TechSpot

[A] Windows has discovered a critical error and will shut off in one minute

Inactive
By Joshua Escandon
Aug 26, 2012
  1. I installed Microsoft security essentials because I had found out I had a really nasty virus and now every single time I power on my computer I receive this message. If anyone could help me out I would appreciate it.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    What Windows version is it?
     
  3. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    Thanks for replying! It's a laptop with windows 7.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  5. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    After I select repair your computer I get an error message.

    An error has occurred.

    ERROR : F3-F100-0010
    An error has occurred .
    Please press [OK] to turn off the computer.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Do you have Windows 7 DVD?
     
  7. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    No, Windows was pre-instaled.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,668   +267

  9. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    Sorry, but what exactly do I download?

    I'm downloading the windows 7 home premium iso as that is what my computer is. I have to run to the store to get some disks I will reply back when I am done burning the dvd.
     
  10. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool Version: 26-08-2012 01
    Ran by SYSTEM at 28-08-2012 00:37:44
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet003

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11786344 2011-04-21] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 [2207848 2011-04-21] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
    HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544624 2011-05-24] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [532480 2011-03-10] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM [34160 2010-08-16] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [x]
    HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
    HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [167936 2011-03-23] (Applian Technologies, Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
    HKLM-x32\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [929680 2011-09-29] (Samsung)
    HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-29] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Josh\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-02-23] (Google Inc.)
    HKU\Josh\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
    HKU\Josh\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12218904 2012-07-20] (Google)
    HKU\Josh\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-29] ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk
    ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)

    ==================== Services (Whitelisted) ======

    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [123320 2011-07-19] (Symantec Corporation)
    2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
    2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [76888 2012-04-25] ()

    ==================== Drivers (Whitelisted) ===================

    3 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
    3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [42096 2010-10-18] (Atheros)
    3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
    3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-04-17] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-17] (Symantec Corporation)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120516.001\IDSvia64.sys [488568 2012-04-27] (Symantec Corporation)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120517.005\ENG64.SYS [120440 2012-05-17] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120517.005\EX64.SYS [2068600 2012-05-17] (Symantec Corporation)
    3 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
    3 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
    3 SymDS; C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
    3 SymEFA; C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
    3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-18] (Symantec Corporation)
    3 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
    3 SymNetS; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) =================


