Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe And trojans


  • Please log in to reply
35 replies to this topic

#1 SSROCK101

SSROCK101

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 16 March 2014 - 01:18 AM

Hello, Would love some help on this! Recently my computer has been locking down my files (Documents, Various Norton scans, Also System Restore. They all wont let me open them. Every time I do a Norton scan under safe mode it says it removes "WS.TROJAN.H". But the next day I do the scan it says the same thing every day. The file names that come up in Norton are "svchost.exe" And "conhost,exe". Svchost.exe is also taking up a lot of my cpu.. I've contacted Norton multiple times but they don't know how to remove it.. Also it wont let me search for .exe's in my windows search bar. It also deleted my "Malware bytes anti malware" :(

 

Picture of it not letting me access my documents:

c3446bca8129ac9154708142fa1fa8a0.png

 

 

Picture of it trying to edit Norton and not let me use the power eraser:

f2dbf16d8a377de460b3db78a991e18a.png

 

Thanks to anyone who has some help with this. Appreciate it :)


Edited by SSROCK101, 16 March 2014 - 01:20 AM.


BC AdBot (Login to Remove)

 


#2 SSROCK101

SSROCK101
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 16 March 2014 - 04:47 PM

Any help? :( Its making my computer really slow



#3 SSROCK101

SSROCK101
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 19 March 2014 - 06:55 AM

:(



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 19 March 2014 - 07:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Restart the computer normally.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 SSROCK101

SSROCK101
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 20 March 2014 - 02:02 AM

Thank you so much for your help @nasdaq I appreciate it a lot! The logs you requested are below and addition.txt is attached! Junkware removal tool wouldn't work though, It gave me this error: 97714253d90a093909c48b2e743ffe82.png

 

 

Roguekiller Logs:

 

RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shane [Admin rights]
Mode : Remove -- Date : 03/20/2014 02:32:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ( @ )  +++++
--- User ---
[MBR] 1bc1818dafe2620c738c64be2bc8da57
[BSP] c31048e926e3ef1c86eaff910c3ba56a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14142 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29044736 | Size: 939686 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03202014_023243.txt >>
RKreport[0]_S_03202014_023134.txt

 

 

 

AdwCleaner Logs:

 

# AdwCleaner v3.022 - Report created 20/03/2014 at 02:41:22
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Shane - BAILEYREALCOMP
# Running from : C:\Users\Shane\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1946 octets] - [20/03/2014 02:37:09]
AdwCleaner[S0].txt - [1793 octets] - [20/03/2014 02:41:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1853 octets] ##########

 

FRST Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Shane (administrator) on BAILEYREALCOMP on 20-03-2014 02:49:45
Running from C:\Users\Shane\Desktop\Farbar
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3833890732-3850872918-1266211641-1001\...\MountPoints2: {dce79244-935d-11e0-86ba-806e6f6e6963} - D:\Start.exe
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2AE4FB4C140CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-07]
CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-07]
CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-07]
CHR Extension: (Google Search) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-07]
CHR Extension: (Google Wallet) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-07]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] ()

