCSI - ok
    03:24:00.0643 4308 msiserver - ok
    03:24:00.0646 4308 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    03:24:00.0663 4308 MSKSSRV - ok
    03:24:00.0666 4308 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    03:24:00.0671 4308 MsMpSvc - ok
    03:24:00.0673 4308 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    03:24:00.0691 4308 MSPCLOCK - ok
    03:24:00.0697 4308 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    03:24:00.0714 4308 MSPQM - ok
    03:24:00.0723 4308 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    03:24:00.0730 4308 MsRPC - ok
    03:24:00.0734 4308 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    03:24:00.0738 4308 mssmbios - ok
    03:24:00.0741 4308 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    03:24:00.0758 4308 MSTEE - ok
    03:24:00.0761 4308 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    03:24:00.0766 4308 MTConfig - ok
    03:24:00.0769 4308 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    03:24:00.0774 4308 Mup - ok
    03:24:00.0779 4308 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    03:24:00.0798 4308 napagent - ok
    03:24:00.0804 4308 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    03:24:00.0812 4308 NativeWifiP - ok
    03:24:00.0821 4308 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    03:24:00.0833 4308 NDIS - ok
    03:24:00.0835 4308 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    03:24:00.0853 4308 NdisCap - ok
    03:24:00.0855 4308 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    03:24:00.0872 4308 NdisTapi - ok
    03:24:00.0875 4308 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    03:24:00.0892 4308 Ndisuio - ok
    03:24:00.0895 4308 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    03:24:00.0912 4308 NdisWan - ok
    03:24:00.0915 4308 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    03:24:00.0932 4308 NDProxy - ok
    03:24:00.0935 4308 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    03:24:00.0937 4308 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    03:24:00.0937 4308 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    03:24:00.0940 4308 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    03:24:00.0957 4308 NetBIOS - ok
    03:24:00.0961 4308 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    03:24:00.0979 4308 NetBT - ok
    03:24:00.0981 4308 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    03:24:00.0986 4308 Netlogon - ok
    03:24:00.0991 4308 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    03:24:01.0010 4308 Netman - ok
    03:24:01.0016 4308 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    03:24:01.0036 4308 netprofm - ok
    03:24:01.0039 4308 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    03:24:01.0043 4308 NetTcpPortSharing - ok
    03:24:01.0047 4308 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    03:24:01.0052 4308 nfrd960 - ok
    03:24:01.0056 4308 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    03:24:01.0061 4308 NisDrv - ok
    03:24:01.0065 4308 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    03:24:01.0074 4308 NisSrv - ok
    03:24:01.0078 4308 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    03:24:01.0096 4308 NlaSvc - ok
    03:24:01.0099 4308 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    03:24:01.0116 4308 Npfs - ok
    03:24:01.0119 4308 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    03:24:01.0136 4308 nsi - ok
    03:24:01.0139 4308 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    03:24:01.0156 4308 nsiproxy - ok
    03:24:01.0171 4308 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    03:24:01.0188 4308 Ntfs - ok
    03:24:01.0191 4308 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    03:24:01.0209 4308 Null - ok
    03:24:01.0212 4308 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    03:24:01.0218 4308 NVHDA - ok
    03:24:01.0317 4308 [ 8917336C07FA25D37D460FE49195A7EA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    03:24:01.0427 4308 nvlddmkm - ok
    03:24:01.0432 4308 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    03:24:01.0438 4308 nvraid - ok
    03:24:01.0442 4308 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    03:24:01.0448 4308 nvstor - ok
    03:24:01.0456 4308 [ 37D1F21763FF1B40AE8715AA793B1A33 ] nvsvc C:\Windows\system32\nvvsvc.exe
    03:24:01.0468 4308 nvsvc - ok
    03:24:01.0478 4308 [ 16775FC73AC10DA31CF61382B1927FA4 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    03:24:01.0492 4308 nvUpdatusService - ok
    03:24:01.0496 4308 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    03:24:01.0501 4308 nv_agp - ok