    ==================== One Month Created Files and Folders ======================

    2012-08-27 22:25 - 2012-08-27 22:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4583265E66736CA
    2012-08-27 22:25 - 2012-08-27 22:25 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lzmftllz.sys
    2012-08-27 22:13 - 2012-08-27 22:13 - 00328704 ____A C:\Windows\System32\services.exe.B106300726C23A4D
    2012-08-26 17:32 - 2012-08-26 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.428C1009BBF8E8B2
    2012-08-26 17:29 - 2012-08-26 17:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3306955B587F984
    2012-08-26 14:26 - 2012-08-26 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A14C831BAEBAE8BD
    2012-08-26 14:23 - 2012-08-26 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA823EB23275F0F7
    2012-08-26 14:20 - 2012-08-26 14:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94F855615401EC48
    2012-08-26 14:17 - 2012-08-26 14:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A47134138D585D9
    2012-08-25 21:52 - 2012-08-25 21:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95CDE97BC1941194
    2012-08-25 21:50 - 2012-08-25 21:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC42A5D4BBD5F14E
    2012-08-25 21:47 - 2012-08-25 21:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1889ED5956C3462
    2012-08-25 21:45 - 2012-08-25 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8376C1048FB926D2
    2012-08-25 21:41 - 2012-08-25 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A09526DB3C3839D
    2012-08-25 21:36 - 2012-08-25 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9202D0B93A44CC4C
    2012-08-25 21:30 - 2012-08-25 21:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18A06EC7A3FE7FA9
    2012-08-25 21:28 - 2012-08-25 21:28 - 00000012 ____A C:\Users\Josh\Desktop\fix.bat
    2012-08-25 21:22 - 2012-08-25 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD77DCDFF8E06CFB
    2012-08-25 21:22 - 2012-08-25 21:22 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pnqupren.sys
    2012-08-25 21:19 - 2012-08-25 21:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD74D62271D0B52B
    2012-08-25 21:04 - 2012-08-25 21:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.17B33482AFB4AAF5
    2012-08-25 21:00 - 2012-08-25 21:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.823BBA40C5D7111B
    2012-08-25 20:58 - 2012-08-25 20:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.507BF273A7ED5C82
    2012-08-22 23:19 - 2012-08-22 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3AD4E73F4D9D483
    2012-08-22 23:19 - 2012-08-22 23:19 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jwtlqgcs.sys
    2012-08-22 23:16 - 2012-08-22 23:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.144CFDB8DF1DB891
    2012-08-22 23:13 - 2012-08-22 23:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B601E775EDD7A35E
    2012-08-22 23:11 - 2012-08-22 23:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.658927C12B1A8FBE
    2012-08-22 23:07 - 2012-08-22 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CD3BAE1DCB56F01
    2012-08-22 23:05 - 2012-08-22 23:05 - 00274672 ____A C:\Windows\Minidump\082312-21481-01.dmp
    2012-08-22 23:00 - 2012-08-22 23:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.99E73EDEF8C3FB49
    2012-08-22 22:57 - 2012-08-22 22:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4B116AE53295004
    2012-08-22 22:53 - 2012-08-22 22:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E0F4C2454944111
    2012-08-22 22:53 - 2012-08-22 22:53 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\revaltik.sys
    2012-08-22 22:50 - 2012-08-22 22:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12B79291F5720E22
    2012-08-22 22:48 - 2012-08-22 22:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19271E685F19FA3E
    2012-08-22 22:45 - 2012-08-22 22:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96403AB285F2B340
    2012-08-22 22:42 - 2012-08-22 22:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFFE96309A003A47
    2012-08-22 22:39 - 2012-08-22 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.706804C73ECBE336
    2012-08-22 22:33 - 2012-08-22 22:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB805B76E499FB0A
    2012-08-22 22:31 - 2012-08-22 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CFFC450570F5CA8
    2012-08-22 22:22 - 2012-08-22 22:22 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-22 22:22 - 2012-08-22 22:22 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-22 22:22 - 2012-08-22 22:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-22 22:21 - 2012-08-22 22:21 - 12621696 ____A (Microsoft Corporation) C:\Users\Josh\Downloads\mseinstall.exe
    2012-08-22 22:20 - 2012-08-22 22:20 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-08-22 22:20 - 2012-08-22 22:20 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-08-22 22:20 - 2012-08-22 22:20 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-08-22 22:20 - 2012-08-22 22:20 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-08-22 22:19 - 2012-08-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java
    2012-08-22 06:59 - 2012-08-22 13:43 - 00000646 ____A C:\Users\Josh\Desktop\Loss - Brave.lnk
    2012-08-22 06:53 - 2012-08-22 13:42 - 00000000 ____D C:\Users\Josh\Desktop\Necros Christos and Loss_2005_(Split)
    2012-08-22 06:43 - 2012-08-22 06:49 - 38595095 ____A C:\Users\Josh\Downloads\Necros_Christos_and_Loss_2005__Split_.rar
    2012-08-21 23:35 - 2012-08-21 23:35 - 00000000 ____D C:\Users\Josh\Desktop\Four Burials - Otesanek, Loss, Orthodox & Mournful Congregation Split [2008]
    2012-08-21 23:27 - 2012-08-21 23:44 - 00000000 ____D C:\Users\Josh\Downloads\[ www.Torrenting.com ] - The.Dictator.2012.Unrated.Ext.Cut.BDRip.XVID.AC3.HQ.Hive-CM8
    2012-08-21 23:26 - 2010-04-30 11:59 - 00000000 ____D C:\Users\Josh\Desktop\ORTHODOX - Sentencia (2009)
    2012-08-21 22:21 - 2012-08-21 22:50 - 53121645 ____A C:\Users\Josh\Downloads\ORTHODOX_-_Sentencia__2009_.zip
    2012-08-21 22:18 - 2012-08-21 22:19 - 71253132 ____A C:\Users\Josh\Downloads\Four Burials [2008].rar
    2012-08-21 13:58 - 2012-08-21 13:58 - 00000000 ___RD C:\Users\Josh\Desktop\Orthodox - Amanecer en Puerta Oscura