==================== Drivers (Whitelisted) ====================

R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SymDSMon; C:\windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\windows\SysWOW64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S4 SMR410; System32\drivers\SMR410.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-20 02:49 - 2014-03-20 02:49 - 00000000 ____D () C:\FRST
2014-03-20 02:48 - 2014-03-20 02:49 - 00000000 ____D () C:\Users\Shane\Desktop\Farbar
2014-03-20 02:45 - 2014-03-20 02:45 - 01037734 _____ (Thisisu) C:\Users\Shane\Downloads\JRT.exe
2014-03-20 02:37 - 2014-03-20 02:41 - 00000000 ____D () C:\AdwCleaner
2014-03-20 02:36 - 2014-03-20 02:36 - 01950720 _____ () C:\Users\Shane\Downloads\adwcleaner.exe
2014-03-20 02:32 - 2014-03-20 02:32 - 00001672 _____ () C:\Users\Shane\Desktop\RKreport[0]_D_03202014_023243.txt
2014-03-20 02:31 - 2014-03-20 02:31 - 00001623 _____ () C:\Users\Shane\Desktop\RKreport[0]_S_03202014_023134.txt
2014-03-20 02:29 - 2014-03-20 02:34 - 00000000 ____D () C:\Users\Shane\Desktop\RK_Quarantine
2014-03-20 02:29 - 2014-03-20 02:29 - 04497920 _____ () C:\Users\Shane\Downloads\RogueKillerX64.exe
2014-03-20 01:17 - 2014-03-20 01:17 - 00000727 _____ () C:\Users\Shane\Downloads\config.yml - Shortcut.lnk
2014-03-20 01:12 - 2014-03-20 01:12 - 00040024 _____ () C:\Users\Shane\Downloads\config (84).yml
2014-03-20 01:09 - 2014-03-20 01:09 - 00023282 _____ () C:\Users\Shane\Downloads\config (82).yml
2014-03-19 23:13 - 2014-03-19 23:13 - 00000017 _____ () C:\Users\Shane\Downloads\config (81).yml
2014-03-19 22:58 - 2014-03-19 22:58 - 00023687 _____ () C:\Users\Shane\Downloads\ClaimLevels.jar
2014-03-19 08:36 - 2014-03-19 08:36 - 00017592 _____ () C:\Users\Shane\Desktop\Restore Report 03-19-2014 08-32-37AM.html
2014-03-19 05:47 - 2014-03-19 05:47 - 00000826 _____ () C:\Users\Shane\Downloads\MA3.schematic
2014-03-19 03:29 - 2014-03-19 03:29 - 00000643 _____ () C:\Users\Shane\Downloads\commands.yml
2014-03-19 03:28 - 2014-03-19 03:28 - 00002933 _____ () C:\Users\Shane\Downloads\bukkit (3).yml
2014-03-19 03:25 - 2014-03-19 03:28 - 00000999 _____ () C:\Users\Shane\Downloads\custom.txt
2014-03-19 02:45 - 2014-03-19 02:45 - 00002828 _____ () C:\Users\Shane\Downloads\custom_help.jar
2014-03-19 01:02 - 2014-03-19 01:02 - 00209325 _____ () C:\Users\Shane\Downloads\latest (16).log
2014-03-19 00:54 - 2014-03-20 02:17 - 00000593 _____ () C:\Users\Shane\Downloads\config.yml
2014-03-19 00:37 - 2014-03-19 00:37 - 00698982 _____ () C:\Users\Shane\Downloads\NoCheatPlus.jar
2014-03-18 23:44 - 2014-03-18 23:44 - 00059951 _____ () C:\Users\Shane\Downloads\GAListener.jar
2014-03-18 23:38 - 2014-03-18 23:38 - 00004096 _____ () C:\Users\Shane\Downloads\GAL.db
2014-03-18 23:14 - 2014-03-18 23:14 - 00000509 _____ () C:\Users\Shane\Downloads\vote_counts (4).txt
2014-03-18 05:32 - 2014-03-18 05:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Shane\Downloads\mbar-1.07.0.1009 (1).exe
2014-03-18 01:35 - 2014-03-18 01:36 - 00001059 _____ () C:\Users\Shane\Downloads\oeghise.yml
2014-03-18 01:30 - 2014-03-18 01:30 - 00008700 _____ () C:\Users\Shane\Downloads\vote.log
2014-03-18 00:35 - 2014-03-18 00:35 - 00002331 _____ () C:\Users\Shane\Downloads\config (80).yml
2014-03-17 23:34 - 2014-03-17 23:34 - 00007985 _____ () C:\Users\Shane\Downloads\SgHAHA.schematic
2014-03-17 23:16 - 2014-03-17 23:17 - 00008353 _____ () C:\Users\Shane\Downloads\config (79).yml
2014-03-17 22:47 - 2014-03-17 22:47 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 22:07 - 2014-03-17 22:09 - 211811872 _____ (Symantec Corporation) C:\Users\Shane\Downloads\N360-TW-21.1.0-EN-US (1).exe
2014-03-17 21:46 - 2014-03-17 21:46 - 00059951 _____ () C:\Users\Shane\Documents\GAListener.jar
2014-03-17 01:14 - 2014-03-17 01:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Shane\Downloads\tdsskiller (1).exe
2014-03-17 01:11 - 2014-03-17 01:11 - 03053496 ____N (Symantec Corporation) C:\Users\Shane\Downloads\NPE.exe
2014-03-17 01:11 - 2014-03-17 01:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-17 01:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-17 01:10 - 2014-03-17 01:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shane\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-17 01:00 - 2014-03-17 01:03 - 211811872 ____N (Symantec Corporation) C:\Users\Shane\Downloads\N360-TW-21.1.0-EN-US.exe
2014-03-16 22:49 - 2014-03-16 22:49 - 00782443 _____ () C:\Users\Shane\Downloads\latest (15).log
2014-03-16 20:39 - 2014-03-16 20:39 - 00001229 _____ () C:\temp896.bat
2014-03-16 20:39 - 2014-03-16 20:39 - 00001209 _____ () C:\temp943.bat
2014-03-16 20:30 - 2014-03-16 20:30 - 00000207 _____ () C:\windows\tweaking.com-regbackup-BAILEYREALCOMP--(64-bit).dat
2014-03-16 20:29 - 2014-03-16 20:29 - 00000000 ____D () C:\RegBackup
2014-03-16 20:29 - 2014-03-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-16 19:33 - 2014-03-16 19:36 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\Norton Utilities
2014-03-16 19:30 - 2014-03-19 20:17 - 00000260 _____ () C:\windows\Tasks\NUSchedule.job
2014-03-16 19:30 - 2014-03-16 19:31 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 15
2014-03-16 19:30 - 2014-03-16 19:30 - 00002836 _____ () C:\windows\System32\Tasks\NUSchedule
2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ____D () C:\Users\Shane\Documents\UnErase
2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ____D () C:\ProgramData\Symantec
2014-03-16 19:30 - 2010-11-30 02:24 - 01101824 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBox210.ocx
2014-03-16 19:30 - 2010-11-30 02:24 - 00880640 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBox10.ocx
2014-03-16 19:30 - 2010-11-30 02:24 - 00506368 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml.dll
2014-03-16 19:30 - 2010-11-30 02:24 - 00212992 _____ (Woodbury Associates Limited) C:\windows\SysWOW64\UniBoxVB12.ocx
2014-03-16 19:30 - 2010-11-30 02:24 - 00191232 _____ (Symantec Corporation) C:\windows\system32\Drivers\SymDSMon.sys
2014-03-16 19:30 - 2010-11-30 02:24 - 00163384 _____ (Symantec Corporation) C:\windows\system32\Drivers\SymSpeedDisk.sys
2014-03-16 19:30 - 2010-11-30 02:24 - 00108800 _____ (Symantec Corporation) C:\windows\SysWOW64\Drivers\SymSpeedDisk.sys
2014-03-16 19:30 - 2010-11-30 02:23 - 00044544 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml4a.dll
2014-03-16 19:30 - 2010-11-30 02:23 - 00039784 _____ () C:\windows\system32\CleanMFT64.exe
2014-03-16 19:21 - 2014-03-16 19:22 - 00000000 ____D () C:\Users\norton\AppData\Local\NPE
2014-03-16 19:21 - 2014-03-16 19:21 - 03221720 _____ () C:\Users\norton\Desktop\AutoRuns.arn
2014-03-16 19:13 - 2014-03-16 19:13 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\norton\Downloads\autoruns.exe
2014-03-16 19:13 - 2014-03-16 19:13 - 00000000 ____D () C:\Users\norton\AppData\Roaming\Adobe
2014-03-16 19:12 - 2014-03-16 19:39 - 00000000 ____D () C:\Users\norton
2014-03-16 19:12 - 2014-03-16 19:12 - 00000020 ___SH () C:\Users\norton\ntuser.ini
2014-03-16 19:12 - 2011-06-10 07:19 - 00000000 ____D () C:\Users\norton\AppData\Local\SoftThinks
2014-03-16 19:12 - 2011-06-10 06:58 - 00000000 ___RD () C:\Users\norton\Desktop\Play Games
2014-03-16 19:12 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-16 19:12 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-16 19:01 - 2014-03-16 19:01 - 00000000 ____D () C:\ProgramData\Norton VRQ
2014-03-16 18:58 - 2014-03-16 21:37 - 00000000 ____D () C:\Users\Shane\AppData\Local\LogMeIn Rescue Applet
2014-03-16 02:01 - 2014-03-16 02:01 - 00000909 _____ () C:\Users\Shane\VRQTool.log
2014-03-16 01:55 - 2014-03-16 01:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Shane\Downloads\tdsskiller.exe
2014-03-16 01:26 - 2014-03-16 01:26 - 00000793 _____ () C:\Users\Shane\Downloads\treekangaroo1208.yml
2014-03-16 01:03 - 2014-03-19 23:04 - 00000354 _____ () C:\Users\Shane\Downloads\language.yml
2014-03-16 00:48 - 2014-03-16 04:47 - 00585893 _____ () C:\Users\Shane\Downloads\2014-03-15-1.log
2014-03-16 00:47 - 2014-03-16 00:47 - 00073063 _____ () C:\Users\Shane\Downloads\2014-03-15-1.log.gz
2014-03-15 22:08 - 2014-03-15 22:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-15 22:08 - 2014-03-15 22:09 - 00000000 ____D () C:\Program Files\iTunes
2014-03-15 22:08 - 2014-03-15 22:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-15 22:04 - 2014-03-15 22:07 - 148885840 _____ (Apple Inc.) C:\Users\Shane\Downloads\iTunes64Setup (1).exe
2014-03-15 19:42 - 2014-03-16 19:01 - 00001831 _____ () C:\Users\Public\Desktop\VRQ.lnk
2014-03-15 19:42 - 2014-03-16 19:01 - 00000000 ____D () C:\Program Files (x86)\VRQ
2014-03-15 19:38 - 2014-03-15 19:38 - 01526624 _____ (LogMeIn, Inc.) C:\Users\Shane\Downloads\Support-LogMeInRescue (2).exe
2014-03-15 16:17 - 2014-03-15 19:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-15 16:15 - 2014-03-18 05:32 - 00000000 ____D () C:\Users\Shane\Desktop\mbar
2014-03-15 16:15 - 2014-03-15 16:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Shane\Downloads\mbar-1.07.0.1009.exe
2014-03-15 02:38 - 2014-03-15 02:38 - 00991232 _____ () C:\Users\Shane\Downloads\MicrosoftFixit50267.msi
2014-03-15 00:16 - 2014-03-15 00:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shane\Downloads\mbam-consumer.exe
2014-03-15 00:04 - 2014-03-15 00:04 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\Malwarebytes
2014-03-15 00:03 - 2014-03-15 00:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-15 00:02 - 2014-03-15 00:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shane\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-15 00:00 - 2014-03-15 00:00 - 00002949 _____ () C:\Users\Shane\Desktop\aswMBR.txt
2014-03-15 00:00 - 2014-03-15 00:00 - 00000512 _____ () C:\Users\Shane\Desktop\MBR.dat
2014-03-14 23:59 - 2014-03-14 23:59 - 04745728 _____ (AVAST Software) C:\Users\Shane\Downloads\aswMBR.exe
2014-03-14 23:57 - 2014-03-14 23:57 - 00000000 ____D () C:\Users\Shane\Downloads\tdsskiller
2014-03-14 23:56 - 2014-03-14 23:57 - 04110135 _____ () C:\Users\Shane\Downloads\tdsskiller.zip
2014-03-14 23:52 - 2014-03-14 23:53 - 00002358 _____ () C:\Users\Shane\Desktop\Rkill.txt
2014-03-14 23:47 - 2014-03-14 23:47 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Shane\Downloads\rkill.exe
2014-03-14 20:51 - 2014-03-14 20:51 - 00000509 _____ () C:\Users\Shane\Downloads\DeeCannon.schematic
2014-03-14 19:27 - 2014-03-14 19:35 - 00012429 _____ () C:\Users\Shane\Documents\advanced.yml
2014-03-14 19:27 - 2014-03-14 19:33 - 00011970 _____ () C:\Users\Shane\Documents\config.yml
2014-03-14 01:16 - 2014-03-14 01:24 - 00258831 _____ () C:\Users\Shane\Documents\multiworld.jar
2014-03-14 01:04 - 2014-03-14 01:04 - 00001335 _____ () C:\Users\Shane\Downloads\config (78).yml
2014-03-14 00:58 - 2014-03-14 20:08 - 00012983 _____ () C:\Users\Shane\Documents\language.yml
2014-03-14 00:40 - 2014-03-14 00:40 - 00001335 _____ () C:\Users\Shane\Downloads\config (77).yml
2014-03-14 00:34 - 2014-03-14 00:34 - 00001313 _____ () C:\Users\Shane\Downloads\config (76).yml
2014-03-14 00:28 - 2014-03-14 00:28 - 00010514 _____ () C:\Users\Shane\Downloads\language (1).yml
2014-03-14 00:21 - 2014-03-14 00:21 - 00000058 _____ () C:\Users\Shane\Downloads\orphanLots (3).ser
2014-03-14 00:18 - 2014-03-14 00:18 - 00001313 _____ () C:\Users\Shane\Downloads\config (75).yml
2014-03-14 00:02 - 2014-03-20 01:13 - 00000388 _____ () C:\windows\Tasks\update-sys.job
2014-03-14 00:02 - 2014-03-20 00:19 - 00000388 _____ () C:\windows\Tasks\update-S-1-5-21-3833890732-3850872918-1266211641-1001.job
2014-03-14 00:02 - 2014-03-15 21:45 - 00000059 _____ () C:\Users\Shane\AppData\Local\UserProducts.xml
2014-03-14 00:02 - 2014-03-14 00:02 - 02182024 _____ (Skillbrains ) C:\Users\Shane\Downloads\setup-lightshot.exe
2014-03-14 00:02 - 2014-03-14 00:02 - 00003284 _____ () C:\windows\System32\Tasks\update-sys
2014-03-14 00:02 - 2014-03-14 00:02 - 00003262 _____ () C:\windows\System32\Tasks\update-S-1-5-21-3833890732-3850872918-1266211641-1001
2014-03-14 00:02 - 2014-03-14 00:02 - 00000003 _____ () C:\Users\Shane\AppData\Local\updater.log
2014-03-14 00:02 - 2014-03-14 00:02 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-03-13 18:59 - 2014-03-13 18:59 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-13 18:58 - 2014-03-13 18:58 - 02281080 _____ (Symantec Corporation ) C:\Users\Shane\Downloads\VRQ_Installer.exe
2014-03-13 18:55 - 2014-03-13 18:55 - 01526624 _____ (LogMeIn, Inc.) C:\Users\Shane\Downloads\Support-LogMeInRescue (1).exe
2014-03-13 18:20 - 2014-03-13 18:20 - 00007605 _____ () C:\Users\Shane\AppData\Local\Resmon.ResmonCfg
2014-03-13 04:44 - 2014-03-13 04:44 - 00001830 _____ () C:\Users\Shane\Documents\Unname.jar
2014-03-13 04:02 - 2014-03-13 04:02 - 00092671 _____ () C:\Users\Shane\Downloads\Void World.rar
2014-03-13 03:42 - 2014-03-13 03:42 - 00325807 _____ () C:\Users\Shane\Documents\Multiverse-Core-2.4.jar
2014-03-12 23:02 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 23:02 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 23:02 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 23:02 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 23:02 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 23:02 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 23:02 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 23:02 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 23:02 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 23:02 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 23:02 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 23:02 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 23:02 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 23:02 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 23:02 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 23:02 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-12 23:02 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 23:02 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 23:02 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-12 23:02 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-12 23:02 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 23:02 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-12 23:02 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-12 23:02 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 23:02 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-12 23:02 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-12 23:02 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-12 23:02 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 23:02 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 23:02 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-12 23:02 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 23:02 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 23:02 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 23:02 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-12 23:02 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 23:02 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 23:02 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 23:02 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 23:02 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 23:02 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 23:02 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 23:02 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 23:02 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-12 23:02 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-12 23:00 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 23:00 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 23:00 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-12 23:00 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 21:20 - 2014-03-12 21:20 - 00003563 _____ () C:\Users\Shane\Downloads\Matix172.json
2014-03-12 15:02 - 2014-03-12 15:02 - 00147987 _____ () C:\Users\Shane\Documents\HolographicDisplays.jar
2014-03-12 03:59 - 2014-03-12 04:20 - 00000000 ____D () C:\Users\Shane\Desktop\G_GPLSZ
2014-03-12 03:59 - 2014-03-12 03:59 - 00000000 ____D () C:\Users\Shane\Desktop\New folder (3)
2014-03-11 21:02 - 2014-03-11 21:47 - 00000000 ____D () C:\Users\Shane\Downloads\Xentest
2014-03-10 21:05 - 2014-03-10 21:05 - 00000748 _____ () C:\Users\Shane\Downloads\server (4).properties
2014-03-10 21:04 - 2014-03-10 21:04 - 00000748 _____ () C:\Users\Shane\Downloads\server (3).properties
2014-03-10 20:03 - 2014-03-10 20:03 - 00057169 _____ () C:\Users\Shane\Downloads\latest (14).log
2014-03-10 15:58 - 2014-03-10 15:58 - 02053555 _____ () C:\Users\Shane\Downloads\nocheatplus (2).log
2014-03-09 23:38 - 2014-03-09 23:38 - 00000000 ____D () C:\Users\Shane\Downloads\eclipse-standard-kepler-SR2-win32
2014-03-09 23:21 - 2014-03-09 23:34 - 210282353 _____ () C:\Users\Shane\Downloads\eclipse-standard-kepler-SR2-win32.zip
2014-03-09 20:20 - 2014-03-12 21:51 - 00017973 _____ () C:\Users\Shane\Documents\redeemMCMMO.jar
2014-03-09 20:20 - 2014-03-09 20:20 - 01246760 _____ () C:\Users\Shane\Downloads\ProtocolLib-3.2.0.jar
2014-03-09 19:40 - 2014-03-09 20:13 - 00053207 _____ () C:\Users\Shane\Documents\groups.yml
2014-03-09 19:40 - 2014-03-09 19:40 - 00001173 _____ () C:\Users\Shane\Documents\Documents - Shortcut (2).lnk
2014-03-09 16:18 - 2014-03-10 18:13 - 00009986 _____ () C:\Users\Shane\Documents\users.yml
2014-03-07 14:17 - 2014-03-07 14:19 - 103459537 _____ () C:\Users\Shane\Documents\the1.wmv
2014-03-07 14:16 - 2014-03-07 14:17 - 00000000 ____D () C:\Users\Shane\AppData\Local\{7F13A02B-07AD-40EF-9657-5ADCFDA29BFA}
2014-03-07 00:29 - 2014-03-07 00:29 - 00001900 _____ () C:\Users\Shane\Downloads\data (1).yml
2014-03-07 00:00 - 2014-03-07 00:00 - 00000768 _____ () C:\Users\Shane\Downloads\heckster5 (3).yml
2014-03-06 21:37 - 2014-03-06 21:37 - 00001310 _____ () C:\Users\Shane\Downloads\forthschmoopy.yml
2014-03-06 19:05 - 2014-03-06 19:05 - 00090887 _____ () C:\Users\Shane\Downloads\latest (13).log
2014-03-06 18:34 - 2014-03-06 18:34 - 00000315 _____ () C:\Users\Shane\Downloads\config (74).yml
2014-03-06 01:42 - 2014-03-06 01:42 - 00000392 _____ () C:\Users\Shane\Downloads\public (5).key
2014-03-06 01:33 - 2014-03-06 01:33 - 00000392 _____ () C:\Users\Shane\Downloads\public (4).key
2014-03-06 01:29 - 2014-03-06 01:29 - 00000392 _____ () C:\Users\Shane\Downloads\public (3).key
2014-03-05 20:16 - 2014-03-05 20:16 - 00009325 _____ () C:\Users\Shane\Downloads\Votifier_Count.jar
2014-03-05 17:33 - 2014-03-05 22:46 - 00002854 _____ () C:\Users\Shane\Documents\spigot.yml
2014-03-05 15:54 - 2014-03-05 15:54 - 00037700 _____ () C:\Users\Shane\Downloads\config (73).yml
2014-03-05 15:45 - 2014-03-05 15:45 - 00013000 _____ () C:\Users\Shane\Documents\ChatColor.jar
2014-03-05 15:41 - 2014-03-05 15:41 - 00235506 _____ () C:\Users\Shane\Documents\CoreProtect_2.0.9.jar
2014-03-04 19:36 - 2014-03-20 02:42 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-04 19:34 - 2014-03-15 19:50 - 00000000 ____D () C:\windows\pss
2014-03-04 19:23 - 2014-03-04 19:23 - 291664542 _____ () C:\Users\Shane\Documents\backup.reg
2014-03-04 19:12 - 2014-03-04 19:12 - 01294688 _____ (LogMeIn, Inc.) C:\Users\Shane\Downloads\Support-LogMeInRescue.exe
2014-03-04 16:21 - 2013-01-28 13:00 - 00000836 _____ () C:\Users\Shane\Documents\widget_framework_taigachat_pro.xml
2014-03-04 16:13 - 2014-03-04 16:13 - 01170406 _____ () C:\Users\Shane\Downloads\minecraft-1.2.1-b1.zip
2014-03-03 20:22 - 2014-03-03 20:22 - 04822473 _____ (Tim Kosse) C:\Users\Shane\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-03 20:06 - 2014-03-03 20:06 - 00032893 _____ () C:\Users\Shane\Downloads\hs_err_pid26760.log
2014-03-03 18:31 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-03 18:31 - 2013-12-18 22:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-03-03 18:31 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-03-03 18:31 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-03-03 18:30 - 2014-03-03 18:31 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-03 18:27 - 2014-03-03 18:27 - 00921512 _____ (Oracle Corporation) C:\Users\Shane\Downloads\JavaSetup7u51.com
2014-03-02 17:44 - 2014-03-02 17:44 - 00031883 _____ () C:\Users\Shane\Documents\Treehuge.schematic
2014-03-02 17:32 - 2014-03-02 18:28 - 397877142 _____ () C:\Users\Shane\Downloads\bandicam 2014-03-01 22-14-57-093.avi
2014-03-02 09:55 - 2014-03-02 14:55 - 01485867 _____ () C:\Users\Shane\Downloads\2014-03-01-2.log
2014-03-02 09:55 - 2014-03-02 09:55 - 00117019 _____ () C:\Users\Shane\Downloads\2014-03-01-2.log.gz
2014-03-02 09:54 - 2014-03-02 09:54 - 00026327 _____ () C:\Users\Shane\Downloads\latest (12).log
2014-03-01 14:41 - 2014-03-01 14:41 - 00026635 _____ () C:\Users\Shane\Downloads\config (72).yml
2014-03-01 13:36 - 2014-03-01 13:36 - 00384219 _____ () C:\Users\Shane\Downloads\Giant Tree.rar
2014-03-01 09:48 - 2014-03-01 09:50 - 00000000 ____D () C:\Users\Shane\Documents\MPK
2014-03-01 09:48 - 2014-03-01 09:48 - 00002981 _____ () C:\Users\Shane\Documents\MPK.jar
2014-02-28 17:50 - 2014-02-28 17:50 - 00000000 ____D () C:\Users\Shane\AppData\Local\Skype
2014-02-28 12:06 - 2014-02-28 12:12 - 348928748 _____ () C:\Users\Shane\Documents\BabayCowCv1.0.wmv
2014-02-27 20:36 - 2014-02-27 20:36 - 00037702 _____ () C:\Users\Shane\Downloads\config (71).yml
2014-02-27 09:50 - 2014-02-27 09:50 - 00007553 _____ () C:\Users\Shane\Documents\Killreward_1_6_6.jar
2014-02-27 09:36 - 2014-02-27 09:36 - 01308824 _____ () C:\Users\Shane\Downloads\KitPvPMap.zip
2014-02-27 09:24 - 2014-02-27 09:24 - 01334513 _____ () C:\Users\Shane\Downloads\Skyfall.zip
2014-02-27 08:35 - 2014-02-25 06:48 - 00958399 _____ () C:\Users\Shane\Documents\Essentials.jar
2014-02-27 08:35 - 2014-02-23 02:56 - 00019387 _____ () C:\Users\Shane\Documents\EssentialsProtect.jar
2014-02-27 08:35 - 2014-02-23 02:56 - 00016262 _____ () C:\Users\Shane\Documents\EssentialsSpawn.jar
2014-02-27 08:35 - 2014-02-23 02:56 - 00014519 _____ () C:\Users\Shane\Documents\EssentialsAntiBuild.jar
2014-02-27 08:35 - 2014-02-23 02:56 - 00012714 _____ () C:\Users\Shane\Documents\EssentialsChat.jar
2014-02-26 19:23 - 2014-02-26 19:23 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-26 11:43 - 2014-02-26 11:43 - 00037009 _____ () C:\Users\Shane\Downloads\TMS_1.3.0.zip
2014-02-26 05:16 - 2014-02-26 05:16 - 00006430 _____ () C:\Users\Shane\Downloads\Navigation Manager 1.1.zip
2014-02-26 05:16 - 2014-02-26 05:16 - 00000000 ____D () C:\Users\Shane\Downloads\Navigation Manager 1.1
2014-02-26 04:00 - 2014-02-26 04:01 - 00000000 ____D () C:\2a94445f3db3bebce52487
2014-02-26 00:42 - 2013-09-26 20:06 - 00033131 _____ () C:\Users\Shane\Documents\style-Casual.xml
2014-02-26 00:41 - 2014-02-26 00:41 - 00656919 _____ () C:\Users\Shane\Downloads\Casual-1.2.2 (1).zip
2014-02-26 00:39 - 2014-02-26 00:40 - 00350147 _____ () C:\Users\Shane\Downloads\Casual-1.2.2.zip.gzkqvwb.partial
2014-02-26 00:22 - 2014-02-26 00:22 - 01271710 _____ () C:\Users\Shane\Downloads\minecraft-1.1.3.zip
2014-02-25 10:53 - 2014-02-25 10:53 - 00000000 ____D () C:\Users\Shane\Downloads\[SkinXF.Net]_XenForo 1.2.5 Nulled By SkinXF.Net
2014-02-25 06:45 - 2014-02-25 06:45 - 00037702 _____ () C:\Users\Shane\Downloads\config-2.yml
2014-02-25 06:23 - 2014-02-25 06:23 - 00962053 _____ () C:\Users\Shane\Downloads\Essentials (7).zip
2014-02-25 02:28 - 2014-02-25 02:28 - 05941270 _____ () C:\Users\Shane\Downloads\[SkinXF.Net]_XenForo 1.2.5 Nulled By SkinXF.Net.zip
2014-02-24 21:29 - 2014-02-24 21:30 - 00007207 _____ () C:\Users\Shane\Documents\conf.json
2014-02-24 15:19 - 2014-02-24 15:19 - 00000000 ____D () C:\temp2
2014-02-24 15:19 - 2014-02-24 15:19 - 00000000 ____D () C:\kiosk
2014-02-24 15:18 - 2014-02-24 15:18 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\Worksimaging
2014-02-23 19:04 - 2014-02-23 19:04 - 00001294 _____ () C:\Users\Shane\Downloads\AxelTheTaco298.dat
2014-02-23 19:03 - 2014-02-23 19:03 - 00000832 _____ () C:\Users\Shane\Downloads\axelthetaco298 (3).yml
2014-02-23 00:33 - 2014-02-23 00:33 - 01879462 _____ () C:\Users\Shane\Downloads\latest (11).log
2014-02-23 00:33 - 2014-02-23 00:33 - 01878892 _____ () C:\Users\Shane\Downloads\latest (10).log
2014-02-22 23:51 - 2014-02-22 23:51 - 00000815 _____ () C:\Users\Shane\Downloads\axelthetaco298 (2).yml
2014-02-22 18:23 - 2014-02-22 18:23 - 03871018 _____ () C:\Users\Shane\Downloads\20000_world (2).zip
2014-02-22 02:15 - 2014-02-22 02:15 - 07377680 _____ (Bandisoft) C:\Users\Shane\Downloads\bdcamsetup (2).exe
2014-02-21 01:48 - 2014-02-21 01:48 - 00925722 _____ () C:\Users\Shane\Documents\__rzi_0.192
2014-02-21 01:38 - 2014-02-21 01:38 - 00037672 _____ () C:\Users\Shane\Downloads\config (70).yml
2014-02-21 01:14 - 2014-02-21 01:14 - 00015676 _____ () C:\Users\Shane\Downloads\config (69).yml
2014-02-21 01:12 - 2014-02-21 01:12 - 00702737 _____ () C:\Users\Shane\Documents\NoCheatPlus.jar
2014-02-20 20:50 - 2014-02-20 20:50 - 03523953 _____ () C:\Users\Shane\Downloads\testworld_63.zip
2014-02-20 20:28 - 2014-02-20 20:28 - 03805778 _____ () C:\Users\Shane\Downloads\10k_world.zip
2014-02-20 20:26 - 2014-02-20 20:26 - 00000000 ____D () C:\Users\Shane\Downloads\1.7.2_bare_server
2014-02-20 20:25 - 2014-02-20 20:26 - 34770657 _____ () C:\Users\Shane\Downloads\1.7.2_bare_server.zip
2014-02-20 00:20 - 2014-03-07 22:59 - 00000000 ____D () C:\Users\Shane\AppData\Local\Google
2014-02-20 00:20 - 2014-03-07 22:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-20 00:19 - 2014-02-20 00:19 - 00847824 _____ (Google Inc.) C:\Users\Shane\Downloads\GoogleEarthSetup.exe
2014-02-18 23:01 - 2014-02-18 23:01 - 00014980 _____ () C:\Users\Shane\Downloads\config (68).yml
2014-02-18 22:38 - 2014-02-18 22:41 - 00014873 _____ () C:\Users\Shane\Downloads\config (67).yml
2014-02-18 22:03 - 2014-02-18 22:03 - 00363504 _____ () C:\Users\Shane\Documents\MobArena.jar
2014-02-18 21:42 - 2014-02-18 21:42 - 00029566 _____ () C:\Users\Shane\Downloads\regions (1).yml
2014-02-18 18:57 - 2014-02-18 18:57 - 00000718 _____ () C:\Users\Shane\Downloads\Alt list.txt
2014-02-18 18:26 - 2014-02-18 18:26 - 41439941 _____ () C:\Users\Shane\Documents\LOLHACKS.wmv