    03:24:01.0504 4308 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    03:24:01.0510 4308 ohci1394 - ok
    03:24:01.0513 4308 [ D8A0164A79D4BFD6083945C5431E41E7 ] OpenVPNService C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
    03:24:01.0515 4308 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
    03:24:01.0515 4308 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
    03:24:01.0518 4308 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    03:24:01.0523 4308 ose - ok
    03:24:01.0559 4308 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    03:24:01.0603 4308 osppsvc - ok
    03:24:01.0610 4308 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    03:24:01.0617 4308 p2pimsvc - ok
    03:24:01.0623 4308 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    03:24:01.0631 4308 p2psvc - ok
    03:24:01.0634 4308 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    03:24:01.0640 4308 Parport - ok
    03:24:01.0643 4308 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    03:24:01.0648 4308 partmgr - ok
    03:24:01.0652 4308 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    03:24:01.0661 4308 PcaSvc - ok
    03:24:01.0665 4308 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    03:24:01.0671 4308 pci - ok
    03:24:01.0674 4308 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    03:24:01.0679 4308 pciide - ok
    03:24:01.0683 4308 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    03:24:01.0689 4308 pcmcia - ok
    03:24:01.0691 4308 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    03:24:01.0696 4308 pcw - ok
    03:24:01.0702 4308 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    03:24:01.0722 4308 PEAUTH - ok
    03:24:01.0738 4308 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    03:24:01.0744 4308 PerfHost - ok
    03:24:01.0758 4308 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    03:24:01.0783 4308 pla - ok
    03:24:01.0788 4308 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    03:24:01.0796 4308 PlugPlay - ok
    03:24:01.0799 4308 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    03:24:01.0801 4308 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
    03:24:01.0801 4308 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
    03:24:01.0803 4308 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    03:24:01.0809 4308 PNRPAutoReg - ok
    03:24:01.0813 4308 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    03:24:01.0820 4308 PNRPsvc - ok
    03:24:01.0825 4308 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    03:24:01.0845 4308 PolicyAgent - ok
    03:24:01.0849 4308 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    03:24:01.0868 4308 Power - ok
    03:24:01.0870 4308 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    03:24:01.0888 4308 PptpMiniport - ok
    03:24:01.0890 4308 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    03:24:01.0896 4308 Processor - ok
    03:24:01.0900 4308 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    03:24:01.0906 4308 ProfSvc - ok
    03:24:01.0909 4308 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    03:24:01.0914 4308 ProtectedStorage - ok
    03:24:01.0917 4308 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    03:24:01.0934 4308 Psched - ok
    03:24:01.0946 4308 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    03:24:01.0963 4308 ql2300 - ok
    03:24:01.0966 4308 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    03:24:01.0972 4308 ql40xx - ok
    03:24:01.0976 4308 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    03:24:01.0985 4308 QWAVE - ok
    03:24:01.0988 4308 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    03:24:01.0996 4308 QWAVEdrv - ok
    03:24:01.0998 4308 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    03:24:02.0016 4308 RasAcd - ok
    03:24:02.0018 4308 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    03:24:02.0036 4308 RasAgileVpn - ok
    03:24:02.0039 4308 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    03:24:02.0057 4308 RasAuto - ok
    03:24:02.0060 4308 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:24:02.0077 4308 Rasl2tp - ok
    03:24:02.0081 4308 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    03:24:02.0100 4308 RasMan - ok
    03:24:02.0103 4308 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    03:24:02.0121 4308 RasPppoe - ok
    03:24:02.0123 4308 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    03:24:02.0141 4308 RasSstp - ok
    03:24:02.0145 4308 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    03:24:02.0164 4308 rdbss - ok