    2012-08-21 13:58 - 2012-08-21 13:58 - 00000000 ____D C:\Users\Josh\Desktop\orthodox-gran poder
    2012-08-21 13:58 - 2011-03-23 20:00 - 00000000 ____D C:\Users\Josh\Desktop\Orthodox
    2012-08-21 12:15 - 2012-08-21 12:17 - 81496419 ____A C:\Users\Josh\Downloads\Orthodox.zip
    2012-08-21 12:13 - 2012-08-21 12:17 - 69256986 ____A C:\Users\Josh\Downloads\Orthodox - Amanecer en Puerta Oscura.rar
    2012-08-21 12:12 - 2012-08-21 12:15 - 82111003 ____A C:\Users\Josh\Downloads\orthodox-gran poder.rar
    2012-08-21 11:50 - 2012-08-21 11:52 - 00000000 ____D C:\Users\Josh\Downloads\The Inbetweeners Movie 2011 BRRip XviD xTriLL
    2012-08-20 14:33 - 2012-08-20 21:36 - 00000000 ____D C:\Users\Josh\Desktop\Bell witch
    2012-08-20 14:12 - 2012-08-20 14:13 - 53080660 ____A C:\Users\Josh\Downloads\Bell Witch Demo 2011.ZIP
    2012-08-19 22:43 - 2012-08-19 22:45 - 00000000 ____D C:\Users\Josh\Downloads\Lisa.Lampanelli.Long.Live.the.Queen.HDTV.XviD-SYS
    2012-08-19 22:36 - 2012-08-19 22:42 - 00000000 ____D C:\Users\Josh\Downloads\[ www.Torrenting.com ] - The.Comedy.Central.Roast.of.Donald.Trump.HDTV.XviD-FQM
    2012-08-19 20:47 - 2012-08-19 20:48 - 00000000 ____D C:\Users\Josh\Downloads\Comedy Central Roast of Pamela Anderson - DVDRip.XviD
    2012-08-19 19:32 - 2012-08-19 19:36 - 00000000 ____D C:\Users\Josh\Downloads\Comedy Central Roast of Larry The Cable Guy DSRip XviD aAF[nzbmatrix.com]
    2012-08-19 14:52 - 2012-08-19 14:52 - 00000000 ____D C:\Users\Josh\Desktop\Beyul
    2012-08-19 14:50 - 2012-08-19 14:51 - 92778391 ____A C:\Users\Josh\Downloads\Yakuza - 2007 - Transmutations.rar
    2012-08-19 14:29 - 2012-08-19 14:34 - 489490432 ____A C:\Users\Josh\Downloads\Awesomenauts.iso
    2012-08-19 14:16 - 2012-08-19 14:16 - 00000000 ____D C:\Users\Josh\Downloads\Sleeping Dogs Limited Edition + 1.4 Patch+ crack fix
    2012-08-18 23:56 - 2012-08-19 00:00 - 183641344 ____A C:\Users\Josh\Downloads\Modern.Family.S01E02.HDTV.XviD-2HD.avi
    2012-08-18 23:56 - 2012-08-18 23:59 - 182314938 ____A C:\Users\Josh\Downloads\Modern.Family.S01E01.HDTV.XviD-2HD.avi
    2012-08-18 09:29 - 2012-08-18 09:32 - 00000000 ____D C:\Users\Josh\Downloads\[ www.TorrentDay.com ] - The.Comedy.Central.Roast.of.Roseanne.UNCENSORED.480p.WEB-DL.x264-mSD
    2012-08-17 08:11 - 2012-08-17 08:12 - 102037062 ____A C:\Users\Josh\Downloads\TestOvSubmission.zip
    2012-08-16 22:29 - 2012-08-16 22:31 - 00000000 ____D C:\Users\Josh\Downloads\Wilfred.US.S02E09.HDTV.XviD-AFG
    2012-08-16 22:17 - 2012-08-16 22:22 - 00000000 ____D C:\Users\Josh\Downloads\The Watch 2012 TS XviD READNFO - MARTiNE
    2012-08-14 09:51 - 2012-08-14 10:20 - 71442688 ____A C:\Users\Josh\Downloads\Katatonia - 2012.rar
    2012-08-12 23:17 - 2012-08-12 23:21 - 150286717 ____A C:\Users\Josh\Downloads\Black.Dynamite.S01E05.HDTV.x264-2HD.mp4
    2012-08-11 14:19 - 2012-08-11 14:20 - 00000000 ____D C:\Users\Josh\Downloads\[ www.Torrenting.com ] - VHS.2012.VODRip.XviD-AQOS
    2012-08-11 14:19 - 2012-08-11 14:20 - 00000000 ____D C:\Users\Josh\Desktop\Demo
    2012-08-11 14:17 - 2012-08-11 14:18 - 51885504 ____A C:\Users\Josh\Downloads\Ash Borer - Ash Borer-Fell Voices Split.zip
    2012-08-11 14:17 - 2012-08-11 14:17 - 60029829 ____A C:\Users\Josh\Downloads\Ash Borer - Demo.zip
    2012-08-10 00:51 - 2012-08-10 00:53 - 19239368 ____A C:\Users\Josh\Downloads\Ash Borer - MMIX by Bad.rar
    2012-08-10 00:31 - 2012-08-10 00:50 - 174866616 ____A C:\Users\Josh\Downloads\Ash Borer - MMIX by Bad.rar.part
    2012-08-09 21:46 - 2012-08-09 21:51 - 00000000 ____D C:\Users\Josh\Downloads\American.Reunion.2012.UNRATED.1080p.Bluray.x264.anoXmous
    2012-08-09 20:45 - 2012-08-09 20:48 - 133172526 ____A C:\Users\Josh\Downloads\Wilfred.US.S02E08.HDTV.x264-ASAP.[VTV].mp4
    2012-08-09 13:59 - 2012-08-09 13:59 - 00000000 ____D C:\Users\Josh\Desktop\Winterfylleth
    2012-08-09 13:56 - 2012-08-09 13:57 - 103105468 ____A C:\Users\Josh\Downloads\WINTERFYLLETH_-_The_Threnody_Of_Triumph.zip
    2012-08-09 00:08 - 2012-08-09 00:08 - 00000000 ____D C:\Users\Josh\Downloads\Breaking Bad S05E03 Hazard Pay HDTV x264-FQM[ettv]
    2012-08-09 00:05 - 2012-08-09 00:06 - 143109176 ____A C:\Users\Josh\Downloads\Black.Dynamite.S01E04.HDTV.x264-COMPULSiON.mp4
    2012-08-08 23:13 - 2012-08-08 23:15 - 130572686 ____A C:\Users\Josh\Downloads\Black.Dynamite.S01E03.HDTV.x264-2HD.mp4
    2012-08-08 23:10 - 2012-08-08 23:13 - 215160159 ____A C:\Users\Josh\Downloads\Wilfred.US.S02E07.HDTV.x264-EVOLVE.[VTV].mp4
    2012-08-08 23:09 - 2012-08-08 23:09 - 00000000 ____D C:\Users\Josh\Desktop\Locrian & Mamiffer - 2012 - Bless Them That Curse You
    2012-08-08 22:56 - 2012-08-08 23:09 - 121048210 ____A C:\Users\Josh\Downloads\Locrian.MamifferBTTCY12 by Bad.rar
    2012-08-07 13:31 - 2012-08-07 13:31 - 00000000 ____D C:\Users\Josh\Desktop\Oro OpusAlter
    2012-08-07 13:20 - 2012-08-07 13:30 - 173058027 ____A C:\Users\Josh\Downloads\UFOMAMMUT_-_ORO__Opus_Alter.zip
    2012-08-07 13:17 - 2012-08-07 13:17 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
    2012-08-07 13:17 - 2012-08-07 13:17 - 00000000 ____D C:\Users\Default\AppData\Local\Google
    2012-08-07 13:17 - 2012-08-07 13:17 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
    2012-08-07 13:17 - 2012-08-07 13:17 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
    2012-08-06 21:56 - 2012-08-05 17:08 - 00045376 ____A C:\Users\Josh\Desktop\REC.3.Genesis.2012.720p.Bluray.x264.anoXmous_eng.srt
    2012-08-06 21:52 - 2012-08-05 17:44 - 555827571 ____A C:\Users\Josh\Desktop\REC.3.Genesis.2012.720p.Bluray.x264.anoXmous.mp4
    2012-08-02 22:48 - 2012-08-02 22:55 - 00000000 ____D C:\Users\Josh\Downloads\[ www.TorrentDay.com ] - Wilfred.US.S02E06.Control.480p.WEB-DL.x264-mSD
    2012-08-01 13:15 - 2012-08-09 20:46 - 00000000 ____D C:\Users\Josh\Desktop\Flourishing
    2012-07-29 16:10 - 2012-07-29 16:10 - 00000000 ____D C:\Users\Josh\Desktop\Krallice 2011 - Diotima
    2012-07-29 15:58 - 2012-07-29 15:59 - 02870572 ____A C:\Users\Josh\Downloads\M.C.3.F.N.v1.0.0_androidfield.com.apk
    2012-07-29 15:45 - 2012-07-29 15:45 - 00000000 ____D C:\Users\Josh\Downloads\THE DARK KNIGHT RISES BY GAMELOFT V1.0.6 APK GAME FOR ANDROID
    2012-07-29 15:21 - 2012-07-29 15:23 - 176663771 ____A C:\Users\Josh\Downloads\Black.Dynamite.S01E02.Bullhorn.Nights.or.Mandingos.Got.a.Pink.Toe.HDTV.x264-FQM.mp4