==================== One Month Modified Files and Folders =======

2014-03-20 02:50 - 2009-07-14 00:45 - 00021296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 02:50 - 2009-07-14 00:45 - 00021296 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 02:49 - 2014-03-20 02:49 - 00000000 ____D () C:\FRST
2014-03-20 02:49 - 2014-03-20 02:48 - 00000000 ____D () C:\Users\Shane\Desktop\Farbar
2014-03-20 02:45 - 2014-03-20 02:45 - 01037734 _____ (Thisisu) C:\Users\Shane\Downloads\JRT.exe
2014-03-20 02:42 - 2014-03-04 19:36 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-20 02:42 - 2011-08-30 13:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-20 02:42 - 2011-08-13 19:45 - 00000000 ____D () C:\Users\Shane\AppData\Local\SoftThinks
2014-03-20 02:42 - 2009-07-14 00:51 - 00095333 _____ () C:\windows\setupact.log
2014-03-20 02:41 - 2014-03-20 02:37 - 00000000 ____D () C:\AdwCleaner
2014-03-20 02:36 - 2014-03-20 02:36 - 01950720 _____ () C:\Users\Shane\Downloads\adwcleaner.exe
2014-03-20 02:35 - 2010-11-20 23:47 - 00864332 _____ () C:\windows\PFRO.log
2014-03-20 02:34 - 2014-03-20 02:29 - 00000000 ____D () C:\Users\Shane\Desktop\RK_Quarantine
2014-03-20 02:32 - 2014-03-20 02:32 - 00001672 _____ () C:\Users\Shane\Desktop\RKreport[0]_D_03202014_023243.txt
2014-03-20 02:31 - 2014-03-20 02:31 - 00001623 _____ () C:\Users\Shane\Desktop\RKreport[0]_S_03202014_023134.txt
2014-03-20 02:29 - 2014-03-20 02:29 - 04497920 _____ () C:\Users\Shane\Downloads\RogueKillerX64.exe
2014-03-20 02:28 - 2011-08-14 00:11 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\Skype
2014-03-20 02:17 - 2014-03-19 00:54 - 00000593 _____ () C:\Users\Shane\Downloads\config.yml
2014-03-20 02:17 - 2013-09-22 08:40 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\.minecraft
2014-03-20 01:17 - 2014-03-20 01:17 - 00000727 _____ () C:\Users\Shane\Downloads\config.yml - Shortcut.lnk
2014-03-20 01:17 - 2013-03-07 17:38 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\FileZilla
2014-03-20 01:13 - 2014-03-14 00:02 - 00000388 _____ () C:\windows\Tasks\update-sys.job
2014-03-20 01:12 - 2014-03-20 01:12 - 00040024 _____ () C:\Users\Shane\Downloads\config (84).yml
2014-03-20 01:09 - 2014-03-20 01:09 - 00023282 _____ () C:\Users\Shane\Downloads\config (82).yml
2014-03-20 00:52 - 2012-12-06 22:10 - 12737420 _____ () C:\Users\Shane\Downloads\Super Hostile 01 - Sea of Flame II v3.0.zip
2014-03-20 00:19 - 2014-03-14 00:02 - 00000388 _____ () C:\windows\Tasks\update-S-1-5-21-3833890732-3850872918-1266211641-1001.job
2014-03-19 23:13 - 2014-03-19 23:13 - 00000017 _____ () C:\Users\Shane\Downloads\config (81).yml
2014-03-19 23:04 - 2014-03-16 01:03 - 00000354 _____ () C:\Users\Shane\Downloads\language.yml
2014-03-19 22:58 - 2014-03-19 22:58 - 00023687 _____ () C:\Users\Shane\Downloads\ClaimLevels.jar
2014-03-19 22:56 - 2013-08-08 00:48 - 01052930 _____ () C:\Users\Shane\Downloads\mcMMO.jar
2014-03-19 21:52 - 2013-09-09 20:18 - 00011993 _____ () C:\Users\Shane\Downloads\users.yml
2014-03-19 20:17 - 2014-03-16 19:30 - 00000260 _____ () C:\windows\Tasks\NUSchedule.job
2014-03-19 09:11 - 2013-10-26 17:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-19 08:36 - 2014-03-19 08:36 - 00017592 _____ () C:\Users\Shane\Desktop\Restore Report 03-19-2014 08-32-37AM.html
2014-03-19 07:23 - 2013-01-07 20:49 - 00000000 ____D () C:\Users\Shane\Desktop\forge-server
2014-03-19 05:47 - 2014-03-19 05:47 - 00000826 _____ () C:\Users\Shane\Downloads\MA3.schematic
2014-03-19 03:29 - 2014-03-19 03:29 - 00000643 _____ () C:\Users\Shane\Downloads\commands.yml
2014-03-19 03:28 - 2014-03-19 03:28 - 00002933 _____ () C:\Users\Shane\Downloads\bukkit (3).yml
2014-03-19 03:28 - 2014-03-19 03:25 - 00000999 _____ () C:\Users\Shane\Downloads\custom.txt
2014-03-19 02:45 - 2014-03-19 02:45 - 00002828 _____ () C:\Users\Shane\Downloads\custom_help.jar
2014-03-19 01:02 - 2014-03-19 01:02 - 00209325 _____ () C:\Users\Shane\Downloads\latest (16).log
2014-03-19 00:37 - 2014-03-19 00:37 - 00698982 _____ () C:\Users\Shane\Downloads\NoCheatPlus.jar
2014-03-18 23:44 - 2014-03-18 23:44 - 00059951 _____ () C:\Users\Shane\Downloads\GAListener.jar
2014-03-18 23:38 - 2014-03-18 23:38 - 00004096 _____ () C:\Users\Shane\Downloads\GAL.db
2014-03-18 23:18 - 2012-12-05 23:56 - 00000000 ____D () C:\Users\Shane\Desktop\GaListenerNewest
2014-03-18 23:14 - 2014-03-18 23:14 - 00000509 _____ () C:\Users\Shane\Downloads\vote_counts (4).txt
2014-03-18 05:32 - 2014-03-18 05:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Shane\Downloads\mbar-1.07.0.1009 (1).exe
2014-03-18 05:32 - 2014-03-15 16:15 - 00000000 ____D () C:\Users\Shane\Desktop\mbar
2014-03-18 01:36 - 2014-03-18 01:35 - 00001059 _____ () C:\Users\Shane\Downloads\oeghise.yml
2014-03-18 01:30 - 2014-03-18 01:30 - 00008700 _____ () C:\Users\Shane\Downloads\vote.log
2014-03-18 00:35 - 2014-03-18 00:35 - 00002331 _____ () C:\Users\Shane\Downloads\config (80).yml
2014-03-17 23:34 - 2014-03-17 23:34 - 00007985 _____ () C:\Users\Shane\Downloads\SgHAHA.schematic
2014-03-17 23:17 - 2014-03-17 23:16 - 00008353 _____ () C:\Users\Shane\Downloads\config (79).yml
2014-03-17 22:47 - 2014-03-17 22:47 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 22:09 - 2014-03-17 22:07 - 211811872 _____ (Symantec Corporation) C:\Users\Shane\Downloads\N360-TW-21.1.0-EN-US (1).exe
2014-03-17 21:58 - 2014-02-12 21:10 - 00000000 ____D () C:\Users\Shane\AppData\Local\NPE
2014-03-17 21:57 - 2011-06-10 06:42 - 01315104 _____ () C:\windows\WindowsUpdate.log
2014-03-17 21:46 - 2014-03-17 21:46 - 00059951 _____ () C:\Users\Shane\Documents\GAListener.jar
2014-03-17 21:24 - 2012-12-31 18:44 - 00000000 ____D () C:\Users\Shane\Desktop\Best 1.4.6 D
2014-03-17 04:08 - 2012-02-07 19:58 - 00000000 ____D () C:\Users\Shane\AppData\Local\CrashDumps
2014-03-17 01:31 - 2011-09-11 18:59 - 00000000 ____D () C:\ProgramData\Norton
2014-03-17 01:14 - 2014-03-17 01:14 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Shane\Downloads\tdsskiller (1).exe
2014-03-17 01:11 - 2014-03-17 01:11 - 03053496 ____N (Symantec Corporation) C:\Users\Shane\Downloads\NPE.exe
2014-03-17 01:11 - 2014-03-17 01:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-17 01:10 - 2014-03-17 01:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shane\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-17 01:03 - 2014-03-17 01:00 - 211811872 ____N (Symantec Corporation) C:\Users\Shane\Downloads\N360-TW-21.1.0-EN-US.exe
2014-03-17 00:14 - 2012-12-02 00:52 - 00000000 ____D () C:\Users\Shane\Documents\Bandicam
2014-03-16 22:49 - 2014-03-16 22:49 - 00782443 _____ () C:\Users\Shane\Downloads\latest (15).log
2014-03-16 21:37 - 2014-03-16 18:58 - 00000000 ____D () C:\Users\Shane\AppData\Local\LogMeIn Rescue Applet
2014-03-16 20:39 - 2014-03-16 20:39 - 00001229 _____ () C:\temp896.bat
2014-03-16 20:39 - 2014-03-16 20:39 - 00001209 _____ () C:\temp943.bat
2014-03-16 20:30 - 2014-03-16 20:30 - 00000207 _____ () C:\windows\tweaking.com-regbackup-BAILEYREALCOMP--(64-bit).dat
2014-03-16 20:29 - 2014-03-16 20:29 - 00000000 ____D () C:\RegBackup
2014-03-16 20:29 - 2014-03-16 20:29 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-16 19:39 - 2014-03-16 19:12 - 00000000 ____D () C:\Users\norton
2014-03-16 19:39 - 2011-08-13 19:45 - 00000000 ____D () C:\Users\Shane
2014-03-16 19:36 - 2014-03-16 19:33 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\Norton Utilities
2014-03-16 19:31 - 2014-03-16 19:30 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 15
2014-03-16 19:30 - 2014-03-16 19:30 - 00002836 _____ () C:\windows\System32\Tasks\NUSchedule
2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ____D () C:\Users\Shane\Documents\UnErase
2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ____D () C:\ProgramData\Symantec
2014-03-16 19:22 - 2014-03-16 19:21 - 00000000 ____D () C:\Users\norton\AppData\Local\NPE
2014-03-16 19:21 - 2014-03-16 19:21 - 03221720 _____ () C:\Users\norton\Desktop\AutoRuns.arn
2014-03-16 19:13 - 2014-03-16 19:13 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\norton\Downloads\autoruns.exe
2014-03-16 19:13 - 2014-03-16 19:13 - 00000000 ____D () C:\Users\norton\AppData\Roaming\Adobe
2014-03-16 19:12 - 2014-03-16 19:12 - 00000020 ___SH () C:\Users\norton\ntuser.ini
2014-03-16 19:01 - 2014-03-16 19:01 - 00000000 ____D () C:\ProgramData\Norton VRQ
2014-03-16 19:01 - 2014-03-15 19:42 - 00001831 _____ () C:\Users\Public\Desktop\VRQ.lnk
2014-03-16 19:01 - 2014-03-15 19:42 - 00000000 ____D () C:\Program Files (x86)\VRQ
2014-03-16 04:47 - 2014-03-16 00:48 - 00585893 _____ () C:\Users\Shane\Downloads\2014-03-15-1.log
2014-03-16 02:01 - 2014-03-16 02:01 - 00000909 _____ () C:\Users\Shane\VRQTool.log
2014-03-16 01:55 - 2014-03-16 01:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Shane\Downloads\tdsskiller.exe
2014-03-16 01:26 - 2014-03-16 01:26 - 00000793 _____ () C:\Users\Shane\Downloads\treekangaroo1208.yml
2014-03-16 00:47 - 2014-03-16 00:47 - 00073063 _____ () C:\Users\Shane\Downloads\2014-03-15-1.log.gz
2014-03-15 22:09 - 2014-03-15 22:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-15 22:09 - 2014-03-15 22:08 - 00000000 ____D () C:\Program Files\iTunes
2014-03-15 22:09 - 2014-03-15 22:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-15 22:08 - 2014-02-03 02:24 - 00000000 ____D () C:\Program Files\iPod
2014-03-15 22:07 - 2014-03-15 22:04 - 148885840 _____ (Apple Inc.) C:\Users\Shane\Downloads\iTunes64Setup (1).exe
2014-03-15 21:45 - 2014-03-14 00:02 - 00000059 _____ () C:\Users\Shane\AppData\Local\UserProducts.xml
2014-03-15 20:15 - 2009-07-14 01:13 - 00799374 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-15 19:50 - 2014-03-04 19:34 - 00000000 ____D () C:\windows\pss
2014-03-15 19:38 - 2014-03-15 19:38 - 01526624 _____ (LogMeIn, Inc.) C:\Users\Shane\Downloads\Support-LogMeInRescue (2).exe
2014-03-15 19:31 - 2014-03-15 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-15 16:15 - 2014-03-15 16:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Shane\Downloads\mbar-1.07.0.1009.exe
2014-03-15 02:52 - 2013-12-28 04:37 - 00000000 ____D () C:\ZillaTube
2014-03-15 02:38 - 2014-03-15 02:38 - 00991232 _____ () C:\Users\Shane\Downloads\MicrosoftFixit50267.msi
2014-03-15 00:16 - 2014-03-15 00:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shane\Downloads\mbam-consumer.exe
2014-03-15 00:04 - 2014-03-15 00:04 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\Malwarebytes
2014-03-15 00:03 - 2014-03-15 00:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-15 00:02 - 2014-03-15 00:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shane\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-15 00:00 - 2014-03-15 00:00 - 00002949 _____ () C:\Users\Shane\Desktop\aswMBR.txt
2014-03-15 00:00 - 2014-03-15 00:00 - 00000512 _____ () C:\Users\Shane\Desktop\MBR.dat
2014-03-14 23:59 - 2014-03-14 23:59 - 04745728 _____ (AVAST Software) C:\Users\Shane\Downloads\aswMBR.exe
2014-03-14 23:57 - 2014-03-14 23:57 - 00000000 ____D () C:\Users\Shane\Downloads\tdsskiller
2014-03-14 23:57 - 2014-03-14 23:56 - 04110135 _____ () C:\Users\Shane\Downloads\tdsskiller.zip
2014-03-14 23:53 - 2014-03-14 23:52 - 00002358 _____ () C:\Users\Shane\Desktop\Rkill.txt
2014-03-14 23:47 - 2014-03-14 23:47 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Shane\Downloads\rkill.exe
2014-03-14 20:51 - 2014-03-14 20:51 - 00000509 _____ () C:\Users\Shane\Downloads\DeeCannon.schematic
2014-03-14 20:08 - 2014-03-14 00:58 - 00012983 _____ () C:\Users\Shane\Documents\language.yml
2014-03-14 19:35 - 2014-03-14 19:27 - 00012429 _____ () C:\Users\Shane\Documents\advanced.yml
2014-03-14 19:33 - 2014-03-14 19:27 - 00011970 _____ () C:\Users\Shane\Documents\config.yml
2014-03-14 19:25 - 2012-11-06 01:07 - 00000000 ____D () C:\Users\Shane\Desktop\data
2014-03-14 01:24 - 2014-03-14 01:16 - 00258831 _____ () C:\Users\Shane\Documents\multiworld.jar
2014-03-14 01:21 - 2013-06-01 16:08 - 00000000 ____D () C:\Users\Shane\Desktop\oldtexturepack112413
2014-03-14 01:20 - 2012-12-23 19:46 - 00000000 ____D () C:\Users\Shane\Desktop\1.7.4 TEST SERVER
2014-03-14 01:04 - 2014-03-14 01:04 - 00001335 _____ () C:\Users\Shane\Downloads\config (78).yml
2014-03-14 00:40 - 2014-03-14 00:40 - 00001335 _____ () C:\Users\Shane\Downloads\config (77).yml
2014-03-14 00:34 - 2014-03-14 00:34 - 00001313 _____ () C:\Users\Shane\Downloads\config (76).yml
2014-03-14 00:28 - 2014-03-14 00:28 - 00010514 _____ () C:\Users\Shane\Downloads\language (1).yml
2014-03-14 00:21 - 2014-03-14 00:21 - 00000058 _____ () C:\Users\Shane\Downloads\orphanLots (3).ser
2014-03-14 00:18 - 2014-03-14 00:18 - 00001313 _____ () C:\Users\Shane\Downloads\config (75).yml
2014-03-14 00:02 - 2014-03-14 00:02 - 02182024 _____ (Skillbrains ) C:\Users\Shane\Downloads\setup-lightshot.exe
2014-03-14 00:02 - 2014-03-14 00:02 - 00003284 _____ () C:\windows\System32\Tasks\update-sys
2014-03-14 00:02 - 2014-03-14 00:02 - 00003262 _____ () C:\windows\System32\Tasks\update-S-1-5-21-3833890732-3850872918-1266211641-1001
2014-03-14 00:02 - 2014-03-14 00:02 - 00000003 _____ () C:\Users\Shane\AppData\Local\updater.log
2014-03-14 00:02 - 2014-03-14 00:02 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-03-13 21:23 - 2011-06-10 06:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-13 19:06 - 2011-08-16 13:27 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-03-13 18:59 - 2014-03-13 18:59 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-13 18:58 - 2014-03-13 18:58 - 02281080 _____ (Symantec Corporation ) C:\Users\Shane\Downloads\VRQ_Installer.exe
2014-03-13 18:55 - 2014-03-13 18:55 - 01526624 _____ (LogMeIn, Inc.) C:\Users\Shane\Downloads\Support-LogMeInRescue (1).exe
2014-03-13 18:20 - 2014-03-13 18:20 - 00007605 _____ () C:\Users\Shane\AppData\Local\Resmon.ResmonCfg
2014-03-13 17:41 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 17:41 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 17:41 - 2009-07-14 00:45 - 00331408 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-13 04:44 - 2014-03-13 04:44 - 00001830 _____ () C:\Users\Shane\Documents\Unname.jar
2014-03-13 04:02 - 2014-03-13 04:02 - 00092671 _____ () C:\Users\Shane\Downloads\Void World.rar
2014-03-13 03:42 - 2014-03-13 03:42 - 00325807 _____ () C:\Users\Shane\Documents\Multiverse-Core-2.4.jar