    03:24:02.0166 4308 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    03:24:02.0173 4308 rdpbus - ok
    03:24:02.0175 4308 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:24:02.0193 4308 RDPCDD - ok
    03:24:02.0196 4308 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    03:24:02.0213 4308 RDPENCDD - ok
    03:24:02.0216 4308 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    03:24:02.0233 4308 RDPREFMP - ok
    03:24:02.0237 4308 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    03:24:02.0243 4308 RDPWD - ok
    03:24:02.0246 4308 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    03:24:02.0253 4308 rdyboost - ok
    03:24:02.0256 4308 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    03:24:02.0274 4308 RemoteAccess - ok
    03:24:02.0277 4308 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    03:24:02.0296 4308 RemoteRegistry - ok
    03:24:02.0298 4308 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    03:24:02.0316 4308 RpcEptMapper - ok
    03:24:02.0318 4308 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    03:24:02.0324 4308 RpcLocator - ok
    03:24:02.0329 4308 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    03:24:02.0349 4308 RpcSs - ok
    03:24:02.0352 4308 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    03:24:02.0369 4308 rspndr - ok
    03:24:02.0372 4308 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    03:24:02.0377 4308 SamSs - ok
    03:24:02.0380 4308 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    03:24:02.0385 4308 sbp2port - ok
    03:24:02.0388 4308 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    03:24:02.0407 4308 SCardSvr - ok
    03:24:02.0410 4308 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    03:24:02.0426 4308 scfilter - ok
    03:24:02.0435 4308 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    03:24:02.0459 4308 Schedule - ok
    03:24:02.0461 4308 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    03:24:02.0478 4308 SCPolicySvc - ok
    03:24:02.0482 4308 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    03:24:02.0488 4308 SDRSVC - ok
    03:24:02.0491 4308 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    03:24:02.0508 4308 secdrv - ok
    03:24:02.0511 4308 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    03:24:02.0529 4308 seclogon - ok
    03:24:02.0531 4308 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    03:24:02.0551 4308 SENS - ok
    03:24:02.0553 4308 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    03:24:02.0559 4308 SensrSvc - ok
    03:24:02.0561 4308 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    03:24:02.0567 4308 Serenum - ok
    03:24:02.0569 4308 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    03:24:02.0575 4308 Serial - ok
    03:24:02.0577 4308 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    03:24:02.0582 4308 sermouse - ok
    03:24:02.0587 4308 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    03:24:02.0605 4308 SessionEnv - ok
    03:24:02.0607 4308 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    03:24:02.0614 4308 sffdisk - ok
    03:24:02.0616 4308 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    03:24:02.0622 4308 sffp_mmc - ok
    03:24:02.0624 4308 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    03:24:02.0631 4308 sffp_sd - ok
    03:24:02.0633 4308 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    03:24:02.0638 4308 sfloppy - ok
    03:24:02.0643 4308 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    03:24:02.0662 4308 ShellHWDetection - ok
    03:24:02.0665 4308 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    03:24:02.0670 4308 SiSRaid2 - ok
    03:24:02.0672 4308 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    03:24:02.0677 4308 SiSRaid4 - ok
    03:24:02.0680 4308 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    03:24:02.0698 4308 Smb - ok
    03:24:02.0702 4308 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    03:24:02.0708 4308 SNMPTRAP - ok
    03:24:02.0710 4308 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    03:24:02.0715 4308 spldr - ok
    03:24:02.0720 4308 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    03:24:02.0729 4308 Spooler - ok
    03:24:02.0754 4308 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    03:24:02.0792 4308 sppsvc - ok
    03:24:02.0796 4308 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    03:24:02.0814 4308 sppuinotify - ok
    03:24:02.0819 4308 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    03:24:02.0826 4308 srv - ok
    03:24:02.0831 4308 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    03:24:02.0838 4308 srv2 - ok