    ==================== 3 Months Modified Files ================================

    2012-08-27 22:25 - 2012-08-27 22:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4583265E66736CA
    2012-08-27 22:25 - 2012-08-27 22:25 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lzmftllz.sys
    2012-08-27 22:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-27 22:17 - 2009-07-13 20:51 - 00073207 ____A C:\Windows\setupact.log
    2012-08-27 22:13 - 2012-08-27 22:13 - 00328704 ____A C:\Windows\System32\services.exe.B106300726C23A4D
    2012-08-27 22:12 - 2012-02-23 09:56 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-26 17:32 - 2012-08-26 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.428C1009BBF8E8B2
    2012-08-26 17:29 - 2012-08-26 17:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3306955B587F984
    2012-08-26 17:25 - 2012-06-21 13:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-26 17:25 - 2012-04-23 17:41 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1226115731-3574901421-768655980-1003UA.job
    2012-08-26 17:25 - 2012-04-23 17:41 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1226115731-3574901421-768655980-1003Core.job
    2012-08-26 17:25 - 2012-02-23 09:56 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-26 14:26 - 2012-08-26 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A14C831BAEBAE8BD
    2012-08-26 14:23 - 2012-08-26 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA823EB23275F0F7
    2012-08-26 14:20 - 2012-08-26 14:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94F855615401EC48
    2012-08-26 14:17 - 2012-08-26 14:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A47134138D585D9
    2012-08-25 21:52 - 2012-08-25 21:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95CDE97BC1941194
    2012-08-25 21:50 - 2012-08-25 21:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC42A5D4BBD5F14E
    2012-08-25 21:47 - 2012-08-25 21:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1889ED5956C3462
    2012-08-25 21:45 - 2012-08-25 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8376C1048FB926D2
    2012-08-25 21:41 - 2012-08-25 21:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A09526DB3C3839D
    2012-08-25 21:36 - 2012-08-25 21:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9202D0B93A44CC4C
    2012-08-25 21:30 - 2012-08-25 21:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18A06EC7A3FE7FA9
    2012-08-25 21:28 - 2012-08-25 21:28 - 00000012 ____A C:\Users\Josh\Desktop\fix.bat
    2012-08-25 21:22 - 2012-08-25 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD77DCDFF8E06CFB
    2012-08-25 21:22 - 2012-08-25 21:22 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pnqupren.sys
    2012-08-25 21:19 - 2012-08-25 21:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD74D62271D0B52B
    2012-08-25 21:04 - 2012-08-25 21:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.17B33482AFB4AAF5
    2012-08-25 21:00 - 2012-08-25 21:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.823BBA40C5D7111B
    2012-08-25 20:58 - 2012-08-25 20:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.507BF273A7ED5C82
    2012-08-25 20:56 - 2010-11-20 19:47 - 00016860 ____A C:\Windows\PFRO.log
    2012-08-22 23:19 - 2012-08-22 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3AD4E73F4D9D483
    2012-08-22 23:19 - 2012-08-22 23:19 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jwtlqgcs.sys
    2012-08-22 23:16 - 2012-08-22 23:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.144CFDB8DF1DB891
    2012-08-22 23:13 - 2012-08-22 23:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B601E775EDD7A35E
    2012-08-22 23:11 - 2012-08-22 23:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.658927C12B1A8FBE
    2012-08-22 23:07 - 2012-08-22 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CD3BAE1DCB56F01
    2012-08-22 23:05 - 2012-08-22 23:05 - 00274672 ____A C:\Windows\Minidump\082312-21481-01.dmp
    2012-08-22 23:05 - 2012-07-18 21:00 - 345504555 ____A C:\Windows\MEMORY.DMP
    2012-08-22 23:00 - 2012-08-22 23:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.99E73EDEF8C3FB49
    2012-08-22 22:57 - 2012-08-22 22:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B4B116AE53295004
    2012-08-22 22:53 - 2012-08-22 22:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E0F4C2454944111
    2012-08-22 22:53 - 2012-08-22 22:53 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\revaltik.sys
    2012-08-22 22:50 - 2012-08-22 22:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12B79291F5720E22
    2012-08-22 22:48 - 2012-08-22 22:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19271E685F19FA3E
    2012-08-22 22:45 - 2012-08-22 22:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96403AB285F2B340
    2012-08-22 22:42 - 2012-08-22 22:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFFE96309A003A47
    2012-08-22 22:40 - 2009-07-13 21:13 - 00782986 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-22 22:39 - 2012-08-22 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.706804C73ECBE336
    2012-08-22 22:33 - 2012-08-22 22:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB805B76E499FB0A
    2012-08-22 22:31 - 2012-08-22 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CFFC450570F5CA8
    2012-08-22 22:26 - 2009-07-13 20:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-22 22:26 - 2009-07-13 20:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-22 22:25 - 2012-02-23 09:08 - 01581260 ____A C:\Windows\WindowsUpdate.log
    2012-08-22 22:22 - 2012-08-22 22:22 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-22 22:22 - 2012-04-20 16:58 - 00797136 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-22 22:21 - 2012-08-22 22:21 - 12621696 ____A (Microsoft Corporation) C:\Users\Josh\Downloads\mseinstall.exe
    2012-08-22 22:20 - 2012-08-22 22:20 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-08-22 22:20 - 2012-08-22 22:20 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-08-22 22:20 - 2012-08-22 22:20 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-08-22 22:20 - 2012-08-22 22:20 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-08-22 22:20 - 2011-11-22 23:00 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-08-22 13:43 - 2012-08-22 06:59 - 00000646 ____A C:\Users\Josh\Desktop\Loss - Brave.lnk
    2012-08-22 06:49 - 2012-08-22 06:43 - 38595095 ____A C:\Users\Josh\Downloads\Necros_Christos_and_Loss_2005__Split_.rar
    2012-08-21 22:50 - 2012-08-21 22:21 - 53121645 ____A C:\Users\Josh\Downloads\ORTHODOX_-_Sentencia__2009_.zip
    2012-08-21 22:19 - 2012-08-21 22:18 - 71253132 ____A C:\Users\Josh\Downloads\Four Burials [2008].rar
    2012-08-21 12:17 - 2012-08-21 12:15 - 81496419 ____A C:\Users\Josh\Downloads\Orthodox.zip
    2012-08-21 12:17 - 2012-08-21 12:13 - 69256986 ____A C:\Users\Josh\Downloads\Orthodox - Amanecer en Puerta Oscura.rar
    2012-08-21 12:15 - 2012-08-21 12:12 - 82111003 ____A C:\Users\Josh\Downloads\orthodox-gran poder.rar
    2012-08-20 21:50 - 2012-04-25 01:21 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-08-20 21:50 - 2012-04-25 01:13 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-08-20 21:49 - 2012-04-25 01:13 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-08-20 14:13 - 2012-08-20 14:12 - 53080660 ____A C:\Users\Josh\Downloads\Bell Witch Demo 2011.ZIP
    2012-08-19 14:51 - 2012-08-19 14:50 - 92778391 ____A C:\Users\Josh\Downloads\Yakuza - 2007 - Transmutations.rar
    2012-08-19 14:34 - 2012-08-19 14:29 - 489490432 ____A C:\Users\Josh\Downloads\Awesomenauts.iso
    2012-08-19 00:00 - 2012-08-18 23:56 - 183641344 ____A C:\Users\Josh\Downloads\Modern.Family.S01E02.HDTV.XviD-2HD.avi
    2012-08-18 23:59 - 2012-08-18 23:56 - 182314938 ____A C:\Users\Josh\Downloads\Modern.Family.S01E01.HDTV.XviD-2HD.avi
    2012-08-17 08:12 - 2012-08-17 08:11 - 102037062 ____A C:\Users\Josh\Downloads\TestOvSubmission.zip
    2012-08-15 13:46 - 2012-06-21 13:57 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-15 13:46 - 2011-11-22 23:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-14 10:20 - 2012-08-14 09:51 - 71442688 ____A C:\Users\Josh\Downloads\Katatonia - 2012.rar
    2012-08-12 23:21 - 2012-08-12 23:17 - 150286717 ____A C:\Users\Josh\Downloads\Black.Dynamite.S01E05.HDTV.x264-2HD.mp4
    2012-08-11 14:18 - 2012-08-11 14:17 - 51885504 ____A C:\Users\Josh\Downloads\Ash Borer - Ash Borer-Fell Voices Split.zip
    2012-08-11 14:17 - 2012-08-11 14:17 - 60029829 ____A C:\Users\Josh\Downloads\Ash Borer - Demo.zip