2014-03-13 03:14 - 2012-12-02 00:51 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-03-13 03:14 - 2011-06-10 06:46 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-12 21:51 - 2014-03-09 20:20 - 00017973 _____ () C:\Users\Shane\Documents\redeemMCMMO.jar
2014-03-12 21:20 - 2014-03-12 21:20 - 00003563 _____ () C:\Users\Shane\Downloads\Matix172.json
2014-03-12 15:02 - 2014-03-12 15:02 - 00147987 _____ () C:\Users\Shane\Documents\HolographicDisplays.jar
2014-03-12 04:20 - 2014-03-12 03:59 - 00000000 ____D () C:\Users\Shane\Desktop\G_GPLSZ
2014-03-12 03:59 - 2014-03-12 03:59 - 00000000 ____D () C:\Users\Shane\Desktop\New folder (3)
2014-03-11 21:47 - 2014-03-11 21:02 - 00000000 ____D () C:\Users\Shane\Downloads\Xentest
2014-03-11 15:34 - 2012-09-14 14:18 - 00000000 ____D () C:\Users\Shane\Desktop\AntiCheat
2014-03-11 01:28 - 2014-02-17 19:35 - 00000000 ____D () C:\Users\Shane\Desktop\ResetStuff
2014-03-10 21:05 - 2014-03-10 21:05 - 00000748 _____ () C:\Users\Shane\Downloads\server (4).properties
2014-03-10 21:04 - 2014-03-10 21:04 - 00000748 _____ () C:\Users\Shane\Downloads\server (3).properties
2014-03-10 20:49 - 2013-04-28 22:00 - 00000000 ____D () C:\Users\Shane\Desktop\rockcraft backup
2014-03-10 20:03 - 2014-03-10 20:03 - 00057169 _____ () C:\Users\Shane\Downloads\latest (14).log
2014-03-10 18:13 - 2014-03-09 16:18 - 00009986 _____ () C:\Users\Shane\Documents\users.yml
2014-03-10 15:58 - 2014-03-10 15:58 - 02053555 _____ () C:\Users\Shane\Downloads\nocheatplus (2).log
2014-03-09 23:38 - 2014-03-09 23:38 - 00000000 ____D () C:\Users\Shane\Downloads\eclipse-standard-kepler-SR2-win32
2014-03-09 23:34 - 2014-03-09 23:21 - 210282353 _____ () C:\Users\Shane\Downloads\eclipse-standard-kepler-SR2-win32.zip
2014-03-09 20:20 - 2014-03-09 20:20 - 01246760 _____ () C:\Users\Shane\Downloads\ProtocolLib-3.2.0.jar
2014-03-09 20:13 - 2014-03-09 19:40 - 00053207 _____ () C:\Users\Shane\Documents\groups.yml
2014-03-09 19:40 - 2014-03-09 19:40 - 00001173 _____ () C:\Users\Shane\Documents\Documents - Shortcut (2).lnk
2014-03-07 22:59 - 2014-02-20 00:20 - 00000000 ____D () C:\Users\Shane\AppData\Local\Google
2014-03-07 22:58 - 2014-02-20 00:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-07 22:58 - 2011-08-30 12:58 - 00000000 ____D () C:\Users\Shane\AppData\Local\Deployment
2014-03-07 14:19 - 2014-03-07 14:17 - 103459537 _____ () C:\Users\Shane\Documents\the1.wmv
2014-03-07 14:17 - 2014-03-07 14:16 - 00000000 ____D () C:\Users\Shane\AppData\Local\{7F13A02B-07AD-40EF-9657-5ADCFDA29BFA}
2014-03-07 00:29 - 2014-03-07 00:29 - 00001900 _____ () C:\Users\Shane\Downloads\data (1).yml
2014-03-07 00:00 - 2014-03-07 00:00 - 00000768 _____ () C:\Users\Shane\Downloads\heckster5 (3).yml
2014-03-06 22:11 - 2013-10-14 03:22 - 00000000 ____D () C:\Users\Shane\Desktop\MCSOFAr
2014-03-06 21:59 - 2014-02-04 06:41 - 00000748 _____ () C:\Users\Shane\Documents\server.properties
2014-03-06 21:37 - 2014-03-06 21:37 - 00001310 _____ () C:\Users\Shane\Downloads\forthschmoopy.yml
2014-03-06 19:05 - 2014-03-06 19:05 - 00090887 _____ () C:\Users\Shane\Downloads\latest (13).log
2014-03-06 18:34 - 2014-03-06 18:34 - 00000315 _____ () C:\Users\Shane\Downloads\config (74).yml
2014-03-06 01:42 - 2014-03-06 01:42 - 00000392 _____ () C:\Users\Shane\Downloads\public (5).key
2014-03-06 01:33 - 2014-03-06 01:33 - 00000392 _____ () C:\Users\Shane\Downloads\public (4).key
2014-03-06 01:29 - 2014-03-06 01:29 - 00000392 _____ () C:\Users\Shane\Downloads\public (3).key
2014-03-05 23:24 - 2014-02-13 19:31 - 00000734 _____ () C:\Users\Shane\Documents\settings.prop
2014-03-05 22:46 - 2014-03-05 17:33 - 00002854 _____ () C:\Users\Shane\Documents\spigot.yml
2014-03-05 20:16 - 2014-03-05 20:16 - 00009325 _____ () C:\Users\Shane\Downloads\Votifier_Count.jar
2014-03-05 15:54 - 2014-03-05 15:54 - 00037700 _____ () C:\Users\Shane\Downloads\config (73).yml
2014-03-05 15:45 - 2014-03-05 15:45 - 00013000 _____ () C:\Users\Shane\Documents\ChatColor.jar
2014-03-05 15:41 - 2014-03-05 15:41 - 00235506 _____ () C:\Users\Shane\Documents\CoreProtect_2.0.9.jar
2014-03-04 19:23 - 2014-03-04 19:23 - 291664542 _____ () C:\Users\Shane\Documents\backup.reg
2014-03-04 19:12 - 2014-03-04 19:12 - 01294688 _____ (LogMeIn, Inc.) C:\Users\Shane\Downloads\Support-LogMeInRescue.exe
2014-03-04 16:13 - 2014-03-04 16:13 - 01170406 _____ () C:\Users\Shane\Downloads\minecraft-1.2.1-b1.zip
2014-03-03 20:23 - 2014-01-06 08:11 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-03 20:22 - 2014-03-03 20:22 - 04822473 _____ (Tim Kosse) C:\Users\Shane\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-03 20:06 - 2014-03-03 20:06 - 00032893 _____ () C:\Users\Shane\Downloads\hs_err_pid26760.log
2014-03-03 18:32 - 2013-09-22 04:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-03 18:31 - 2014-03-03 18:30 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-03 18:31 - 2011-06-10 06:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-03 18:27 - 2014-03-03 18:27 - 00921512 _____ (Oracle Corporation) C:\Users\Shane\Downloads\JavaSetup7u51.com
2014-03-02 18:28 - 2014-03-02 17:32 - 397877142 _____ () C:\Users\Shane\Downloads\bandicam 2014-03-01 22-14-57-093.avi
2014-03-02 17:44 - 2014-03-02 17:44 - 00031883 _____ () C:\Users\Shane\Documents\Treehuge.schematic
2014-03-02 14:55 - 2014-03-02 09:55 - 01485867 _____ () C:\Users\Shane\Downloads\2014-03-01-2.log
2014-03-02 09:55 - 2014-03-02 09:55 - 00117019 _____ () C:\Users\Shane\Downloads\2014-03-01-2.log.gz
2014-03-02 09:54 - 2014-03-02 09:54 - 00026327 _____ () C:\Users\Shane\Downloads\latest (12).log
2014-03-01 14:41 - 2014-03-01 14:41 - 00026635 _____ () C:\Users\Shane\Downloads\config (72).yml
2014-03-01 13:36 - 2014-03-01 13:36 - 00384219 _____ () C:\Users\Shane\Downloads\Giant Tree.rar
2014-03-01 09:50 - 2014-03-01 09:48 - 00000000 ____D () C:\Users\Shane\Documents\MPK
2014-03-01 09:48 - 2014-03-01 09:48 - 00002981 _____ () C:\Users\Shane\Documents\MPK.jar
2014-03-01 02:05 - 2014-03-12 23:02 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-12 23:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-12 23:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-12 23:02 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-12 23:02 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-12 23:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-12 23:02 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-12 23:02 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-12 23:02 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-12 23:02 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-12 23:02 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-12 23:02 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-12 23:02 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-12 23:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-12 23:02 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-12 23:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-12 23:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-12 23:02 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-12 23:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-12 23:02 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-12 23:02 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-12 23:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-12 23:02 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-12 23:02 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-12 23:02 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-12 23:02 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-12 23:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-12 23:02 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-12 23:02 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-12 23:02 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-12 23:02 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-12 23:02 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-12 23:02 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-12 23:02 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-12 23:02 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-12 23:02 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-12 23:02 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-12 23:02 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-12 23:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-12 23:02 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 17:50 - 2014-02-28 17:50 - 00000000 ____D () C:\Users\Shane\AppData\Local\Skype
2014-02-28 17:50 - 2011-06-10 06:47 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 15:36 - 2012-11-23 17:55 - 00000000 ____D () C:\Users\Shane\Desktop\texturepacks-mp-cache
2014-02-28 12:12 - 2014-02-28 12:06 - 348928748 _____ () C:\Users\Shane\Documents\BabayCowCv1.0.wmv
2014-02-28 00:05 - 2011-02-10 12:10 - 00774592 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-27 20:36 - 2014-02-27 20:36 - 00037702 _____ () C:\Users\Shane\Downloads\config (71).yml
2014-02-27 18:54 - 2013-03-07 17:42 - 00000000 ____D () C:\Users\Shane\Desktop\PVP
2014-02-27 09:50 - 2014-02-27 09:50 - 00007553 _____ () C:\Users\Shane\Documents\Killreward_1_6_6.jar
2014-02-27 09:36 - 2014-02-27 09:36 - 01308824 _____ () C:\Users\Shane\Downloads\KitPvPMap.zip
2014-02-27 09:24 - 2014-02-27 09:24 - 01334513 _____ () C:\Users\Shane\Downloads\Skyfall.zip
2014-02-27 04:28 - 2012-10-17 00:21 - 00000000 ____D () C:\Users\Shane\Desktop\Votifier
2014-02-26 20:13 - 2012-02-25 00:18 - 00000000 ____D () C:\Users\Shane\Documents\TurboTax
2014-02-26 19:23 - 2014-02-26 19:23 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-26 19:23 - 2012-02-25 00:10 - 00000635 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-26 19:22 - 2012-02-25 00:09 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-02-26 11:43 - 2014-02-26 11:43 - 00037009 _____ () C:\Users\Shane\Downloads\TMS_1.3.0.zip
2014-02-26 05:16 - 2014-02-26 05:16 - 00006430 _____ () C:\Users\Shane\Downloads\Navigation Manager 1.1.zip
2014-02-26 05:16 - 2014-02-26 05:16 - 00000000 ____D () C:\Users\Shane\Downloads\Navigation Manager 1.1
2014-02-26 04:01 - 2014-02-26 04:00 - 00000000 ____D () C:\2a94445f3db3bebce52487
2014-02-26 00:41 - 2014-02-26 00:41 - 00656919 _____ () C:\Users\Shane\Downloads\Casual-1.2.2 (1).zip
2014-02-26 00:40 - 2014-02-26 00:39 - 00350147 _____ () C:\Users\Shane\Downloads\Casual-1.2.2.zip.gzkqvwb.partial
2014-02-26 00:22 - 2014-02-26 00:22 - 01271710 _____ () C:\Users\Shane\Downloads\minecraft-1.1.3.zip
2014-02-25 10:53 - 2014-02-25 10:53 - 00000000 ____D () C:\Users\Shane\Downloads\[SkinXF.Net]_XenForo 1.2.5 Nulled By SkinXF.Net
2014-02-25 06:48 - 2014-02-27 08:35 - 00958399 _____ () C:\Users\Shane\Documents\Essentials.jar
2014-02-25 06:45 - 2014-02-25 06:45 - 00037702 _____ () C:\Users\Shane\Downloads\config-2.yml
2014-02-25 06:23 - 2014-02-25 06:23 - 00962053 _____ () C:\Users\Shane\Downloads\Essentials (7).zip
2014-02-25 02:28 - 2014-02-25 02:28 - 05941270 _____ () C:\Users\Shane\Downloads\[SkinXF.Net]_XenForo 1.2.5 Nulled By SkinXF.Net.zip
2014-02-24 21:30 - 2014-02-24 21:29 - 00007207 _____ () C:\Users\Shane\Documents\conf.json
2014-02-24 15:19 - 2014-02-24 15:19 - 00000000 ____D () C:\temp2
2014-02-24 15:19 - 2014-02-24 15:19 - 00000000 ____D () C:\kiosk
2014-02-24 15:19 - 2011-08-13 19:49 - 00000000 ____D () C:\Users\Shane\AppData\Local\VirtualStore
2014-02-24 15:18 - 2014-02-24 15:18 - 00000000 ____D () C:\Users\Shane\AppData\Roaming\Worksimaging
2014-02-23 19:04 - 2014-02-23 19:04 - 00001294 _____ () C:\Users\Shane\Downloads\AxelTheTaco298.dat
2014-02-23 19:03 - 2014-02-23 19:03 - 00000832 _____ () C:\Users\Shane\Downloads\axelthetaco298 (3).yml
2014-02-23 02:56 - 2014-02-27 08:35 - 00019387 _____ () C:\Users\Shane\Documents\EssentialsProtect.jar
2014-02-23 02:56 - 2014-02-27 08:35 - 00016262 _____ () C:\Users\Shane\Documents\EssentialsSpawn.jar
2014-02-23 02:56 - 2014-02-27 08:35 - 00014519 _____ () C:\Users\Shane\Documents\EssentialsAntiBuild.jar
2014-02-23 02:56 - 2014-02-27 08:35 - 00012714 _____ () C:\Users\Shane\Documents\EssentialsChat.jar
2014-02-23 00:33 - 2014-02-23 00:33 - 01879462 _____ () C:\Users\Shane\Downloads\latest (11).log
2014-02-23 00:33 - 2014-02-23 00:33 - 01878892 _____ () C:\Users\Shane\Downloads\latest (10).log
2014-02-22 23:51 - 2014-02-22 23:51 - 00000815 _____ () C:\Users\Shane\Downloads\axelthetaco298 (2).yml
2014-02-22 18:23 - 2014-02-22 18:23 - 03871018 _____ () C:\Users\Shane\Downloads\20000_world (2).zip
2014-02-22 02:16 - 2013-09-27 18:56 - 00000994 _____ () C:\Users\Shane\Desktop\Bandicam.lnk
2014-02-22 02:16 - 2012-12-02 00:51 - 00000994 _____ () C:\Users\UpdatusUser\Desktop\Bandicam.lnk
2014-02-22 02:16 - 2012-12-02 00:51 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-02-22 02:15 - 2014-02-22 02:15 - 07377680 _____ (Bandisoft) C:\Users\Shane\Downloads\bdcamsetup (2).exe
2014-02-21 01:48 - 2014-02-21 01:48 - 00925722 _____ () C:\Users\Shane\Documents\__rzi_0.192
2014-02-21 01:38 - 2014-02-21 01:38 - 00037672 _____ () C:\Users\Shane\Downloads\config (70).yml
2014-02-21 01:14 - 2014-02-21 01:14 - 00015676 _____ () C:\Users\Shane\Downloads\config (69).yml
2014-02-21 01:12 - 2014-02-21 01:12 - 00702737 _____ () C:\Users\Shane\Documents\NoCheatPlus.jar
2014-02-21 00:38 - 2012-10-02 19:39 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 00:38 - 2011-08-29 11:20 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 20:50 - 2014-02-20 20:50 - 03523953 _____ () C:\Users\Shane\Downloads\testworld_63.zip
2014-02-20 20:28 - 2014-02-20 20:28 - 03805778 _____ () C:\Users\Shane\Downloads\10k_world.zip
2014-02-20 20:26 - 2014-02-20 20:26 - 00000000 ____D () C:\Users\Shane\Downloads\1.7.2_bare_server
2014-02-20 20:26 - 2014-02-20 20:25 - 34770657 _____ () C:\Users\Shane\Downloads\1.7.2_bare_server.zip
2014-02-20 00:19 - 2014-02-20 00:19 - 00847824 _____ (Google Inc.) C:\Users\Shane\Downloads\GoogleEarthSetup.exe
2014-02-18 23:01 - 2014-02-18 23:01 - 00014980 _____ () C:\Users\Shane\Downloads\config (68).yml
2014-02-18 22:41 - 2014-02-18 22:38 - 00014873 _____ () C:\Users\Shane\Downloads\config (67).yml
2014-02-18 22:03 - 2014-02-18 22:03 - 00363504 _____ () C:\Users\Shane\Documents\MobArena.jar
2014-02-18 21:42 - 2014-02-18 21:42 - 00029566 _____ () C:\Users\Shane\Downloads\regions (1).yml
2014-02-18 18:57 - 2014-02-18 18:57 - 00000718 _____ () C:\Users\Shane\Downloads\Alt list.txt
2014-02-18 18:26 - 2014-02-18 18:26 - 41439941 _____ () C:\Users\Shane\Documents\LOLHACKS.wmv