    03:24:02.0841 4308 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    03:24:02.0847 4308 srvnet - ok
    03:24:02.0851 4308 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    03:24:02.0870 4308 SSDPSRV - ok
    03:24:02.0873 4308 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    03:24:02.0891 4308 SstpSvc - ok
    03:24:02.0892 4308 Steam Client Service - ok
    03:24:02.0898 4308 [ FAF7BF30B496E839A87C024E309B2A3F ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    03:24:02.0904 4308 Stereo Service - ok
    03:24:02.0908 4308 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    03:24:02.0912 4308 stexstor - ok
    03:24:02.0915 4308 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    03:24:02.0921 4308 StillCam - ok
    03:24:02.0927 4308 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    03:24:02.0939 4308 stisvc - ok
    03:24:02.0941 4308 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    03:24:02.0946 4308 swenum - ok
    03:24:02.0951 4308 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    03:24:02.0958 4308 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
    03:24:02.0959 4308 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
    03:24:02.0964 4308 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    03:24:02.0986 4308 swprv - ok
    03:24:02.0999 4308 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    03:24:03.0017 4308 SysMain - ok
    03:24:03.0020 4308 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    03:24:03.0029 4308 TabletInputService - ok
    03:24:03.0031 4308 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    03:24:03.0035 4308 tap0901 - ok
    03:24:03.0040 4308 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    03:24:03.0058 4308 TapiSrv - ok
    03:24:03.0061 4308 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    03:24:03.0079 4308 TBS - ok
    03:24:03.0093 4308 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    03:24:03.0113 4308 Tcpip - ok
    03:24:03.0127 4308 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    03:24:03.0146 4308 TCPIP6 - ok
    03:24:03.0149 4308 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    03:24:03.0167 4308 tcpipreg - ok
    03:24:03.0170 4308 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    03:24:03.0175 4308 TDPIPE - ok
    03:24:03.0178 4308 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    03:24:03.0182 4308 TDTCP - ok
    03:24:03.0186 4308 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    03:24:03.0204 4308 tdx - ok
    03:24:03.0206 4308 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    03:24:03.0211 4308 TermDD - ok
    03:24:03.0218 4308 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    03:24:03.0239 4308 TermService - ok
    03:24:03.0242 4308 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    03:24:03.0250 4308 Themes - ok
    03:24:03.0252 4308 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    03:24:03.0271 4308 THREADORDER - ok
    03:24:03.0291 4308 TivoBeacon2 - ok
    03:24:03.0295 4308 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    03:24:03.0314 4308 TrkWks - ok
    03:24:03.0317 4308 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    03:24:03.0335 4308 TrustedInstaller - ok
    03:24:03.0338 4308 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:24:03.0355 4308 tssecsrv - ok
    03:24:03.0357 4308 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    03:24:03.0362 4308 TsUsbFlt - ok
    03:24:03.0366 4308 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    03:24:03.0384 4308 tunnel - ok
    03:24:03.0386 4308 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    03:24:03.0391 4308 uagp35 - ok
    03:24:03.0395 4308 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    03:24:03.0414 4308 udfs - ok
    03:24:03.0419 4308 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    03:24:03.0426 4308 UI0Detect - ok
    03:24:03.0428 4308 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    03:24:03.0433 4308 uliagpkx - ok
    03:24:03.0435 4308 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    03:24:03.0441 4308 umbus - ok
    03:24:03.0443 4308 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    03:24:03.0448 4308 UmPass - ok
    03:24:03.0453 4308 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    03:24:03.0473 4308 upnphost - ok
    03:24:03.0476 4308 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    03:24:03.0481 4308 usbccgp - ok
    03:24:03.0484 4308 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    03:24:03.0491 4308 usbcir - ok
    03:24:03.0493 4308 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    03:24:03.0498 4308 usbehci - ok