    2012-08-10 00:53 - 2012-08-10 00:51 - 19239368 ____A C:\Users\Josh\Downloads\Ash Borer - MMIX by Bad.rar
    2012-08-10 00:50 - 2012-08-10 00:31 - 174866616 ____A C:\Users\Josh\Downloads\Ash Borer - MMIX by Bad.rar.part
    2012-08-09 20:48 - 2012-08-09 20:45 - 133172526 ____A C:\Users\Josh\Downloads\Wilfred.US.S02E08.HDTV.x264-ASAP.[VTV].mp4
    2012-08-09 13:57 - 2012-08-09 13:56 - 103105468 ____A C:\Users\Josh\Downloads\WINTERFYLLETH_-_The_Threnody_Of_Triumph.zip
    2012-08-09 00:06 - 2012-08-09 00:05 - 143109176 ____A C:\Users\Josh\Downloads\Black.Dynamite.S01E04.HDTV.x264-COMPULSiON.mp4
    2012-08-08 23:15 - 2012-08-08 23:13 - 130572686 ____A C:\Users\Josh\Downloads\Black.Dynamite.S01E03.HDTV.x264-2HD.mp4
    2012-08-08 23:13 - 2012-08-08 23:10 - 215160159 ____A C:\Users\Josh\Downloads\Wilfred.US.S02E07.HDTV.x264-EVOLVE.[VTV].mp4
    2012-08-08 23:09 - 2012-08-08 22:56 - 121048210 ____A C:\Users\Josh\Downloads\Locrian.MamifferBTTCY12 by Bad.rar
    2012-08-07 13:30 - 2012-08-07 13:20 - 173058027 ____A C:\Users\Josh\Downloads\UFOMAMMUT_-_ORO__Opus_Alter.zip
    2012-08-05 17:44 - 2012-08-06 21:52 - 555827571 ____A C:\Users\Josh\Desktop\REC.3.Genesis.2012.720p.Bluray.x264.anoXmous.mp4
    2012-08-05 17:08 - 2012-08-06 21:56 - 00045376 ____A C:\Users\Josh\Desktop\REC.3.Genesis.2012.720p.Bluray.x264.anoXmous_eng.srt
    2012-07-29 15:59 - 2012-07-29 15:58 - 02870572 ____A C:\Users\Josh\Downloads\M.C.3.F.N.v1.0.0_androidfield.com.apk
    2012-07-29 15:23 - 2012-07-29 15:21 - 176663771 ____A C:\Users\Josh\Downloads\Black.Dynamite.S01E02.Bullhorn.Nights.or.Mandingos.Got.a.Pink.Toe.HDTV.x264-FQM.mp4
    2012-07-27 00:09 - 2012-07-26 23:25 - 428973175 ____A C:\Users\Josh\Downloads\SGH-T989_TMB_1_20120608172207_ugy1nehf4g.zip
    2012-07-26 22:52 - 2012-07-26 22:51 - 07011675 ____A C:\Users\Josh\Downloads\tmobilegalaxys2rootICS.zip
    2012-07-25 21:56 - 2012-07-25 21:56 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
    2012-07-25 21:54 - 2012-07-25 21:54 - 00001964 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
    2012-07-25 21:47 - 2012-07-25 21:48 - 85986424 ____A (Samsung Electronics Co., Ltd. ) C:\Users\Josh\Desktop\Kies_2.0.3.11082_152_4.exe
    2012-07-24 13:20 - 2012-07-24 12:34 - 110660373 ____A C:\Users\Josh\Downloads\l-t.rar
    2012-07-24 12:38 - 2012-07-24 12:38 - 48952334 ____A C:\Users\Josh\Downloads\DEATHSPELL_OMEGA_-_Drought.zip
    2012-07-24 12:38 - 2012-07-24 12:19 - 85444878 ____A C:\Users\Josh\Downloads\DisemTranscendenceintoThePeripheral.zip
    2012-07-24 12:31 - 2012-07-24 12:30 - 69677898 ____A C:\Users\Josh\Downloads\CHRISTIAN_MISTRESS_-_Possession.zip
    2012-07-24 12:29 - 2012-07-24 12:28 - 79056146 ____A C:\Users\Josh\Downloads\UFOMAMMUT_-_Oro__Opus_Primum.zip
    2012-07-24 12:26 - 2012-07-24 12:25 - 74430918 ____A C:\Users\Josh\Downloads\LORD_MANTIS_-_Pervertor.zip
    2012-07-23 12:28 - 2012-07-23 11:24 - 115628600 ____A C:\Users\Josh\Downloads\Hammers_of_Misfortune-_Fields_Church_of_Broken_Glass.rar
    2012-07-23 09:35 - 2012-07-23 09:17 - 106488999 ____A C:\Users\Josh\Downloads\Hammers_Of_Misfortune-17th_Street-2011-MTD.rar
    2012-07-22 01:05 - 2012-07-22 01:03 - 85591329 ____A C:\Users\Josh\Downloads\Snailking - Samsara.zip
    2012-07-21 23:45 - 2012-07-21 23:41 - 98546390 ____A C:\Users\Josh\Downloads\Ashes Against the Grain.rar
    2012-07-21 21:37 - 2012-04-17 22:45 - 00001056 __ASH C:\Users\All Users\KGyGaAvL.sys
    2012-07-21 21:36 - 2012-07-21 21:36 - 04319352 ____A C:\Users\Josh\Downloads\keypack.exe
    2012-07-21 18:41 - 2012-07-21 18:39 - 147764225 ____A C:\Users\Josh\Downloads\Agalloch - Marrow of the Spirit [320kps] v0.rar
    2012-07-21 18:33 - 2012-07-21 18:33 - 51895620 ____A C:\Users\Josh\Downloads\Agalloch-FE(EP)[2012]{IsraMetal}.rar
    2012-07-20 00:54 - 2012-07-20 00:31 - 213480235 ____A C:\Users\Josh\Downloads\Swans-by-Bad.rar
    2012-07-19 23:00 - 2012-07-19 22:59 - 00274728 ____A C:\Windows\Minidump\072012-33914-01.dmp
    2012-07-18 22:42 - 2012-07-18 22:42 - 00001705 ____A C:\Users\Josh\Desktop\Google Drive.lnk
    2012-07-18 21:01 - 2012-07-18 21:01 - 00274728 ____A C:\Windows\Minidump\071812-52229-01.dmp
    2012-07-15 11:36 - 2012-07-15 11:34 - 177162704 ____A C:\Users\Josh\Desktop\Wilfred.US.S02E02.HDTV.XviD-AFG.avi
    2012-07-15 11:33 - 2012-07-15 11:32 - 157017924 ____A C:\Users\Josh\Desktop\Wilfred.US.S02E04.HDTV.x264-LOL.[VTV].mp4
    2012-07-14 21:50 - 2012-07-14 21:49 - 152320972 ____A C:\Users\Josh\Desktop\Wilfred.US.S02E03.HDTV.x264-LOL.mp4
    2012-07-13 10:34 - 2009-07-13 21:08 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-11 10:38 - 2009-07-13 20:45 - 00275352 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-08 19:39 - 2012-07-08 19:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf
    2012-06-12 09:26 - 2012-07-26 22:52 - 00426496 ____A (Samsung Electronics Co., Ltd.) C:\Users\Josh\Desktop\odin3 v1.85.exe
    2012-06-12 09:26 - 2012-07-26 22:52 - 00000182 ____A C:\Users\Josh\Desktop\Odin3.ini
    2012-06-11 19:08 - 2012-07-11 01:02 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-10 21:50 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 21:50 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-06 20:52 - 2012-06-06 20:49 - 102028914 ____A C:\Users\Josh\Desktop\update-cm-7.1.0-Vibrant-signed.zip
    2012-06-05 22:06 - 2012-07-10 21:50 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 21:50 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 21:50 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 21:50 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 21:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 21:50 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-22 08:57 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-22 08:57 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-22 08:57 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-22 08:56 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-22 08:56 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-22 08:57 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-22 08:56 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 13:19 - 2012-06-22 08:56 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 13:15 - 2012-06-22 08:56 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-11 01:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-11 01:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-11 01:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-11 01:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:05 - 2012-07-11 01:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:04 - 2012-07-11 01:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:04 - 2012-07-11 01:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:03 - 2012-07-11 01:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-11 01:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-11 01:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-11 01:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-11 01:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-11 01:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-11 01:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-11 01:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 01:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 01:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 01:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 01:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:25 - 2012-07-11 01:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:23 - 2012-07-11 01:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-11 01:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 01:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 01:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 01:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-11 01:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 01:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 01:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-10 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 21:50 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 21:50 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 21:50 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 21:50 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 21:50 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 21:50 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 21:50 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 21:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