Some content of TEMP:
====================
C:\Users\Shane\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Shane\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 13:17

==================== End Of Log ============================

Attached Files


Edited by SSROCK101, 20 March 2014 - 02:03 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 20 March 2014 - 07:47 AM

The only unknow process in your log is this:
HKU\S-1-5-21-3833890732-3850872918-1266211641-1001\...\MountPoints2: {dce79244-935d-11e0-86ba-806e6f6e6963} - D:\Start.exe
How long have you had this start.exe file and what does it do?
===


Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall


    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============



#7 SSROCK101

SSROCK101
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 21 March 2014 - 09:12 PM

Hello, thanks again for your help! I am not sure what start .exe is, I have never seen it. Here are the logs you requested, Except ComboFixer wouldn't run, it gave me this error:77920ab956854656c4216441f49cb8d1.png

 

 

 

TDSSKiller Logs:

 

22:28:54.0338 0x2660  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
22:28:57.0224 0x2660  ============================================================
22:28:57.0224 0x2660  Current date / time: 2014/03/20 22:28:57.0224
22:28:57.0224 0x2660  SystemInfo:
22:28:57.0224 0x2660 
22:28:57.0224 0x2660  OS Version: 6.1.7601 ServicePack: 1.0
22:28:57.0224 0x2660  Product type: Workstation
22:28:57.0224 0x2660  ComputerName: BAILEYREALCOMP
22:28:57.0224 0x2660  UserName: Shane
22:28:57.0224 0x2660  Windows directory: C:\windows
22:28:57.0224 0x2660  System windows directory: C:\windows
22:28:57.0224 0x2660  Running under WOW64
22:28:57.0224 0x2660  Processor architecture: Intel x64
22:28:57.0224 0x2660  Number of processors: 4
22:28:57.0224 0x2660  Page size: 0x1000
22:28:57.0224 0x2660  Boot type: Normal boot
22:28:57.0224 0x2660  ============================================================
22:28:57.0333 0x2660  System UUID: {97DEDD7E-4635-8A97-1716-0B8701FDB8D1}
22:28:57.0660 0x2660  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:28:57.0676 0x2660  ============================================================
22:28:57.0676 0x2660  \Device\Harddisk0\DR0:
22:28:57.0676 0x2660  MBR partitions:
22:28:57.0676 0x2660  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
22:28:57.0676 0x2660  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
22:28:57.0676 0x2660  ============================================================
22:28:57.0707 0x2660  C: <-> \Device\Harddisk0\DR0\Partition2
22:28:57.0707 0x2660  ============================================================
22:28:57.0707 0x2660  Initialize success
22:28:57.0707 0x2660  ============================================================
22:28:58.0784 0x2bc8  ============================================================
22:28:58.0784 0x2bc8  Scan started
22:28:58.0784 0x2bc8  Mode: Manual;
22:28:58.0784 0x2bc8  ============================================================
22:28:58.0784 0x2bc8  KSN ping started
22:29:13.0697 0x2bc8  KSN ping finished: true
22:29:14.0555 0x2bc8  ================ Scan system memory ========================
22:29:14.0555 0x2bc8  Scan was interrupted by user!
22:29:14.0602 0x2bc8  Win FW state via NFP2: enabled
22:29:17.0550 0x2bc8  ============================================================
22:29:17.0550 0x2bc8  Scan finished
22:29:17.0550 0x2bc8  ============================================================
22:29:17.0550 0x0298  Detected object count: 0
22:29:17.0550 0x0298  Actual detected object count: 0
22:29:45.0927 0x2424  ============================================================
22:29:45.0927 0x2424  Scan started
22:29:45.0927 0x2424  Mode: Manual; SigCheck; TDLFS;
22:29:45.0927 0x2424  ============================================================
22:29:45.0927 0x2424  KSN ping started
22:29:48.0704 0x2424  KSN ping finished: true
22:29:48.0938 0x2424  ================ Scan system memory ========================
22:29:48.0938 0x2424  System memory - ok
22:29:48.0938 0x2424  ================ Scan services =============================
22:29:49.0063 0x2424  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
22:29:49.0109 0x2424  1394ohci - ok
22:29:49.0125 0x2424  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
22:29:49.0141 0x2424  ACPI - ok
22:29:49.0156 0x2424  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
22:29:49.0156 0x2424  AcpiPmi - ok
22:29:49.0281 0x2424  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:29:49.0297 0x2424  AdobeARMservice - ok
22:29:49.0375 0x2424  [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:29:49.0406 0x2424  AdobeFlashPlayerUpdateSvc - ok
22:29:49.0421 0x2424  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
22:29:49.0437 0x2424  adp94xx - ok
22:29:49.0453 0x2424  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
22:29:49.0468 0x2424  adpahci - ok
22:29:49.0484 0x2424  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
22:29:49.0499 0x2424  adpu320 - ok
22:29:49.0515 0x2424  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
22:29:49.0546 0x2424  AeLookupSvc - ok
22:29:49.0609 0x2424  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
22:29:49.0640 0x2424  AFD - ok
22:29:49.0655 0x2424  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
22:29:49.0655 0x2424  agp440 - ok
22:29:49.0671 0x2424  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
22:29:49.0687 0x2424  ALG - ok
22:29:49.0718 0x2424  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
22:29:49.0733 0x2424  aliide - ok
22:29:49.0765 0x2424  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
22:29:49.0780 0x2424  amdide - ok
22:29:49.0796 0x2424  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
22:29:49.0811 0x2424  AmdK8 - ok
22:29:49.0827 0x2424  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
22:29:49.0843 0x2424  AmdPPM - ok
22:29:49.0874 0x2424  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
22:29:49.0889 0x2424  amdsata - ok
22:29:49.0905 0x2424  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
22:29:49.0905 0x2424  amdsbs - ok
22:29:49.0921 0x2424  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
22:29:49.0921 0x2424  amdxata - ok
22:29:49.0936 0x2424  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
22:29:49.0967 0x2424  AppID - ok
22:29:49.0983 0x2424  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
22:29:50.0014 0x2424  AppIDSvc - ok
22:29:50.0045 0x2424  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
22:29:50.0061 0x2424  Appinfo - ok
22:29:50.0155 0x2424  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:29:50.0170 0x2424  Apple Mobile Device - ok
22:29:50.0186 0x2424  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
22:29:50.0201 0x2424  arc - ok
22:29:50.0217 0x2424  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
22:29:50.0233 0x2424  arcsas - ok
22:29:50.0326 0x2424  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:29:50.0342 0x2424  aspnet_state - ok
22:29:50.0373 0x2424  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
22:29:50.0389 0x2424  AsyncMac - ok
22:29:50.0451 0x2424  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
22:29:50.0467 0x2424  atapi - ok
22:29:50.0545 0x2424  [ 96ABF88241F90FF647E55C934C55C2F1, DC9EBDD132BC6A1A79A768C575C962B19DB9805C490F926BE8D4804164A2CD7F ] athr            C:\windows\system32\DRIVERS\athrx.sys
22:29:50.0607 0x2424  athr - ok
22:29:50.0623 0x2424  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:29:50.0669 0x2424  AudioEndpointBuilder - ok
22:29:50.0669 0x2424  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
22:29:50.0716 0x2424  AudioSrv - ok
22:29:50.0747 0x2424  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
22:29:50.0779 0x2424  AxInstSV - ok
22:29:50.0794 0x2424  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
22:29:50.0810 0x2424  b06bdrv - ok
22:29:50.0841 0x2424  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
22:29:50.0857 0x2424  b57nd60a - ok
22:29:50.0981 0x2424  [ F2E8CEFC8CF4D6454F4121C5FF93136A, DFD05AD328BD0FDD8BF44043C40084A6DF98BF6F5CEAE71BF793176AF6ADFBBB ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
22:29:50.0997 0x2424  BBSvc - ok
22:29:51.0044 0x2424  [ 6E1BCC590C9D30FEE8FC14DBD053CE94, 4F698D399225A890B7FDCE3773E504B2880534ED1C0F4C37589568C44BA51743 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
22:29:51.0059 0x2424  BBUpdate - ok
22:29:51.0075 0x2424  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
22:29:51.0075 0x2424  BDESVC - ok
22:29:51.0091 0x2424  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
22:29:51.0122 0x2424  Beep - ok
22:29:51.0169 0x2424  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
22:29:51.0200 0x2424  BFE - ok
22:29:51.0231 0x2424  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
22:29:51.0278 0x2424  BITS - ok
22:29:51.0293 0x2424  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
22:29:51.0293 0x2424  blbdrive - ok
22:29:51.0340 0x2424  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:29:51.0371 0x2424  Bonjour Service - ok
22:29:51.0387 0x2424  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
22:29:51.0403 0x2424  bowser - ok
22:29:51.0418 0x2424  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
22:29:51.0418 0x2424  BrFiltLo - ok
22:29:51.0434 0x2424  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
22:29:51.0449 0x2424  BrFiltUp - ok
22:29:51.0481 0x2424  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
22:29:51.0512 0x2424  Browser - ok
22:29:51.0527 0x2424  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
22:29:51.0543 0x2424  Brserid - ok
22:29:51.0543 0x2424  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
22:29:51.0559 0x2424  BrSerWdm - ok
22:29:51.0590 0x2424  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
22:29:51.0590 0x2424  BrUsbMdm - ok
22:29:51.0605 0x2424  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
22:29:51.0621 0x2424  BrUsbSer - ok
22:29:51.0637 0x2424  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
22:29:51.0652 0x2424  BTHMODEM - ok
22:29:51.0668 0x2424  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
22:29:51.0699 0x2424  bthserv - ok
22:29:51.0777 0x2424  [ 9E530C6F0EEE34CCEAC8104838AB68C7, 836210CE25778694F9F348BB6790DF61F7ED896D2B16F5760B20023CD3AC79C9 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
22:29:51.0824 0x2424  c2cautoupdatesvc - ok
22:29:52.0042 0x2424  [ 4A73F48C5528CB6E872D418535A6D3E0, C8F12CA37E89EABD6E4C65A8CD4A4512AD0008FAC459C10BF8317D983DDC1282 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
22:29:52.0198 0x2424  CarboniteService - ok
22:29:52.0245 0x2424  [ 555FA105C22B1616094EDAD1CBFB0551, 3DB8EB0F95589E8CC338AE033C314256296F0BF039B338CF023FE393CF80840C ] cbfs3           C:\windows\system32\DRIVERS\cbfs3.sys
22:29:52.0276 0x2424  cbfs3 - ok
22:29:52.0307 0x2424  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
22:29:52.0354 0x2424  cdfs - ok
22:29:52.0370 0x2424  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
22:29:52.0370 0x2424  cdrom - ok
22:29:52.0401 0x2424  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
22:29:52.0417 0x2424  CertPropSvc - ok
22:29:52.0432 0x2424  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
22:29:52.0448 0x2424  circlass - ok
22:29:52.0463 0x2424  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
22:29:52.0479 0x2424  CLFS - ok
22:29:52.0526 0x2424  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:29:52.0541 0x2424  clr_optimization_v2.0.50727_32 - ok
22:29:52.0588 0x2424  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:29:52.0588 0x2424  clr_optimization_v2.0.50727_64 - ok
22:29:52.0651 0x2424  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:29:52.0666 0x2424  clr_optimization_v4.0.30319_32 - ok
22:29:52.0682 0x2424  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:29:52.0697 0x2424  clr_optimization_v4.0.30319_64 - ok
22:29:52.0713 0x2424  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
22:29:52.0713 0x2424  CmBatt - ok
22:29:52.0775 0x2424  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
22:29:52.0791 0x2424  cmdide - ok
22:29:52.0838 0x2424  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
22:29:52.0869 0x2424  CNG - ok
22:29:52.0916 0x2424  [ 5C855932E4DF00B1B6F5F6F57E82B6C5, 6E33BC6E079E883837DA7E625DDFC71A3757B9F15C97A46D405823E1FE45932C ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:29:52.0963 0x2424  CnxtHdAudService - ok
22:29:52.0978 0x2424  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
22:29:52.0978 0x2424  Compbatt - ok
22:29:52.0994 0x2424  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
22:29:53.0009 0x2424  CompositeBus - ok
22:29:53.0009 0x2424  COMSysApp - ok
22:29:53.0025 0x2424  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
22:29:53.0025 0x2424  crcdisk - ok
22:29:53.0072 0x2424  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
22:29:53.0087 0x2424  CryptSvc - ok
22:29:53.0119 0x2424  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
22:29:53.0150 0x2424  DcomLaunch - ok
22:29:53.0165 0x2424  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
22:29:53.0197 0x2424  defragsvc - ok
22:29:53.0212 0x2424  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
22:29:53.0228 0x2424  DfsC - ok
22:29:53.0259 0x2424  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
22:29:53.0275 0x2424  Dhcp - ok
22:29:53.0290 0x2424  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
22:29:53.0306 0x2424  discache - ok
22:29:53.0321 0x2424  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
22:29:53.0321 0x2424  Disk - ok
22:29:53.0353 0x2424  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
22:29:53.0368 0x2424  Dnscache - ok
22:29:53.0384 0x2424  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
22:29:53.0415 0x2424  dot3svc - ok
22:29:53.0431 0x2424  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
22:29:53.0446 0x2424  DPS - ok
22:29:53.0477 0x2424  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
22:29:53.0477 0x2424  drmkaud - ok
22:29:53.0540 0x2424  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
22:29:53.0555 0x2424  DXGKrnl - ok
22:29:53.0571 0x2424  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
22:29:53.0602 0x2424  EapHost - ok
22:29:53.0696 0x2424  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
22:29:53.0774 0x2424  ebdrv - ok
22:29:53.0867 0x2424  [ 1B7AA375F711F66D5FF2B855F9EC987F, 151E3897A31F0E828D08EBBB9C10A60047B48534BB38349EF1C8D9245524CA58 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:29:53.0883 0x2424  eeCtrl - ok
22:29:53.0930 0x2424  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\windows\System32\lsass.exe
22:29:53.0930 0x2424  EFS - ok
22:29:54.0008 0x2424  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
22:29:54.0023 0x2424  ehRecvr - ok
22:29:54.0023 0x2424  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
22:29:54.0039 0x2424  ehSched - ok
22:29:54.0055 0x2424  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
22:29:54.0086 0x2424  elxstor - ok
22:29:54.0133 0x2424  [ 7230C8B80DDE1F0524C353240B78CC0E, 15F73EBFB9152010E7736AFE518A47C209E17DDB347A40C4CDA0D9BBD26D1176 ] EraserUtilDrv11312 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys
22:29:54.0148 0x2424  EraserUtilDrv11312 - detected UnsignedFile.Multi.Generic ( 1 )
22:29:54.0211 0x2424  EraserUtilDrv11312 ( UnsignedFile.Multi.Generic ) - warning
22:29:57.0159 0x2424  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
22:29:57.0175 0x2424  ErrDev - ok
22:29:57.0221 0x2424  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
22:29:57.0253 0x2424  EventSystem - ok
22:29:57.0268 0x2424  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
22:29:57.0299 0x2424  exfat - ok
22:29:57.0315 0x2424  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
22:29:57.0346 0x2424  fastfat - ok
22:29:57.0377 0x2424  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
22:29:57.0409 0x2424  Fax - ok
22:29:57.0440 0x2424  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
22:29:57.0440 0x2424  fdc - ok
22:29:57.0455 0x2424  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
22:29:57.0487 0x2424  fdPHost - ok
22:29:57.0487 0x2424  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
22:29:57.0518 0x2424  FDResPub - ok
22:29:57.0533 0x2424  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
22:29:57.0533 0x2424  FileInfo - ok
22:29:57.0549 0x2424  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
22:29:57.0565 0x2424  Filetrace - ok
22:29:57.0580 0x2424  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
22:29:57.0596 0x2424  flpydisk - ok
22:29:57.0596 0x2424  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
22:29:57.0611 0x2424  FltMgr - ok
22:29:57.0705 0x2424  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
22:29:57.0752 0x2424  FontCache - ok
22:29:57.0783 0x2424  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:29:57.0799 0x2424  FontCache3.0.0.0 - ok
22:29:57.0814 0x2424  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
22:29:57.0830 0x2424  FsDepends - ok
22:29:57.0845 0x2424  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
22:29:57.0845 0x2424  Fs_Rec - ok
22:29:57.0908 0x2424  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
22:29:57.0939 0x2424  fvevol - ok
22:29:57.0955 0x2424  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
22:29:57.0955 0x2424  gagp30kx - ok
22:29:58.0001 0x2424  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:29:58.0017 0x2424  GEARAspiWDM - ok
22:29:58.0064 0x2424  [ 8F6AE606EB0CC884EE12C41948424422, 4AC74E18D197E31F50A7CB9AE17F6BD1EAA701DA1EC5ABDCBB2858AB0AEDC345 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
22:29:58.0064 0x2424  GoToAssist - ok
22:29:58.0111 0x2424  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
22:29:58.0173 0x2424  gpsvc - ok
22:29:58.0235 0x2424  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:29:58.0251 0x2424  gupdate - ok
22:29:58.0282 0x2424  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:29:58.0282 0x2424  gupdatem - ok
22:29:58.0329 0x2424  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\windows\system32\DRIVERS\hamachi.sys
22:29:58.0329 0x2424  hamachi - ok
22:29:58.0360 0x2424  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
22:29:58.0376 0x2424  hcw85cir - ok
22:29:58.0423 0x2424  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:29:58.0438 0x2424  HdAudAddService - ok
22:29:58.0469 0x2424  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
22:29:58.0485 0x2424  HDAudBus - ok
22:29:58.0501 0x2424  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
22:29:58.0516 0x2424  HidBatt - ok
22:29:58.0547 0x2424  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
22:29:58.0547 0x2424  HidBth - ok
22:29:58.0563 0x2424  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
22:29:58.0579 0x2424  HidIr - ok
22:29:58.0594 0x2424  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
22:29:58.0625 0x2424  hidserv - ok