    03:24:03.0503 4308 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    03:24:03.0510 4308 usbhub - ok
    03:24:03.0512 4308 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    03:24:03.0517 4308 usbohci - ok
    03:24:03.0519 4308 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    03:24:03.0526 4308 usbprint - ok
    03:24:03.0528 4308 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:24:03.0533 4308 USBSTOR - ok
    03:24:03.0535 4308 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    03:24:03.0540 4308 usbuhci - ok
    03:24:03.0543 4308 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    03:24:03.0561 4308 UxSms - ok
    03:24:03.0564 4308 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    03:24:03.0569 4308 VaultSvc - ok
    03:24:03.0571 4308 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    03:24:03.0576 4308 vdrvroot - ok
    03:24:03.0581 4308 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    03:24:03.0601 4308 vds - ok
    03:24:03.0604 4308 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    03:24:03.0610 4308 vga - ok
    03:24:03.0613 4308 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    03:24:03.0630 4308 VgaSave - ok
    03:24:03.0634 4308 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    03:24:03.0640 4308 vhdmp - ok
    03:24:03.0643 4308 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    03:24:03.0647 4308 viaide - ok
    03:24:03.0651 4308 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    03:24:03.0656 4308 volmgr - ok
    03:24:03.0661 4308 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    03:24:03.0668 4308 volmgrx - ok
    03:24:03.0672 4308 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    03:24:03.0679 4308 volsnap - ok
    03:24:03.0682 4308 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    03:24:03.0688 4308 vsmraid - ok
    03:24:03.0701 4308 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    03:24:03.0727 4308 VSS - ok
    03:24:03.0730 4308 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    03:24:03.0736 4308 vwifibus - ok
    03:24:03.0741 4308 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    03:24:03.0760 4308 W32Time - ok
    03:24:03.0763 4308 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    03:24:03.0769 4308 WacomPen - ok
    03:24:03.0771 4308 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    03:24:03.0788 4308 WANARP - ok
    03:24:03.0791 4308 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    03:24:03.0808 4308 Wanarpv6 - ok
    03:24:03.0818 4308 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    03:24:03.0832 4308 WatAdminSvc - ok
    03:24:03.0844 4308 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    03:24:03.0859 4308 wbengine - ok
    03:24:03.0863 4308 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    03:24:03.0872 4308 WbioSrvc - ok
    03:24:03.0877 4308 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    03:24:03.0887 4308 wcncsvc - ok
    03:24:03.0891 4308 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    03:24:03.0897 4308 WcsPlugInService - ok
    03:24:03.0899 4308 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    03:24:03.0904 4308 Wd - ok
    03:24:03.0910 4308 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    03:24:03.0920 4308 Wdf01000 - ok
    03:24:03.0922 4308 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    03:24:03.0931 4308 WdiServiceHost - ok
    03:24:03.0933 4308 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    03:24:03.0942 4308 WdiSystemHost - ok
    03:24:03.0946 4308 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    03:24:03.0956 4308 WebClient - ok
    03:24:03.0959 4308 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    03:24:03.0979 4308 Wecsvc - ok
    03:24:03.0981 4308 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    03:24:03.0999 4308 wercplsupport - ok
    03:24:04.0002 4308 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    03:24:04.0020 4308 WerSvc - ok
    03:24:04.0022 4308 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    03:24:04.0040 4308 WfpLwf - ok
    03:24:04.0043 4308 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    03:24:04.0048 4308 WIMMount - ok
    03:24:04.0050 4308 WinHttpAutoProxySvc - ok
    03:24:04.0057 4308 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    03:24:04.0076 4308 Winmgmt - ok
    03:24:04.0090 4308 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    03:24:04.0119 4308 WinRM - ok
    03:24:04.0123 4308 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    03:24:04.0129 4308 WinUsb - ok