    ZeroAccess:
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\@
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\L
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\n
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\U
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\L\00000004.@
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\L\201d3dde
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\U\00000004.@
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\U\00000008.@
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\U\000000cb.@
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c}\U\80000000.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    Type 00 partition infection:
    C:\Windows\svchost.exe

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-07-20 01:48:53
    Restore point made on: 2012-07-25 21:50:17
    Restore point made on: 2012-08-02 23:48:11
    Restore point made on: 2012-08-14 22:32:47
    Restore point made on: 2012-08-22 22:18:54

    ==================== Memory info ===========================

    Percentage of memory in use: 12%
    Total physical RAM: 5608.67 MB
    Available physical RAM: 4903.31 MB
    Total Pagefile: 5606.82 MB
    Available Pagefile: 4902.07 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions ============================

    1 Drive c: (TI106327W0C) (Fixed) (Total:580.1 GB) (Free:276.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    4 Drive f: () (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 3856 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 580 GB 1501 MB
    Partition 3 Primary 14 GB 581 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI106327W0C NTFS Partition 580 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3856 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    Last Boot: 2012-08-18 16:38

    ==================== End Of Log =============================
     
  11. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Good job but I still need search results log.
     
     
  12. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 26-08-2012 01
    Ran by SYSTEM at 2012-08-28 17:26:49
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  13. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  14. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    I dont see a link for fixlist.text.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Oooops...sorry about it...
     

    Attached Files:

  16. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 26-08-2012 01
    Ran by SYSTEM at 2012-08-28 17:59:19 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.B4583265E66736CA moved successfully.
    C:\Windows\System32\Drivers\lzmftllz.sys moved successfully.
    C:\Windows\System32\services.exe.B106300726C23A4D moved successfully.
    C:\Windows\System32\services.exe.428C1009BBF8E8B2 moved successfully.
    C:\Windows\System32\services.exe.E3306955B587F984 moved successfully.
    C:\Windows\System32\services.exe.A14C831BAEBAE8BD moved successfully.
    C:\Windows\System32\services.exe.BA823EB23275F0F7 moved successfully.
    C:\Windows\System32\services.exe.94F855615401EC48 moved successfully.
    C:\Windows\System32\services.exe.5A47134138D585D9 moved successfully.
    C:\Windows\System32\services.exe.95CDE97BC1941194 moved successfully.
    C:\Windows\System32\services.exe.AC42A5D4BBD5F14E moved successfully.
    C:\Windows\System32\services.exe.F1889ED5956C3462 moved successfully.
    C:\Windows\System32\services.exe.8376C1048FB926D2 moved successfully.
    C:\Windows\System32\services.exe.0A09526DB3C3839D moved successfully.
    C:\Windows\System32\services.exe.9202D0B93A44CC4C moved successfully.
    C:\Windows\System32\services.exe.18A06EC7A3FE7FA9 moved successfully.
    C:\Windows\System32\services.exe.BD77DCDFF8E06CFB moved successfully.
    C:\Windows\System32\Drivers\pnqupren.sys moved successfully.
    C:\Windows\System32\services.exe.CD74D62271D0B52B moved successfully.
    C:\Windows\System32\services.exe.17B33482AFB4AAF5 moved successfully.
    C:\Windows\System32\services.exe.823BBA40C5D7111B moved successfully.
    C:\Windows\System32\services.exe.507BF273A7ED5C82 moved successfully.
    C:\Windows\System32\services.exe.F3AD4E73F4D9D483 moved successfully.
    C:\Windows\System32\Drivers\jwtlqgcs.sys moved successfully.
    C:\Windows\System32\services.exe.144CFDB8DF1DB891 moved successfully.
    C:\Windows\System32\services.exe.B601E775EDD7A35E moved successfully.
    C:\Windows\System32\services.exe.658927C12B1A8FBE moved successfully.
    C:\Windows\System32\services.exe.2CD3BAE1DCB56F01 moved successfully.
    C:\Windows\System32\services.exe.99E73EDEF8C3FB49 moved successfully.
    C:\Windows\System32\services.exe.B4B116AE53295004 moved successfully.
    C:\Windows\System32\services.exe.3E0F4C2454944111 moved successfully.
    C:\Windows\System32\Drivers\revaltik.sys moved successfully.
    C:\Windows\System32\services.exe.12B79291F5720E22 moved successfully.
    C:\Windows\System32\services.exe.19271E685F19FA3E moved successfully.
    C:\Windows\System32\services.exe.96403AB285F2B340 moved successfully.
    C:\Windows\System32\services.exe.FFFE96309A003A47 moved successfully.
    C:\Windows\System32\services.exe.706804C73ECBE336 moved successfully.
    C:\Windows\System32\services.exe.BB805B76E499FB0A moved successfully.
    C:\Windows\System32\services.exe.1CFFC450570F5CA8 moved successfully.
    C:\Windows\Installer\{90408e0e-9ec7-cc9d-a730-09e92a78a17c} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\svchost.exe moved successfully.