22:29:58.0672 0x2424  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
22:29:58.0672 0x2424  HidUsb - ok
22:29:58.0719 0x2424  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
22:29:58.0750 0x2424  hkmsvc - ok
22:29:58.0781 0x2424  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:29:58.0781 0x2424  HomeGroupListener - ok
22:29:58.0813 0x2424  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:29:58.0828 0x2424  HomeGroupProvider - ok
22:29:58.0891 0x2424  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:29:58.0922 0x2424  hpqcxs08 - ok
22:29:58.0922 0x2424  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:29:58.0922 0x2424  hpqddsvc - ok
22:29:58.0937 0x2424  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
22:29:58.0953 0x2424  HpSAMD - ok
22:29:59.0015 0x2424  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:29:59.0062 0x2424  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
22:29:59.0062 0x2424  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:29:59.0062 0x2424  Force sending object to P2P due to detect: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:30:02.0198 0x2424  Object send P2P result: true
22:30:05.0131 0x2424  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
22:30:05.0162 0x2424  HTTP - ok
22:30:05.0177 0x2424  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
22:30:05.0177 0x2424  hwpolicy - ok
22:30:05.0209 0x2424  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
22:30:05.0224 0x2424  i8042prt - ok
22:30:05.0302 0x2424  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
22:30:05.0318 0x2424  iaStorV - ok
22:30:05.0365 0x2424  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:30:05.0396 0x2424  idsvc - ok
22:30:05.0396 0x2424  IEEtwCollectorService - ok
22:30:05.0739 0x2424  [ EFE5A0AF39A8E179624117C521F1E012, 185BB1106E42256A6E7C63B09737A7059DD14DEA7C1D85ADF66C50D63CFDA556 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
22:30:06.0004 0x2424  igfx - ok
22:30:06.0020 0x2424  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
22:30:06.0035 0x2424  iirsp - ok
22:30:06.0098 0x2424  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
22:30:06.0129 0x2424  IKEEXT - ok
22:30:06.0145 0x2424  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
22:30:06.0176 0x2424  IntcDAud - ok
22:30:06.0223 0x2424  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
22:30:06.0238 0x2424  intelide - ok
22:30:06.0238 0x2424  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
22:30:06.0254 0x2424  intelppm - ok
22:30:06.0347 0x2424  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:30:06.0347 0x2424  IntuitUpdateServiceV4 - ok
22:30:06.0379 0x2424  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
22:30:06.0425 0x2424  IPBusEnum - ok
22:30:06.0457 0x2424  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
22:30:06.0488 0x2424  IpFilterDriver - ok
22:30:06.0535 0x2424  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
22:30:06.0550 0x2424  iphlpsvc - ok
22:30:06.0566 0x2424  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
22:30:06.0581 0x2424  IPMIDRV - ok
22:30:06.0597 0x2424  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
22:30:06.0628 0x2424  IPNAT - ok
22:30:06.0691 0x2424  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:30:06.0722 0x2424  iPod Service - ok
22:30:06.0737 0x2424  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
22:30:06.0753 0x2424  IRENUM - ok
22:30:06.0769 0x2424  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
22:30:06.0769 0x2424  isapnp - ok
22:30:06.0784 0x2424  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
22:30:06.0800 0x2424  iScsiPrt - ok
22:30:06.0815 0x2424  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
22:30:06.0831 0x2424  kbdclass - ok
22:30:06.0847 0x2424  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
22:30:06.0847 0x2424  kbdhid - ok
22:30:06.0862 0x2424  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\windows\system32\lsass.exe
22:30:06.0878 0x2424  KeyIso - ok
22:30:06.0909 0x2424  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
22:30:06.0925 0x2424  KSecDD - ok
22:30:06.0940 0x2424  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
22:30:06.0956 0x2424  KSecPkg - ok
22:30:06.0956 0x2424  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
22:30:06.0987 0x2424  ksthunk - ok
22:30:07.0003 0x2424  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
22:30:07.0049 0x2424  KtmRm - ok
22:30:07.0081 0x2424  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
22:30:07.0112 0x2424  LanmanServer - ok
22:30:07.0143 0x2424  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:30:07.0159 0x2424  LanmanWorkstation - ok
22:30:07.0174 0x2424  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
22:30:07.0205 0x2424  lltdio - ok
22:30:07.0221 0x2424  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
22:30:07.0252 0x2424  lltdsvc - ok
22:30:07.0268 0x2424  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
22:30:07.0299 0x2424  lmhosts - ok
22:30:07.0330 0x2424  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
22:30:07.0346 0x2424  LSI_FC - ok
22:30:07.0361 0x2424  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
22:30:07.0361 0x2424  LSI_SAS - ok
22:30:07.0393 0x2424  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
22:30:07.0393 0x2424  LSI_SAS2 - ok
22:30:07.0408 0x2424  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
22:30:07.0424 0x2424  LSI_SCSI - ok
22:30:07.0424 0x2424  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
22:30:07.0455 0x2424  luafv - ok
22:30:07.0517 0x2424  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
22:30:07.0517 0x2424  MBAMProtector - ok
22:30:07.0611 0x2424  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:30:07.0627 0x2424  MBAMScheduler - ok
22:30:07.0689 0x2424  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:30:07.0705 0x2424  MBAMService - ok
22:30:07.0736 0x2424  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
22:30:07.0736 0x2424  Mcx2Svc - ok
22:30:07.0751 0x2424  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
22:30:07.0751 0x2424  megasas - ok
22:30:07.0783 0x2424  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
22:30:07.0798 0x2424  MegaSR - ok
22:30:07.0814 0x2424  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
22:30:07.0829 0x2424  MEIx64 - ok
22:30:07.0861 0x2424  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
22:30:07.0892 0x2424  MMCSS - ok
22:30:07.0907 0x2424  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
22:30:07.0939 0x2424  Modem - ok
22:30:07.0954 0x2424  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
22:30:07.0954 0x2424  monitor - ok
22:30:07.0970 0x2424  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
22:30:07.0985 0x2424  mouclass - ok
22:30:07.0985 0x2424  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
22:30:08.0001 0x2424  mouhid - ok
22:30:08.0017 0x2424  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
22:30:08.0017 0x2424  mountmgr - ok
22:30:08.0032 0x2424  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
22:30:08.0048 0x2424  mpio - ok
22:30:08.0063 0x2424  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
22:30:08.0110 0x2424  mpsdrv - ok
22:30:08.0126 0x2424  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
22:30:08.0173 0x2424  MpsSvc - ok
22:30:08.0204 0x2424  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
22:30:08.0219 0x2424  MRxDAV - ok
22:30:08.0235 0x2424  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
22:30:08.0251 0x2424  mrxsmb - ok
22:30:08.0266 0x2424  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
22:30:08.0282 0x2424  mrxsmb10 - ok
22:30:08.0282 0x2424  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
22:30:08.0297 0x2424  mrxsmb20 - ok
22:30:08.0329 0x2424  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
22:30:08.0344 0x2424  msahci - ok
22:30:08.0360 0x2424  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
22:30:08.0375 0x2424  msdsm - ok
22:30:08.0391 0x2424  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
22:30:08.0391 0x2424  MSDTC - ok
22:30:08.0407 0x2424  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
22:30:08.0438 0x2424  Msfs - ok
22:30:08.0438 0x2424  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
22:30:08.0469 0x2424  mshidkmdf - ok
22:30:08.0485 0x2424  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
22:30:08.0485 0x2424  msisadrv - ok
22:30:08.0516 0x2424  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
22:30:08.0547 0x2424  MSiSCSI - ok
22:30:08.0547 0x2424  msiserver - ok
22:30:08.0563 0x2424  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
22:30:08.0578 0x2424  MSKSSRV - ok
22:30:08.0609 0x2424  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
22:30:08.0641 0x2424  MSPCLOCK - ok
22:30:08.0641 0x2424  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
22:30:08.0672 0x2424  MSPQM - ok
22:30:08.0703 0x2424  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
22:30:08.0719 0x2424  MsRPC - ok
22:30:08.0734 0x2424  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
22:30:08.0734 0x2424  mssmbios - ok
22:30:08.0750 0x2424  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
22:30:08.0781 0x2424  MSTEE - ok
22:30:08.0781 0x2424  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
22:30:08.0797 0x2424  MTConfig - ok
22:30:08.0812 0x2424  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
22:30:08.0828 0x2424  Mup - ok
22:30:08.0843 0x2424  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
22:30:08.0890 0x2424  napagent - ok
22:30:08.0906 0x2424  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
22:30:08.0921 0x2424  NativeWifiP - ok
22:30:08.0999 0x2424  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
22:30:09.0015 0x2424  NDIS - ok
22:30:09.0046 0x2424  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
22:30:09.0062 0x2424  NdisCap - ok
22:30:09.0062 0x2424  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
22:30:09.0093 0x2424  NdisTapi - ok
22:30:09.0109 0x2424  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
22:30:09.0124 0x2424  Ndisuio - ok
22:30:09.0155 0x2424  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
22:30:09.0171 0x2424  NdisWan - ok
22:30:09.0187 0x2424  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
22:30:09.0218 0x2424  NDProxy - ok
22:30:09.0249 0x2424  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:30:09.0249 0x2424  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:30:09.0249 0x2424  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:30:12.0182 0x2424  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
22:30:12.0213 0x2424  NetBIOS - ok
22:30:12.0229 0x2424  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
22:30:12.0260 0x2424  NetBT - ok
22:30:12.0275 0x2424  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\windows\system32\lsass.exe
22:30:12.0275 0x2424  Netlogon - ok
22:30:12.0307 0x2424  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
22:30:12.0338 0x2424  Netman - ok
22:30:12.0369 0x2424  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:12.0385 0x2424  NetMsmqActivator - ok
22:30:12.0400 0x2424  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:12.0400 0x2424  NetPipeActivator - ok
22:30:12.0431 0x2424  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
22:30:12.0463 0x2424  netprofm - ok
22:30:12.0463 0x2424  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:12.0478 0x2424  NetTcpActivator - ok
22:30:12.0478 0x2424  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:12.0494 0x2424  NetTcpPortSharing - ok
22:30:12.0509 0x2424  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
22:30:12.0509 0x2424  nfrd960 - ok
22:30:12.0556 0x2424  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
22:30:12.0572 0x2424  NlaSvc - ok
22:30:12.0697 0x2424  [ B9B72FAAAA41D59B73B88FE3DD737ED1, 050E741FB5313523340B19C9C168611222C4AE9A6084FE3E2F908A49EA909A29 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:30:12.0759 0x2424  NOBU - ok
22:30:12.0759 0x2424  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
22:30:12.0790 0x2424  Npfs - ok
22:30:12.0790 0x2424  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
22:30:12.0821 0x2424  nsi - ok
22:30:12.0821 0x2424  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
22:30:12.0853 0x2424  nsiproxy - ok
22:30:12.0946 0x2424  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
22:30:13.0009 0x2424  Ntfs - ok
22:30:13.0009 0x2424  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
22:30:13.0024 0x2424  Null - ok
22:30:13.0087 0x2424  [ 960E39A54E525DF58CB29193147DFFA1, E4620FD0E1E76FA9EBE9C641517D22B82458B62998711C74CA4FC60D55678582 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
22:30:13.0102 0x2424  NVHDA - ok
22:30:13.0399 0x2424  [ FCBA1C22727939E7CFF9EB08FE9692AB, 081FBF38EA17746C5CF2260AD32B62385D4A075476E30CBB9A2AA080F8AA0CA4 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
22:30:13.0601 0x2424  nvlddmkm - ok
22:30:13.0648 0x2424  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
22:30:13.0664 0x2424  nvraid - ok
22:30:13.0711 0x2424  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
22:30:13.0726 0x2424  nvstor - ok
22:30:13.0757 0x2424  [ 10C232F6CFFD51D2332898AE7AE0FF23, 92E5452D8467852C22D702ACAFB5DBFD312A8F72A4353B8D0A9C18AEFCE4B2B2 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:30:13.0789 0x2424  nvsvc - ok
22:30:13.0882 0x2424  [ 4789E020D2617046862D1790FC235FF6, FCFD56DF2CADA830E7B2D4B91D5A9D2FE783B1396CBA124000765168FA5B6574 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:30:13.0913 0x2424  nvUpdatusService - ok
22:30:13.0945 0x2424  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
22:30:13.0960 0x2424  nv_agp - ok
22:30:13.0976 0x2424  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
22:30:13.0976 0x2424  ohci1394 - ok
22:30:14.0038 0x2424  [ 8C02B0CC65BEE71124A565062BA77B39, C3B4965D62995195A776581BA0750FA72833F4E2E1F8F9DC683F562C13A9E20C ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
22:30:14.0054 0x2424  OpenVPNAccessClient - detected UnsignedFile.Multi.Generic ( 1 )
22:30:14.0054 0x2424  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning
22:30:29.0155 0x2424  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
22:30:29.0170 0x2424  p2pimsvc - ok
22:30:29.0186 0x2424  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
22:30:29.0201 0x2424  p2psvc - ok
22:30:29.0217 0x2424  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
22:30:29.0233 0x2424  Parport - ok
22:30:29.0279 0x2424  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
22:30:29.0279 0x2424  partmgr - ok
22:30:29.0311 0x2424  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
22:30:29.0326 0x2424  PcaSvc - ok
22:30:29.0342 0x2424  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
22:30:29.0342 0x2424  pci - ok
22:30:29.0373 0x2424  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
22:30:29.0389 0x2424  pciide - ok
22:30:29.0404 0x2424  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
22:30:29.0420 0x2424  pcmcia - ok
22:30:29.0435 0x2424  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
22:30:29.0451 0x2424  pcw - ok
22:30:29.0467 0x2424  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
22:30:29.0513 0x2424  PEAUTH - ok
22:30:29.0545 0x2424  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
22:30:29.0560 0x2424  PerfHost - ok
22:30:29.0607 0x2424  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
22:30:29.0654 0x2424  pla - ok
22:30:29.0716 0x2424  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
22:30:29.0732 0x2424  PlugPlay - ok
22:30:29.0763 0x2424  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:30:29.0763 0x2424  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:30:29.0763 0x2424  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:30:29.0763 0x2424  Force sending object to P2P due to detect: C:\Windows\system32\HPZipm12.dll
22:30:32.0852 0x2424  Object send P2P result: true
22:30:35.0769 0x2424  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
22:30:35.0785 0x2424  PNRPAutoReg - ok
22:30:35.0816 0x2424  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
22:30:35.0831 0x2424  PNRPsvc - ok
22:30:35.0863 0x2424  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
22:30:35.0894 0x2424  PolicyAgent - ok
22:30:35.0909 0x2424  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
22:30:35.0925 0x2424  Power - ok
22:30:35.0956 0x2424  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
22:30:36.0003 0x2424  PptpMiniport - ok
22:30:36.0019 0x2424  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
22:30:36.0019 0x2424  Processor - ok
22:30:36.0065 0x2424  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
22:30:36.0097 0x2424  ProfSvc - ok
22:30:36.0097 0x2424  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
22:30:36.0112 0x2424  ProtectedStorage - ok
22:30:36.0128 0x2424  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
22:30:36.0143 0x2424  Psched - ok
22:30:36.0159 0x2424  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
22:30:36.0175 0x2424  PxHlpa64 - ok
22:30:36.0221 0x2424  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
22:30:36.0253 0x2424  ql2300 - ok
22:30:36.0268 0x2424  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
22:30:36.0268 0x2424  ql40xx - ok
22:30:36.0284 0x2424  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
22:30:36.0299 0x2424  QWAVE - ok
22:30:36.0315 0x2424  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
22:30:36.0331 0x2424  QWAVEdrv - ok
22:30:36.0331 0x2424  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
22:30:36.0362 0x2424  RasAcd - ok
22:30:36.0362 0x2424  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
22:30:36.0393 0x2424  RasAgileVpn - ok
22:30:36.0409 0x2424  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
22:30:36.0424 0x2424  RasAuto - ok
22:30:36.0440 0x2424  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
22:30:36.0455 0x2424  Rasl2tp - ok
22:30:36.0565 0x2424  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
22:30:36.0596 0x2424  RasMan - ok
22:30:36.0689 0x2424  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
22:30:36.0721 0x2424  RasPppoe - ok
22:30:36.0736 0x2424  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
22:30:36.0767 0x2424  RasSstp - ok
22:30:36.0783 0x2424  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
22:30:36.0814 0x2424  rdbss - ok
22:30:36.0814 0x2424  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
22:30:36.0830 0x2424  rdpbus - ok
22:30:36.0845 0x2424  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
22:30:36.0861 0x2424  RDPCDD - ok
22:30:36.0877 0x2424  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
22:30:36.0908 0x2424  RDPENCDD - ok
22:30:36.0908 0x2424  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
22:30:36.0939 0x2424  RDPREFMP - ok
22:30:36.0986 0x2424  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
22:30:37.0017 0x2424  RDPWD - ok
22:30:37.0033 0x2424  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
22:30:37.0048 0x2424  rdyboost - ok