    03:24:04.0137 4308 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    03:24:04.0150 4308 Wlansvc - ok
    03:24:04.0152 4308 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    03:24:04.0157 4308 WmiAcpi - ok
    03:24:04.0162 4308 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    03:24:04.0169 4308 wmiApSrv - ok
    03:24:04.0171 4308 WMPNetworkSvc - ok
    03:24:04.0173 4308 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    03:24:04.0179 4308 WPCSvc - ok
    03:24:04.0182 4308 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    03:24:04.0188 4308 WPDBusEnum - ok
    03:24:04.0191 4308 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    03:24:04.0209 4308 ws2ifsl - ok
    03:24:04.0210 4308 WSearch - ok
    03:24:04.0214 4308 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    03:24:04.0232 4308 WudfPf - ok
    03:24:04.0235 4308 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:24:04.0252 4308 WUDFRd - ok
    03:24:04.0255 4308 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    03:24:04.0272 4308 wudfsvc - ok
    03:24:04.0276 4308 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    03:24:04.0286 4308 WwanSvc - ok
    03:24:04.0292 4308 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    03:24:04.0300 4308 YahooAUService - ok
    03:24:04.0304 4308 ================ Scan global ===============================
    03:24:04.0306 4308 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    03:24:04.0309 4308 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    03:24:04.0313 4308 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    03:24:04.0316 4308 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    03:24:04.0320 4308 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    03:24:04.0321 4308 [Global] - ok
    03:24:04.0322 4308 ================ Scan MBR ==================================
    03:24:04.0323 4308 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    03:24:04.0394 4308 \Device\Harddisk0\DR0 - ok
    03:24:04.0396 4308 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    03:24:04.0416 4308 \Device\Harddisk1\DR1 - ok
    03:24:04.0438 4308 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
    03:24:04.0500 4308 \Device\Harddisk2\DR2 - ok
    03:24:04.0502 4308 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
    03:24:04.0525 4308 \Device\Harddisk3\DR3 - ok
    03:24:04.0531 4308 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk4\DR4
    03:24:04.0704 4308 \Device\Harddisk4\DR4 - ok
    03:24:04.0704 4308 ================ Scan VBR ==================================
    03:24:04.0706 4308 [ DFE69C27BEBE97DC5D3C7F593A2FCBC2 ] \Device\Harddisk0\DR0\Partition1
    03:24:04.0707 4308 \Device\Harddisk0\DR0\Partition1 - ok
    03:24:04.0708 4308 [ D8B263DB5A321ED1C2D89AF7B947ED20 ] \Device\Harddisk0\DR0\Partition2
    03:24:04.0709 4308 \Device\Harddisk0\DR0\Partition2 - ok
    03:24:04.0711 4308 [ 3DBB43452688697AF0EA65D6B9C2DE45 ] \Device\Harddisk1\DR1\Partition1
    03:24:04.0712 4308 \Device\Harddisk1\DR1\Partition1 - ok
    03:24:04.0714 4308 [ 79A01381DC690A607446D431CBDB54A8 ] \Device\Harddisk2\DR2\Partition1
    03:24:04.0715 4308 \Device\Harddisk2\DR2\Partition1 - ok
    03:24:04.0717 4308 [ 7F3403343E2D9EB4369C880E2E02FE43 ] \Device\Harddisk3\DR3\Partition1
    03:24:04.0718 4308 \Device\Harddisk3\DR3\Partition1 - ok
    03:24:04.0722 4308 [ D577F8F1A985933FA3BACF3900BAD56F ] \Device\Harddisk4\DR4\Partition1
    03:24:04.0724 4308 \Device\Harddisk4\DR4\Partition1 - ok
    03:24:04.0725 4308 ============================================================
    03:24:04.0725 4308 Scan finished
    03:24:04.0725 4308 ============================================================
    03:24:04.0730 7040 Detected object count: 5
    03:24:04.0730 7040 Actual detected object count: 5
    03:24:59.0992 7040 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
    03:24:59.0992 7040 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:24:59.0993 7040 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    03:24:59.0993 7040 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:24:59.0994 7040 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
    03:24:59.0994 7040 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:24:59.0996 7040 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
    03:24:59.0996 7040 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    03:24:59.0997 7040 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
    03:24:59.0997 7040 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
  19. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    ComboFix 12-11-16.01 - Josh 11/16/2012 4:07.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8152.6332 [GMT -5:00]