    The operation completed successfully.
    The operation completed successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====


    Should I run TDSKiller now? or wait for a reply?
     
  17. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    18:35:59.0436 2824 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    18:35:59.0998 2824 ============================================================
    18:35:59.0998 2824 Current date / time: 2012/08/28 18:35:59.0998
    18:35:59.0998 2824 SystemInfo:
    18:35:59.0998 2824
    18:35:59.0998 2824 OS Version: 6.1.7601 ServicePack: 1.0
    18:35:59.0998 2824 Product type: Workstation
    18:35:59.0998 2824 ComputerName: JOSH-PC
    18:35:59.0998 2824 UserName: Josh
    18:35:59.0998 2824 Windows directory: C:\windows
    18:35:59.0998 2824 System windows directory: C:\windows
    18:35:59.0998 2824 Running under WOW64
    18:35:59.0998 2824 Processor architecture: Intel x64
    18:35:59.0998 2824 Number of processors: 4
    18:35:59.0998 2824 Page size: 0x1000
    18:35:59.0998 2824 Boot type: Normal boot
    18:35:59.0998 2824 ============================================================
    18:36:11.0744 2824 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:36:11.0857 2824 Drive \Device\Harddisk1\DR1 - Size: 0xF1000000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:36:11.0863 2824 ============================================================
    18:36:11.0863 2824 \Device\Harddisk0\DR0:
    18:36:11.0878 2824 MBR partitions:
    18:36:11.0913 2824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48833800
    18:36:11.0913 2824 \Device\Harddisk1\DR1:
    18:36:11.0914 2824 MBR partitions:
    18:36:11.0914 2824 ============================================================
    18:36:11.0961 2824 C: <-> \Device\Harddisk0\DR0\Partition1
    18:36:11.0962 2824 ============================================================
    18:36:11.0962 2824 Initialize success
    18:36:11.0962 2824 ============================================================
    18:36:17.0683 6380 ============================================================
    18:36:17.0683 6380 Scan started
    18:36:17.0683 6380 Mode: Manual;
    18:36:17.0683 6380 ============================================================
    18:36:19.0384 6380 ================ Scan system memory ========================
    18:36:19.0384 6380 System memory - ok
    18:36:19.0384 6380 ================ Scan services =============================
    18:36:19.0977 6380 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    18:36:20.0023 6380 1394ohci - ok
    18:36:20.0070 6380 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    18:36:20.0070 6380 ACPI - ok
    18:36:20.0086 6380 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    18:36:20.0117 6380 AcpiPmi - ok
    18:36:20.0273 6380 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:36:20.0398 6380 AdobeFlashPlayerUpdateSvc - ok
    18:36:20.0429 6380 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
    18:36:20.0445 6380 adp94xx - ok
    18:36:20.0491 6380 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
    18:36:20.0507 6380 adpahci - ok
    18:36:20.0523 6380 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
    18:36:20.0538 6380 adpu320 - ok
    18:36:20.0569 6380 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    18:36:20.0569 6380 AeLookupSvc - ok
    18:36:20.0601 6380 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    18:36:20.0601 6380 AFD - ok
    18:36:20.0647 6380 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    18:36:20.0663 6380 agp440 - ok
    18:36:20.0679 6380 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    18:36:20.0694 6380 ALG - ok
    18:36:20.0694 6380 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    18:36:20.0710 6380 aliide - ok
    18:36:20.0725 6380 [ 276EEFC3E2BCE9F429AAEC041BCE1488 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
    18:36:20.0788 6380 AMD External Events Utility - ok
    18:36:20.0835 6380 [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30 C:\windows\system32\DRIVERS\amdhub30.sys
    18:36:20.0866 6380 amdhub30 - ok
    18:36:20.0881 6380 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    18:36:20.0913 6380 amdide - ok
    18:36:20.0928 6380 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
    18:36:20.0959 6380 AmdK8 - ok
    18:36:21.0427 6380 [ EC8480425E5A8775FEB5004A8C1BD11E ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
    18:36:21.0661 6380 amdkmdag - ok
    18:36:21.0724 6380 [ 87543E780F418BCDBC77279FE784AFF7 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
    18:36:21.0771 6380 amdkmdap - ok
    18:36:21.0771 6380 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    18:36:21.0771 6380 AmdPPM - ok
    18:36:21.0802 6380 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    18:36:21.0817 6380 amdsata - ok
    18:36:21.0817 6380 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
    18:36:21.0833 6380 amdsbs - ok
    18:36:21.0849 6380 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    18:36:21.0849 6380 amdxata - ok
    18:36:21.0864 6380 [ 321533578132C811EC834A1B741C994C ] amdxhc C:\windows\system32\DRIVERS\amdxhc.sys
    18:36:21.0880 6380 amdxhc - ok
    18:36:21.0911 6380 [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
    18:36:21.0911 6380 amd_sata - ok
    18:36:21.0927 6380 [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
    18:36:21.0927 6380 amd_xata - ok
    18:36:21.0927 6380 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    18:36:21.0989 6380 AppID - ok
    18:36:22.0036 6380 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    18:36:22.0051 6380 AppIDSvc - ok
    18:36:22.0114 6380 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    18:36:22.0114 6380 Appinfo - ok
    18:36:22.0301 6380 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:36:22.0379 6380 Apple Mobile Device - ok
    18:36:22.0441 6380 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
    18:36:22.0504 6380 arc - ok
    18:36:22.0519 6380 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
    18:36:22.0535 6380 arcsas - ok
    18:36:22.0660 6380 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:36:22.0707 6380 aspnet_state - ok
    18:36:22.0753 6380 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    18:36:22.0785 6380 AsyncMac - ok
    18:36:22.0800 6380 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    18:36:22.0800 6380 atapi - ok
    18:36:22.0941 6380 [ B2931C83CFB12A3223A47B180473AE1A ] athr C:\windows\system32\DRIVERS\athrx.sys
    18:36:23.0050 6380 athr - ok
    18:36:23.0112 6380 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
    18:36:23.0143 6380 AtiHDAudioService - ok
    18:36:23.0206 6380 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    18:36:23.0253 6380 AudioEndpointBuilder - ok
    18:36:23.0331 6380 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    18:36:23.0331 6380 AudioSrv - ok
    18:36:23.0377 6380 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    18:36:23.0455 6380 AxInstSV - ok
    18:36:23.0502 6380 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
    18:36:23.0533 6380 b06bdrv - ok
    18:36:23.0565 6380 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    18:36:23.0596 6380 b57nd60a - ok
    18:36:23.0627 6380 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    18:36:23.0705 6380 BDESVC - ok
    18:36:23.0721 6380 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    18:36:23.0736 6380 Beep - ok
    18:36:24.0017 6380 [ 5B1FE9D351C284701C8051DA2AA81DF6 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
    18:36:24.0126 6380 BHDrvx64 - ok
    18:36:24.0142 6380 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
    18:36:24.0173 6380 blbdrive - ok
    18:36:24.0282 6380 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:36:24.0391 6380 Bonjour Service - ok
    18:36:24.0423 6380 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    18:36:24.0454 6380 bowser - ok
    18:36:24.0501 6380 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
    18:36:24.0516 6380 BrFiltLo - ok
    18:36:24.0532 6380 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
    18:36:24.0532 6380 BrFiltUp - ok
    18:36:24.0594 6380 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
    18:36:24.0626 6380 Browser - ok
    18:36:24.0688 6380 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    18:36:24.0735 6380 Brserid - ok
    18:36:24.0766 6380 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    18:36:24.0797 6380 BrSerWdm - ok
    18:36:24.0797 6380 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    18:36:24.0813 6380 BrUsbMdm - ok
    18:36:24.0813 6380 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    18:36:24.0813 6380 BrUsbSer - ok
    18:36:24.0844 6380 [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
    18:36:24.0860 6380 BtFilter - ok
    18:36:24.0875 6380 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
    18:36:24.0906 6380 BTHMODEM - ok
    18:36:24.0938 6380 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    18:36:24.0984 6380 bthserv - ok
    18:36:25.0047 6380 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
    18:36:25.0109 6380 ccSet_NIS - ok
    18:36:25.0140 6380 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    18:36:25.0156 6380 cdfs - ok
    18:36:25.0218 6380 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    18:36:25.0250 6380 cdrom - ok
    18:36:25.0265 6380 [ A965B206921C55F2D1481789D609B711 ] CeKbFilter C:\windows\system32\DRIVERS\CeKbFilter.sys
    18:36:25.0281 6380 CeKbFilter - ok
    18:36:25.0296 6380 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    18:36:25.0328 6380 CertPropSvc - ok
    18:36:25.0343 6380 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
    18:36:25.0359 6380 circlass - ok
    18:36:25.0437 6380 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    18:36:25.0452 6380 CLFS - ok
    18:36:25.0515 6380 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:36:25.0577 6380 clr_optimization_v2.0.50727_32 - ok
    18:36:25.0686 6380 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:36:25.0764 6380 clr_optimization_v2.0.50727_64 - ok
    18:36:25.0936 6380 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:36:26.0014 6380 clr_optimization_v4.0.30319_32 - ok
    18:36:26.0045 6380 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:36:26.0045 6380 clr_optimization_v4.0.30319_64 - ok
    18:36:26.0076 6380 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
    18:36:26.0092 6380 CmBatt - ok
    18:36:26.0154 6380 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    18:36:26.0186 6380 cmdide - ok
    18:36:26.0264 6380 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    18:36:26.0264 6380 CNG - ok
    18:36:26.0295 6380 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
    18:36:26.0295 6380 Compbatt - ok
    18:36:26.0326 6380 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    18:36:26.0342 6380 CompositeBus - ok
    18:36:26.0342 6380 COMSysApp - ok
    18:36:26.0357 6380 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
    18:36:26.0373 6380 crcdisk - ok
    18:36:26.0420 6380 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
    18:36:26.0482 6380 CryptSvc - ok
    18:36:26.0591 6380 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    18:36:26.0607 6380 cvhsvc - ok
    18:36:26.0669 6380 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    18:36:26.0685 6380 DcomLaunch - ok
    18:36:26.0747 6380 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    18:36:26.0794 6380 defragsvc - ok
    18:36:26.0810 6380 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    18:36:26.0825 6380 DfsC - ok
    18:36:26.0856 6380 [ F551CBB5DB009B980A03F64B09946F75 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
    18:36:26.0872 6380 dg_ssudbus - ok
    18:36:26.0934 6380 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    18:36:26.0981 6380 Dhcp - ok
    18:36:26.0997 6380 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    18:36:26.0997 6380 discache - ok
    18:36:27.0028 6380 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
    18:36:27.0028 6380 Disk - ok
    18:36:27.0059 6380 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    18:36:27.0137 6380 Dnscache - ok
    18:36:27.0184 6380 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    18:36:27.0200 6380 dot3svc - ok
    18:36:27.0262 6380 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    18:36:27.0278 6380 DPS - ok
    18:36:27.0309 6380 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    18:36:27.0340 6380 drmkaud - ok
    18:36:27.0870 6380 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\windows\SysWOW64\Drivers\DrvAgent64.SYS
    18:36:27.0902 6380 DrvAgent64 - ok
    18:36:28.0011 6380 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    18:36:28.0026 6380 DXGKrnl - ok
    18:36:28.0058 6380 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    18:36:28.0073 6380 EapHost - ok
    18:36:28.0214 6380 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
    18:36:28.0401 6380 ebdrv - ok
    18:36:28.0448 6380 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    18:36:28.0510 6380 eeCtrl - ok