22:30:37.0064 0x2424  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
22:30:37.0095 0x2424  RemoteAccess - ok
22:30:37.0111 0x2424  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
22:30:37.0126 0x2424  RemoteRegistry - ok
22:30:37.0235 0x2424  [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
22:30:37.0251 0x2424  RoxMediaDB12OEM - ok
22:30:37.0282 0x2424  [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
22:30:37.0298 0x2424  RoxWatch12 - ok
22:30:37.0313 0x2424  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
22:30:37.0360 0x2424  RpcEptMapper - ok
22:30:37.0360 0x2424  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
22:30:37.0376 0x2424  RpcLocator - ok
22:30:37.0391 0x2424  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
22:30:37.0423 0x2424  RpcSs - ok
22:30:37.0423 0x2424  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
22:30:37.0454 0x2424  rspndr - ok
22:30:37.0516 0x2424  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
22:30:37.0532 0x2424  RTL8167 - ok
22:30:37.0547 0x2424  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\windows\system32\lsass.exe
22:30:37.0563 0x2424  SamSs - ok
22:30:37.0579 0x2424  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
22:30:37.0579 0x2424  sbp2port - ok
22:30:37.0610 0x2424  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
22:30:37.0641 0x2424  SCardSvr - ok
22:30:37.0641 0x2424  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
22:30:37.0672 0x2424  scfilter - ok
22:30:37.0703 0x2424  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
22:30:37.0750 0x2424  Schedule - ok
22:30:37.0766 0x2424  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
22:30:37.0797 0x2424  SCPolicySvc - ok
22:30:37.0813 0x2424  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
22:30:37.0813 0x2424  SDRSVC - ok
22:30:37.0844 0x2424  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
22:30:37.0859 0x2424  secdrv - ok
22:30:37.0875 0x2424  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
22:30:37.0891 0x2424  seclogon - ok
22:30:37.0906 0x2424  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
22:30:37.0922 0x2424  SENS - ok
22:30:37.0937 0x2424  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
22:30:37.0953 0x2424  SensrSvc - ok
22:30:37.0969 0x2424  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
22:30:37.0984 0x2424  Serenum - ok
22:30:38.0000 0x2424  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
22:30:38.0015 0x2424  Serial - ok
22:30:38.0015 0x2424  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
22:30:38.0031 0x2424  sermouse - ok
22:30:38.0047 0x2424  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
22:30:38.0078 0x2424  SessionEnv - ok
22:30:38.0093 0x2424  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
22:30:38.0093 0x2424  sffdisk - ok
22:30:38.0109 0x2424  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
22:30:38.0109 0x2424  sffp_mmc - ok
22:30:38.0125 0x2424  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
22:30:38.0140 0x2424  sffp_sd - ok
22:30:38.0140 0x2424  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
22:30:38.0156 0x2424  sfloppy - ok
22:30:38.0234 0x2424  [ E1974A92AC0914A3859359A0A8C82C68, 4908917F72D6E531B44488F06A05915F0DA9767758E44C886F5F93F46BA79654 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:30:38.0249 0x2424  SftService - ok
22:30:38.0281 0x2424  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
22:30:38.0312 0x2424  SharedAccess - ok
22:30:38.0312 0x2424  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:30:38.0343 0x2424  ShellHWDetection - ok
22:30:38.0359 0x2424  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
22:30:38.0374 0x2424  SiSRaid2 - ok
22:30:38.0390 0x2424  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
22:30:38.0390 0x2424  SiSRaid4 - ok
22:30:38.0421 0x2424  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:30:38.0437 0x2424  SkypeUpdate - ok
22:30:38.0452 0x2424  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
22:30:38.0483 0x2424  Smb - ok
22:30:38.0515 0x2424  [ 35AE23A825E89110DFC1BDA69F26F263, 18057B94AD1DD85A0A28F75030D26D736DAF667A5CBD487C8360A82693C88E95 ] SMR410          C:\windows\system32\drivers\SMR410.SYS
22:30:38.0515 0x2424  SMR410 - ok
22:30:38.0530 0x2424  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
22:30:38.0530 0x2424  SNMPTRAP - ok
22:30:38.0546 0x2424  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
22:30:38.0546 0x2424  spldr - ok
22:30:38.0608 0x2424  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
22:30:38.0639 0x2424  Spooler - ok
22:30:38.0717 0x2424  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
22:30:38.0827 0x2424  sppsvc - ok
22:30:38.0827 0x2424  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
22:30:38.0858 0x2424  sppuinotify - ok
22:30:38.0873 0x2424  SRTSPX - ok
22:30:38.0905 0x2424  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
22:30:38.0920 0x2424  srv - ok
22:30:38.0936 0x2424  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
22:30:38.0951 0x2424  srv2 - ok
22:30:38.0967 0x2424  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
22:30:38.0983 0x2424  srvnet - ok
22:30:38.0998 0x2424  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
22:30:39.0014 0x2424  SSDPSRV - ok
22:30:39.0029 0x2424  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
22:30:39.0061 0x2424  SstpSvc - ok
22:30:39.0123 0x2424  [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:30:39.0154 0x2424  Steam Client Service - ok
22:30:39.0217 0x2424  [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:30:39.0232 0x2424  Stereo Service - ok
22:30:39.0248 0x2424  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
22:30:39.0248 0x2424  stexstor - ok
22:30:39.0326 0x2424  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
22:30:39.0326 0x2424  StillCam - ok
22:30:39.0373 0x2424  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
22:30:39.0404 0x2424  stisvc - ok
22:30:39.0435 0x2424  [ 7731F46EC0D687A931CBA063E8F90EF0, 5CF996A209756B901316C4406C7D3E52ECC9C15A1BDB0D4D9C77846AB29FD040 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:30:39.0435 0x2424  stllssvr - ok
22:30:39.0451 0x2424  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
22:30:39.0466 0x2424  swenum - ok
22:30:39.0482 0x2424  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
22:30:39.0529 0x2424  swprv - ok
22:30:39.0575 0x2424  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
22:30:39.0622 0x2424  SysMain - ok
22:30:39.0622 0x2424  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
22:30:39.0638 0x2424  TabletInputService - ok
22:30:39.0653 0x2424  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
22:30:39.0685 0x2424  TapiSrv - ok
22:30:39.0716 0x2424  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\windows\system32\DRIVERS\tapoas.sys
22:30:39.0731 0x2424  tapoas - ok
22:30:39.0731 0x2424  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
22:30:39.0763 0x2424  TBS - ok
22:30:39.0872 0x2424  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
22:30:39.0919 0x2424  Tcpip - ok
22:30:39.0981 0x2424  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
22:30:40.0012 0x2424  TCPIP6 - ok
22:30:40.0043 0x2424  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
22:30:40.0059 0x2424  tcpipreg - ok
22:30:40.0075 0x2424  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
22:30:40.0090 0x2424  TDPIPE - ok
22:30:40.0106 0x2424  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
22:30:40.0121 0x2424  TDTCP - ok
22:30:40.0137 0x2424  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
22:30:40.0168 0x2424  tdx - ok
22:30:40.0184 0x2424  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
22:30:40.0184 0x2424  TermDD - ok
22:30:40.0215 0x2424  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
22:30:40.0246 0x2424  TermService - ok
22:30:40.0262 0x2424  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
22:30:40.0277 0x2424  Themes - ok
22:30:40.0277 0x2424  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
22:30:40.0309 0x2424  THREADORDER - ok
22:30:40.0324 0x2424  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
22:30:40.0340 0x2424  TrkWks - ok
22:30:40.0387 0x2424  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:30:40.0418 0x2424  TrustedInstaller - ok
22:30:40.0465 0x2424  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
22:30:40.0465 0x2424  tssecsrv - ok
22:30:40.0480 0x2424  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
22:30:40.0496 0x2424  TsUsbFlt - ok
22:30:40.0496 0x2424  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
22:30:40.0496 0x2424  TsUsbGD - ok
22:30:40.0527 0x2424  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
22:30:40.0558 0x2424  tunnel - ok
22:30:40.0574 0x2424  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
22:30:40.0589 0x2424  uagp35 - ok
22:30:40.0605 0x2424  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
22:30:40.0636 0x2424  udfs - ok
22:30:40.0652 0x2424  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
22:30:40.0652 0x2424  UI0Detect - ok
22:30:40.0667 0x2424  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
22:30:40.0683 0x2424  uliagpkx - ok
22:30:40.0699 0x2424  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
22:30:40.0699 0x2424  umbus - ok
22:30:40.0699 0x2424  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
22:30:40.0714 0x2424  UmPass - ok
22:30:40.0730 0x2424  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
22:30:40.0761 0x2424  upnphost - ok
22:30:40.0808 0x2424  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
22:30:40.0823 0x2424  USBAAPL64 - ok
22:30:40.0901 0x2424  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
22:30:40.0917 0x2424  usbaudio - ok
22:30:40.0948 0x2424  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\windows\system32\drivers\usbccgp.sys
22:30:40.0979 0x2424  usbccgp - ok
22:30:40.0995 0x2424  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
22:30:40.0995 0x2424  usbcir - ok
22:30:41.0042 0x2424  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\windows\system32\drivers\usbehci.sys
22:30:41.0057 0x2424  usbehci - ok
22:30:41.0089 0x2424  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
22:30:41.0104 0x2424  usbhub - ok
22:30:41.0151 0x2424  [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci         C:\windows\system32\drivers\usbohci.sys
22:30:41.0167 0x2424  usbohci - ok
22:30:41.0167 0x2424  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\drivers\usbprint.sys
22:30:41.0198 0x2424  usbprint - ok
22:30:41.0213 0x2424  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
22:30:41.0213 0x2424  USBSTOR - ok
22:30:41.0245 0x2424  [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
22:30:41.0260 0x2424  usbuhci - ok
22:30:41.0291 0x2424  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
22:30:41.0307 0x2424  usbvideo - ok
22:30:41.0323 0x2424  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
22:30:41.0354 0x2424  UxSms - ok
22:30:41.0369 0x2424  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\windows\system32\lsass.exe
22:30:41.0369 0x2424  VaultSvc - ok
22:30:41.0385 0x2424  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
22:30:41.0401 0x2424  vdrvroot - ok
22:30:41.0416 0x2424  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
22:30:41.0447 0x2424  vds - ok
22:30:41.0463 0x2424  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
22:30:41.0479 0x2424  vga - ok
22:30:41.0479 0x2424  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
22:30:41.0494 0x2424  VgaSave - ok
22:30:41.0510 0x2424  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
22:30:41.0525 0x2424  vhdmp - ok
22:30:41.0557 0x2424  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
22:30:41.0572 0x2424  viaide - ok
22:30:41.0588 0x2424  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
22:30:41.0603 0x2424  volmgr - ok
22:30:41.0635 0x2424  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
22:30:41.0650 0x2424  volmgrx - ok
22:30:41.0666 0x2424  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
22:30:41.0681 0x2424  volsnap - ok
22:30:41.0697 0x2424  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
22:30:41.0713 0x2424  vsmraid - ok
22:30:41.0806 0x2424  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
22:30:41.0869 0x2424  VSS - ok
22:30:41.0869 0x2424  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
22:30:41.0884 0x2424  vwifibus - ok
22:30:41.0900 0x2424  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
22:30:41.0915 0x2424  vwififlt - ok
22:30:41.0931 0x2424  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
22:30:41.0962 0x2424  W32Time - ok
22:30:41.0978 0x2424  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
22:30:41.0993 0x2424  WacomPen - ok
22:30:42.0009 0x2424  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
22:30:42.0040 0x2424  WANARP - ok
22:30:42.0040 0x2424  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
22:30:42.0071 0x2424  Wanarpv6 - ok
22:30:42.0149 0x2424  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
22:30:42.0165 0x2424  WatAdminSvc - ok
22:30:42.0243 0x2424  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
22:30:42.0274 0x2424  wbengine - ok
22:30:42.0290 0x2424  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
22:30:42.0305 0x2424  WbioSrvc - ok
22:30:42.0321 0x2424  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
22:30:42.0337 0x2424  wcncsvc - ok
22:30:42.0352 0x2424  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:30:42.0352 0x2424  WcsPlugInService - ok
22:30:42.0368 0x2424  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
22:30:42.0383 0x2424  Wd - ok
22:30:42.0446 0x2424  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
22:30:42.0461 0x2424  Wdf01000 - ok
22:30:42.0493 0x2424  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
22:30:42.0524 0x2424  WdiServiceHost - ok
22:30:42.0524 0x2424  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
22:30:42.0539 0x2424  WdiSystemHost - ok
22:30:42.0586 0x2424  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
22:30:42.0602 0x2424  WebClient - ok
22:30:42.0617 0x2424  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
22:30:42.0633 0x2424  Wecsvc - ok
22:30:42.0649 0x2424  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
22:30:42.0680 0x2424  wercplsupport - ok
22:30:42.0695 0x2424  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
22:30:42.0727 0x2424  WerSvc - ok
22:30:42.0758 0x2424  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
22:30:42.0789 0x2424  WfpLwf - ok
22:30:42.0820 0x2424  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
22:30:42.0820 0x2424  WimFltr - ok
22:30:42.0836 0x2424  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
22:30:42.0836 0x2424  WIMMount - ok
22:30:42.0851 0x2424  WinDefend - ok
22:30:42.0867 0x2424  WinHttpAutoProxySvc - ok
22:30:42.0914 0x2424  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
22:30:42.0945 0x2424  Winmgmt - ok
22:30:43.0007 0x2424  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
22:30:43.0070 0x2424  WinRM - ok
22:30:43.0117 0x2424  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
22:30:43.0132 0x2424  WinUsb - ok
22:30:43.0163 0x2424  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
22:30:43.0195 0x2424  Wlansvc - ok
22:30:43.0226 0x2424  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:30:43.0226 0x2424  wlcrasvc - ok
22:30:43.0319 0x2424  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:30:43.0382 0x2424  wlidsvc - ok
22:30:43.0382 0x2424  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
22:30:43.0397 0x2424  WmiAcpi - ok
22:30:43.0413 0x2424  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
22:30:43.0429 0x2424  wmiApSrv - ok
22:30:43.0444 0x2424  WMPNetworkSvc - ok
22:30:43.0444 0x2424  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
22:30:43.0460 0x2424  WPCSvc - ok
22:30:43.0475 0x2424  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
22:30:43.0475 0x2424  WPDBusEnum - ok
22:30:43.0491 0x2424  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
22:30:43.0507 0x2424  ws2ifsl - ok
22:30:43.0522 0x2424  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
22:30:43.0538 0x2424  wscsvc - ok
22:30:43.0553 0x2424  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
22:30:43.0569 0x2424  WSDPrintDevice - ok
22:30:43.0569 0x2424  WSearch - ok
22:30:43.0663 0x2424  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
22:30:43.0709 0x2424  wuauserv - ok
22:30:43.0756 0x2424  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
22:30:43.0756 0x2424  WudfPf - ok
22:30:43.0787 0x2424  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
22:30:43.0819 0x2424  wudfsvc - ok
22:30:43.0850 0x2424  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
22:30:43.0881 0x2424  WwanSvc - ok
22:30:43.0897 0x2424  ================ Scan global ===============================
22:30:43.0912 0x2424  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
22:30:43.0959 0x2424  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
22:30:43.0975 0x2424  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
22:30:44.0006 0x2424  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
22:30:44.0037 0x2424  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
22:30:44.0053 0x2424  [ Global ] - ok
22:30:44.0053 0x2424  ================ Scan MBR ==================================
22:30:44.0053 0x2424  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:30:44.0255 0x2424  \Device\Harddisk0\DR0 - ok
22:30:44.0255 0x2424  ================ Scan VBR ==================================
22:30:44.0255 0x2424  [ DDFD59F5963016FD365A93EBECDE5501 ] \Device\Harddisk0\DR0\Partition1
22:30:44.0302 0x2424  \Device\Harddisk0\DR0\Partition1 - ok
22:30:44.0302 0x2424  [ 743BD8FE972548404DD36EAAE4AC3819 ] \Device\Harddisk0\DR0\Partition2
22:30:44.0333 0x2424  \Device\Harddisk0\DR0\Partition2 - ok
22:30:44.0333 0x2424  Win FW state via NFP2: enabled
22:30:47.0251 0x2424  ============================================================
22:30:47.0251 0x2424  Scan finished
22:30:47.0251 0x2424  ============================================================
22:30:47.0251 0x007c  Detected object count: 5
22:30:47.0251 0x007c  Actual detected object count: 5
22:30:58.0202 0x007c  EraserUtilDrv11312 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:58.0202 0x007c  EraserUtilDrv11312 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:58.0202 0x007c  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:58.0202 0x007c  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:58.0202 0x007c  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:58.0202 0x007c  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:58.0202 0x007c  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:58.0202 0x007c  OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:58.0202 0x007c  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:58.0202 0x007c  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:34.0099 0x2564  Deinitialize success