    Running from: c:\users\Josh\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\program files (x86)\Coupons.com CouponBar\tbHElper.dll
    c:\programdata\dsgsdgdsgdsgw.pad
    c:\users\Amber\g2mdlhlpx.exe
    c:\users\Josh\AppData\Roaming\chrtmp
    c:\users\Josh\g2mdlhlpx.exe
    F:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-16 09:10 . 2012-11-16 09:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-11-16 09:10 . 2012-11-16 09:10 -------- d-----w- c:\users\New Ebay account\AppData\Local\temp
    2012-11-16 09:10 . 2012-11-16 09:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-16 09:10 . 2012-11-16 09:10 -------- d-----w- c:\users\Amber\AppData\Local\temp
    2012-11-14 12:02 . 2012-11-14 12:02 -------- d-----w- C:\FRST
    2012-11-14 05:55 . 2012-11-14 05:55 -------- d-sh--w- c:\windows\ftpcache
    2012-11-14 05:55 . 2012-11-14 05:55 -------- d-----w- c:\users\Josh\AppData\Local\HP
    2012-11-14 05:54 . 2012-11-14 05:54 -------- d-----w- c:\programdata\HP
    2012-11-14 05:54 . 2012-11-14 05:54 608 --sha-w- c:\windows\system32\winzvprt5.sys
    2012-11-14 05:54 . 2012-11-14 05:54 -------- d-----w- c:\program files\HP
    2012-11-14 05:54 . 2010-04-09 20:08 23352 ------w- c:\windows\system32\hppfaxprintermonui5.dll
    2012-11-14 05:54 . 2010-04-09 20:08 28984 ------w- c:\windows\system32\hppfaxprintermon5.dll
    2012-11-14 05:53 . 2012-11-14 05:53 -------- d-----w- c:\users\Josh\AppData\Roaming\Hewlett-Packard Company
    2012-11-14 05:52 . 2012-11-14 05:53 -------- d-----w- c:\programdata\Hewlett-Packard
    2012-11-14 05:52 . 2010-03-25 17:29 323584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp101.dll
    2012-11-14 05:18 . 2010-04-22 20:59 977720 ----a-w- c:\windows\system32\hpxp1530_x64.dll
    2012-11-14 05:18 . 2010-04-22 20:58 1151800 ----a-w- c:\windows\system32\hpptsp06_x64.dll
    2012-11-14 05:18 . 2010-04-22 20:58 752440 ----a-w- c:\windows\SysWow64\hpptsp06.dll
    2012-11-14 05:18 . 2010-04-22 20:58 218936 ----a-w- c:\windows\system32\hppscancoins64.dll
    2012-11-14 05:18 . 2010-04-22 20:58 318264 ----a-w- c:\windows\system32\hpbcoins64.dll
    2012-11-14 05:18 . 2010-03-25 14:53 86528 ----a-w- c:\windows\system32\hppdcompio.dll
    2012-11-14 05:18 . 2010-03-25 14:52 79872 ----a-w- c:\windows\SysWow64\hppccompio.dll
    2012-11-14 05:18 . 2010-03-25 17:29 176128 ----a-w- c:\windows\system32\hpcpn101.dll
    2012-11-14 05:18 . 2010-03-25 17:26 305664 ----a-w- c:\windows\SysWow64\hpcc3101.dll
    2012-11-14 05:18 . 2010-02-11 15:19 491008 ----a-w- c:\windows\SysWow64\hpcdmc32.dll
    2012-11-14 05:18 . 2012-11-14 05:54 -------- d-----w- c:\program files (x86)\HP
    2012-11-11 14:47 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACB7CDA6-5BB2-4670-ACDF-6D45ABB9B24A}\mpengine.dll
    2012-11-05 08:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-05 04:04 . 2012-11-05 04:04 -------- d-----w- c:\users\Josh\AppData\Roaming\VC 2 Paradise Resort
    2012-11-05 04:04 . 2012-11-05 04:04 -------- d-----w- c:\users\Josh\AppData\Local\VC 2 Paradise Resort
    2012-11-04 20:01 . 2012-11-04 20:01 -------- d-----w- c:\programdata\Playrix Entertainment
    2012-11-04 19:15 . 2012-11-04 19:15 -------- d-----w- c:\users\Josh\AppData\Roaming\Mean Hamster Software
    2012-11-04 19:15 . 2012-11-04 19:15 -------- d-----w- c:\programdata\Mean Hamster Software
    2012-10-29 14:51 . 2012-10-29 14:51 -------- d-----w- c:\users\Josh\AppData\Roaming\Namco
    2012-10-29 14:51 . 2012-10-29 14:51 -------- d-----w- c:\programdata\Namco
    2012-10-27 15:28 . 2012-10-27 15:28 -------- d-----w- c:\programdata\eBay
    2012-10-27 15:28 . 2012-10-27 15:28 -------- d-----w- c:\program files (x86)\eBay
    2012-10-19 06:06 . 2012-10-19 06:07 -------- d-----w- c:\users\Josh\AppData\Roaming\CDisplayEx
    2012-10-19 06:06 . 2012-10-19 06:06 -------- d-----w- c:\program files (x86)\CDisplayEx
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 23:11 . 2012-10-09 23:11 49152 ----a-r- c:\windows\SysWow64\inetwh32.dll
    2012-10-09 23:11 . 2012-10-09 23:11 1044480 ----a-r- c:\windows\SysWow64\roboex32.dll
    2012-10-09 06:19 . 2012-07-17 15:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 06:19 . 2012-07-17 15:27 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-30 00:54 . 2012-09-20 02:30 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-29 19:30 . 2012-09-29 19:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-29 19:30 . 2012-07-19 21:56 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-29 19:30 . 2012-07-19 21:56 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-20 03:45 . 2012-09-20 03:45 328704 ----a-w- c:\windows\system32\services.exe.4CDA5267D3D73056
    2012-09-20 03:41 . 2012-09-20 03:41 328704 ----a-w- c:\windows\system32\services.exe.8EEB077EB22E9072
    2012-09-20 03:38 . 2012-09-20 03:38 328704 ----a-w- c:\windows\system32\services.exe.A6D6C5163A06BE3D
    2012-09-20 03:36 . 2012-09-20 03:36 328704 ----a-w- c:\windows\system32\services.exe.898782B8D2797198
    2012-09-20 03:33 . 2012-09-20 03:33 328704 ----a-w- c:\windows\system32\services.exe.AED1D8513DB96E15
    2012-09-20 03:30 . 2012-09-20 03:30 328704 ----a-w- c:\windows\system32\services.exe.51BBD7E4C3E03003
    2012-09-20 03:28 . 2012-09-20 03:28 328704 ----a-w- c:\windows\system32\services.exe.5ACF7B799A8644D0
    2012-09-20 03:25 . 2012-09-20 03:25 328704 ----a-w- c:\windows\system32\services.exe.5ED602166F37B32B
    2012-09-20 03:21 . 2012-09-20 03:21 328704 ----a-w- c:\windows\system32\services.exe.C46F0F853C975B3D
    2012-09-20 03:18 . 2012-09-20 03:18 328704 ----a-w- c:\windows\system32\services.exe.86D2522B8F4AECF2
    2012-09-20 03:15 . 2012-09-20 03:15 328704 ----a-w- c:\windows\system32\services.exe.DFE44FEB37CBA4EF
    2012-09-20 02:40 . 2012-09-20 02:40 328704 ----a-w- c:\windows\system32\services.exe.5A69C4598E34BEE8
    2012-09-20 02:37 . 2012-09-20 02:37 328704 ----a-w- c:\windows\system32\services.exe.150F2C2F8A603280
    2012-09-20 02:34 . 2012-09-20 02:34 328704 ----a-w- c:\windows\system32\services.exe.F2D398AE30B1CE74
    2012-09-20 02:31 . 2012-09-20 02:31 328704 ----a-w- c:\windows\system32\services.exe.C0A99E4817514E8C
    2012-09-13 07:00 . 2012-07-16 18:12 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-09-06 13:55 . 2012-09-06 13:55 474 ----a-w- c:\program files (x86)\090620129553365.bat
    2012-08-31 11:25 . 2012-07-17 15:35 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-08-31 11:25 . 2012-07-17 15:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-08-22 18:12 . 2012-09-12 11:34 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 11:34 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 11:34 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 11:34 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-05-26 2695168]
    .
    [HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="e:\programs\steam\Steam.exe" [2012-08-18 1353080]
    "TivoServer"="e:\programs\TiVoServer.exe" [2010-08-24 2264336]
    "TivoTransfer"="e:\programs\TiVoTransfer.exe" [2010-08-24 608528]
    "TivoNotify"="e:\programs\TiVoNotify.exe" [2010-08-24 437520]
    "TranscodingService"="e:\programs\Plus\\TranscodingService.exe" [2010-08-24 856336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
    .
    c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2012-7-18 0]
    MagicDisc.lnk - e:\programs\MagicDisc\MagicDisc.exe [2012-7-24 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-16 1255736]
    R4 TivoBeacon2;TiVo Beacon Service;e:\programs\TiVoBeacon.exe [2010-08-24 1104656]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-12 382312]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17 06:19]
    .
    2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 15:27]
    .
    2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 15:27]
    .
    2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728356122-4016808283-4161673576-1000Core.job
    - c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 19:47]
    .
    2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728356122-4016808283-4161673576-1000UA.job
    - c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 19:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "HP LaserJet Professional M1530 MFP Series Fax"="c:\program files\HP\HP LaserJet Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 3707704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    mStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 209.6.86.178 208.59.247.45 208.59.247.46
    FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3k975bs9.default\
    FF - prefs.js: network.proxy.http - 210.212.29.147
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-09-25 21:45; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3k975bs9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-16 04:12:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-16 09:12
    .
    Pre-Run: 9,015,451,648 bytes free
    Post-Run: 8,854,224,896 bytes free
    .
    - - End Of File - - A94540CFDF72E70F62D530F36EC9A102
  20. infectedpeer

    infectedpeer TS Rookie Topic Starter Posts: 19

    Thank you so much for your help, I really appreciate it
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Next steps...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.