 

aswMBR Logs:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-20 22:40:36
-----------------------------
22:40:36.223    OS Version: Windows x64 6.1.7601 Service Pack 1
22:40:36.223    Number of processors: 4 586 0x2A07
22:40:36.223    ComputerName: BAILEYREALCOMP  UserName: Shane
22:40:38.391    Initialize success
22:40:55.770    AVAST engine defs: 14032000
22:40:56.035    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:40:56.035    Disk 0 Vendor: ST31000524AS JC47 Size: 953869MB BusType: 3
22:40:56.160    Disk 0 MBR read successfully
22:40:56.160    Disk 0 MBR scan
22:40:56.175    Disk 0 Windows VISTA default MBR code
22:40:56.175    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
22:40:56.191    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        14142 MB offset 81920
22:40:56.191    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       939686 MB offset 29044736
22:40:56.207    Disk 0 scanning C:\windows\system32\drivers
22:41:06.347    Service scanning
22:41:23.694    Modules scanning
22:41:23.694    Disk 0 trace - called modules:
22:41:23.725    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:41:23.725    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a8b060]
22:41:23.741    3 CLASSPNP.SYS[fffff880019ad43f] -> nt!IofCallDriver -> [0xfffffa800742d580]
22:41:23.741    5 ACPI.sys[fffff88000f947a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800742f060]
22:41:37.906    AVAST engine scan C:\windows
22:41:40.121    AVAST engine scan C:\windows\system32
22:44:26.807    AVAST engine scan C:\windows\system32\drivers
22:44:40.831    AVAST engine scan C:\Users\Shane
23:33:54.667    AVAST engine scan C:\ProgramData
23:35:44.180    Scan finished successfully
00:08:06.742    Disk 0 MBR has been saved successfully to "C:\Users\Shane\Desktop\MBR.dat"
00:08:06.742    The log file has been saved successfully to "C:\Users\Shane\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   570bytes   1 downloads

Edited by SSROCK101, 21 March 2014 - 09:16 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 22 March 2014 - 06:50 AM



I would like more information on this Start.exe file.

>>> Run Jotti's malware scan: Please copy this line (in bold):
D:\Start.exe
  • Go to Jotti's malware scan
  • and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Capture.JPG
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com

===

When this is complete rename the file Start.exe to Start.exe.old
Restart the computer normally.

Any error message?

#9 SSROCK101

SSROCK101
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 22 March 2014 - 08:05 AM

Ok I've ran the scan and renamed it to start.exe.old and there wasn't any error message.

~Edit~ I just found out I cannot open CMD even in safemode and alot of .exe's, I can open some but not all. It gives me error message 0xc0000142 for CMD and the .exe's.

Here is the permalink: http://virusscan.jotti.org/en/scanresult/18c93675936040ec9115b60209823968a0a4f5f2/4c2fc9496e3da3e602c53d415a75568185057faf


Edited by SSROCK101, 22 March 2014 - 08:26 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 22 March 2014 - 12:46 PM

Ok I've ran the scan and renamed it to start.exe.old and there wasn't any error message.

If it's not required and you do not know what it is delete the file and leave it in your Recycle bin for awhile.

====

~Edit~ I just found out I cannot open CMD even in safemode and alot of .exe's, I can open some but not all. It gives me error message 0xc0000142 for CMD and the .exe's.


I think you have to run the CMD FROM the Start > Run box.
That should open the DOS prompt.

To exit the DOS type EXIT and hit the enter key.
===

Lets check these files "svchost.exe" And "conhost,exe"

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    svchost.exe
    conhost,exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#11 SSROCK101

SSROCK101
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 22 March 2014 - 02:08 PM

Ok I've deleted start.exe into the recycle bin. And using the method that you said its still giving me the same errors for CMD. When I searched conhost.exe in my start bar it isn't coming up.. not sure why.

Here is the SystemLook.txt

 

SystemLook 30.07.11 by jpshortstuff
Log created at 15:04 on 22/03/2014 by Shane
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "svchost.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 218184 bytes [05:11 17/03/2014] [18:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC
C:\Windows\System32\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\SysWOW64\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

Searching for "conhost.exe"
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe --a---- 337920 bytes [03:23 21/11/2010] [03:23 21/11/2010] BD51024FB014064BC9FE8C715C18392F
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17641_none_d25e5e0418d454e9\conhost.exe --a---- 338432 bytes [14:11 14/08/2011] [05:25 24/06/2011] 448BF22538F1DFCB3412AE2B1CF123A9
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17932_none_d26a33ec18cb49c4\conhost.exe --a---- 338432 bytes [16:34 10/10/2012] [18:46 20/08/2012] 402B44B31C7183FCF2C4E1083AF317FA
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17965_none_d24cc50618e0e99c\conhost.exe --a---- 338432 bytes [05:02 13/12/2012] [15:21 04/10/2012] 3326166011C9BC13D6A8EFD856E9921C
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18015_none_d282acc418b89129\conhost.exe --a---- 338432 bytes [22:28 09/01/2013] [03:23 30/11/2012] 1BCDB508143B517F21BBDAC10F5777BF
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4\conhost.exe --a---- 338432 bytes [22:31 10/09/2013] [01:09 02/08/2013] BF95EA5809E3BBF55370F7CB309FEBD0
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21756_none_d2e22c5531f58f57\conhost.exe --a---- 338432 bytes [14:11 14/08/2011] [05:18 24/06/2011] E86156EFE7ACD220DC5E705F1F735E05
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22091_none_d2b1c721321aadf8\conhost.exe --a---- 338432 bytes [16:34 10/10/2012] [18:20 20/08/2012] DA688FE245286A540E394E315F19DAE4
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22125_none_d30179a331de4ce4\conhost.exe --a---- 338432 bytes [05:02 13/12/2012] [15:18 04/10/2012] D1F53BEDD4C2288AF00142F74928EE0E
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22177_none_d2cd6a9b32050b47\conhost.exe --a---- 338432 bytes [22:28 09/01/2013] [05:49 30/11/2012] B19B30E594EE374C69F71DAD26198400
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22209_none_d31b1c8931ca7785\conhost.exe --a---- 338432 bytes [21:15 13/02/2013] [03:17 04/01/2013] A31ED9834A85E049585F95413A30C755
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22379_none_d2cf6efb32033843\conhost.exe --a---- 338432 bytes [04:07 14/08/2013] [03:12 08/07/2013] 1405589128012ABF97CDAA99073D4FD0
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22411_none_d3084e1931d9c30c\conhost.exe --a---- 338432 bytes [22:31 10/09/2013] [05:17 02/08/2013] F6018BE264B73EECEDA885FA250C5962
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22436_none_d2f7afb331e579a1\conhost.exe --a---- 338432 bytes [06:56 09/10/2013] [01:14 29/08/2013] D62757257B2DCBD15B1BA9EA3B385C1A

-= EOF =-



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 23 March 2014 - 07:43 AM

There should be a conhost.exe file in the System32 folder.

Run the SFC.exe tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

How is the computer performing now?

#13 SSROCK101

SSROCK101
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 23 March 2014 - 09:09 AM

System running decent, still pretty slow. Still cannot run cmd and most .exe's though. Also my Norton 360 removed a skyland password stealer tool.exe Today, I saw this in the security logs. I ran a scan and it said it removed skyland password stealer tool.exe again, It keeps duplicating somehow.

Cannot run SFC.exe either: 6224c6e97d9d286b97bc14c109d2b636.png



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 23 March 2014 - 12:09 PM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#15 SSROCK101

SSROCK101
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida USA
  • Local time:05:49 PM

Posted 25 March 2014 - 03:08 AM

Hello extremely sorry about the late reply. I have been trying to get ComboFix to run. I've disabled my antivirus and firewall and havnt had any programs opened while it scans. I had to do go somewhere so I let it scan for the day (Close to 12 hours) and when I came home it was stayed on this.

16c7aeb2b2ea412b9cdecad18a7bac27.png

I tried the scan again today for 4 hours and it stayed in the same spot. Any help? :(






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users