    18:36:28.0541 6380 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    18:36:28.0557 6380 EFS - ok
    18:36:28.0650 6380 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    18:36:28.0744 6380 ehRecvr - ok
    18:36:28.0760 6380 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    18:36:28.0791 6380 ehSched - ok
    18:36:28.0822 6380 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\windows\system32\Drivers\ElbyCDIO.sys
    18:36:28.0838 6380 ElbyCDIO - ok
    18:36:28.0884 6380 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
    18:36:28.0916 6380 elxstor - ok
    18:36:28.0947 6380 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    18:36:28.0978 6380 EraserUtilRebootDrv - ok
    18:36:28.0978 6380 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    18:36:28.0978 6380 ErrDev - ok
    18:36:29.0040 6380 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    18:36:29.0056 6380 EventSystem - ok
    18:36:29.0134 6380 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    18:36:29.0181 6380 exfat - ok
    18:36:29.0212 6380 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    18:36:29.0228 6380 fastfat - ok
    18:36:29.0274 6380 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    18:36:29.0290 6380 Fax - ok
    18:36:29.0306 6380 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
    18:36:29.0337 6380 fdc - ok
    18:36:29.0368 6380 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    18:36:29.0368 6380 fdPHost - ok
    18:36:29.0399 6380 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    18:36:29.0399 6380 FDResPub - ok
    18:36:29.0446 6380 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    18:36:29.0477 6380 FileInfo - ok
    18:36:29.0524 6380 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    18:36:29.0540 6380 Filetrace - ok
    18:36:29.0555 6380 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
    18:36:29.0571 6380 flpydisk - ok
    18:36:29.0602 6380 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    18:36:29.0618 6380 FltMgr - ok
    18:36:29.0680 6380 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    18:36:29.0711 6380 FontCache - ok
    18:36:29.0758 6380 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:36:29.0758 6380 FontCache3.0.0.0 - ok
    18:36:29.0774 6380 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    18:36:29.0789 6380 FsDepends - ok
    18:36:29.0820 6380 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    18:36:29.0820 6380 Fs_Rec - ok
    18:36:29.0867 6380 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    18:36:29.0883 6380 fvevol - ok
    18:36:29.0914 6380 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
    18:36:29.0930 6380 gagp30kx - ok
    18:36:30.0039 6380 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    18:36:30.0148 6380 GamesAppService - ok
    18:36:30.0195 6380 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    18:36:30.0273 6380 gpsvc - ok
    18:36:30.0460 6380 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:36:30.0460 6380 gupdate - ok
    18:36:30.0476 6380 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:36:30.0476 6380 gupdatem - ok
    18:36:30.0522 6380 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:36:30.0522 6380 gusvc - ok
    18:36:30.0569 6380 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\windows\system32\DRIVERS\hamachi.sys
    18:36:30.0600 6380 hamachi - ok
    18:36:30.0741 6380 [ 21D24138B736983F6E23823E092E9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    18:36:31.0037 6380 Hamachi2Svc - ok
    18:36:31.0084 6380 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    18:36:31.0131 6380 hcw85cir - ok
    18:36:31.0193 6380 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    18:36:31.0224 6380 HdAudAddService - ok
    18:36:31.0240 6380 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    18:36:31.0240 6380 HDAudBus - ok
    18:36:31.0256 6380 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
    18:36:31.0271 6380 HidBatt - ok
    18:36:31.0287 6380 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
    18:36:31.0302 6380 HidBth - ok
    18:36:31.0302 6380 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
    18:36:31.0318 6380 HidIr - ok
    18:36:31.0334 6380 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    18:36:31.0365 6380 hidserv - ok
    18:36:31.0365 6380 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    18:36:31.0396 6380 HidUsb - ok
    18:36:31.0427 6380 [ 5A457C3D00C1C701230A12AA1580114D ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    18:36:31.0427 6380 HiPatchService - ok
    18:36:31.0458 6380 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    18:36:31.0521 6380 hkmsvc - ok
    18:36:31.0568 6380 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    18:36:31.0646 6380 HomeGroupListener - ok
    18:36:31.0677 6380 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    18:36:31.0677 6380 HomeGroupProvider - ok
    18:36:31.0692 6380 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    18:36:31.0708 6380 HpSAMD - ok
    18:36:31.0786 6380 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    18:36:31.0864 6380 HTTP - ok
    18:36:31.0911 6380 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    18:36:31.0911 6380 hwpolicy - ok
    18:36:31.0942 6380 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
    18:36:31.0958 6380 i8042prt - ok
    18:36:31.0989 6380 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    18:36:32.0051 6380 iaStorV - ok
    18:36:32.0176 6380 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:36:32.0285 6380 idsvc - ok
    18:36:32.0535 6380 [ 4E9E0E5A3B0EFEB27491C26BE1D97FDA ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120516.001\IDSvia64.sys
    18:36:32.0753 6380 IDSVia64 - ok
    18:36:32.0784 6380 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
    18:36:32.0800 6380 iirsp - ok
    18:36:32.0847 6380 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    18:36:32.0925 6380 IKEEXT - ok
    18:36:33.0081 6380 [ 1CE438B31551746AB450D8FFA403BDB5 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    18:36:33.0112 6380 IntcAzAudAddService - ok
    18:36:33.0143 6380 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    18:36:33.0190 6380 intelide - ok
    18:36:33.0206 6380 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
    18:36:33.0237 6380 intelppm - ok
    18:36:33.0315 6380 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    18:36:33.0424 6380 IPBusEnum - ok
    18:36:33.0440 6380 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    18:36:33.0455 6380 IpFilterDriver - ok
    18:36:33.0486 6380 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    18:36:33.0502 6380 IPMIDRV - ok
    18:36:33.0518 6380 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    18:36:33.0533 6380 IPNAT - ok
    18:36:33.0549 6380 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    18:36:33.0564 6380 IRENUM - ok
    18:36:33.0564 6380 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    18:36:33.0580 6380 isapnp - ok
    18:36:33.0627 6380 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    18:36:33.0674 6380 iScsiPrt - ok
    18:36:33.0705 6380 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    18:36:33.0705 6380 IviRegMgr - ok
    18:36:33.0783 6380 [ 935301DD8306CEEAEF0B84DD6ABFFDC6 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
    18:36:33.0814 6380 JMCR - ok
    18:36:33.0845 6380 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
    18:36:33.0861 6380 kbdclass - ok
    18:36:33.0908 6380 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    18:36:33.0923 6380 kbdhid - ok
    18:36:33.0954 6380 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    18:36:33.0954 6380 KeyIso - ok
    18:36:33.0970 6380 [ B3BE7E30681EAA8EC96CC9A33E582435 ] KMWDFILTER C:\windows\system32\DRIVERS\KMWDFILTER.sys
    18:36:34.0001 6380 KMWDFILTER - ok
    18:36:34.0017 6380 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    18:36:34.0017 6380 KSecDD - ok
    18:36:34.0095 6380 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    18:36:34.0095 6380 KSecPkg - ok
    18:36:34.0157 6380 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    18:36:34.0204 6380 ksthunk - ok
    18:36:34.0282 6380 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    18:36:34.0329 6380 KtmRm - ok
    18:36:34.0376 6380 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    18:36:34.0407 6380 LanmanServer - ok
    18:36:34.0438 6380 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    18:36:34.0469 6380 LanmanWorkstation - ok
    18:36:34.0485 6380 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    18:36:34.0500 6380 lltdio - ok
    18:36:34.0563 6380 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    18:36:34.0625 6380 lltdsvc - ok
    18:36:34.0641 6380 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    18:36:34.0656 6380 lmhosts - ok
    18:36:34.0719 6380 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
    18:36:34.0719 6380 LPCFilter - ok
    18:36:34.0781 6380 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
    18:36:34.0890 6380 LSI_FC - ok
    18:36:34.0922 6380 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
    18:36:34.0922 6380 LSI_SAS - ok
    18:36:34.0937 6380 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
    18:36:34.0937 6380 LSI_SAS2 - ok
    18:36:34.0953 6380 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
    18:36:34.0968 6380 LSI_SCSI - ok
    18:36:34.0984 6380 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    18:36:35.0000 6380 luafv - ok
    18:36:35.0031 6380 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    18:36:35.0062 6380 Mcx2Svc - ok
    18:36:35.0109 6380 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
    18:36:35.0171 6380 megasas - ok
    18:36:35.0202 6380 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
    18:36:35.0312 6380 MegaSR - ok
    18:36:35.0358 6380 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    18:36:35.0390 6380 MMCSS - ok
    18:36:35.0421 6380 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    18:36:35.0436 6380 Modem - ok
    18:36:35.0452 6380 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    18:36:35.0452 6380 monitor - ok
    18:36:35.0483 6380 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    18:36:35.0499 6380 mouclass - ok
    18:36:35.0546 6380 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    18:36:35.0561 6380 mouhid - ok
    18:36:35.0608 6380 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    18:36:36.0996 6380 mountmgr - ok
    18:36:37.0074 6380 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:36:37.0230 6380 MozillaMaintenance - ok
    18:36:37.0262 6380 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
    18:36:37.0277 6380 MpFilter - ok
    18:36:37.0293 6380 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    18:36:37.0371 6380 mpio - ok
    18:36:37.0402 6380 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    18:36:37.0449 6380 mpsdrv - ok
    18:36:37.0480 6380 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    18:36:37.0496 6380 MRxDAV - ok
    18:36:37.0527 6380 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    18:36:37.0558 6380 mrxsmb - ok
    18:36:37.0574 6380 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    18:36:37.0589 6380 mrxsmb10 - ok
    18:36:37.0620 6380 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    18:36:37.0667 6380 mrxsmb20 - ok
    18:36:37.0698 6380 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
    18:36:37.0698 6380 msahci - ok
    18:36:37.0714 6380 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    18:36:37.0745 6380 msdsm - ok
    18:36:37.0776 6380 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    18:36:37.0854 6380 MSDTC - ok
    18:36:37.0886 6380 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    18:36:37.0901 6380 Msfs - ok
    18:36:37.0917 6380 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    18:36:37.0917 6380 mshidkmdf - ok
    18:36:37.0932 6380 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    18:36:37.0948 6380 msisadrv - ok
    18:36:37.0979 6380 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    18:36:38.0088 6380 MSiSCSI - ok
    18:36:38.0104 6380 msiserver - ok
    18:36:38.0135 6380 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    18:36:38.0166 6380 MSKSSRV - ok
    18:36:38.0276 6380 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    18:36:38.0276 6380 MsMpSvc - ok
    18:36:38.0322 6380 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    18:36:38.0354 6380 MSPCLOCK - ok
    18:36:38.0385 6380 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    18:36:38.0400 6380 MSPQM - ok
    18:36:38.0432 6380 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    18:36:38.0432 6380 MsRPC - ok
    18:36:38.0463 6380 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    18:36:38.0463 6380 mssmbios - ok
    18:36:38.0478 6380 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    18:36:38.0510 6380 MSTEE - ok
    18:36:38.0525 6380 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
    18:36:38.0541 6380 MTConfig - ok
    18:36:38.0556 6380 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    18:36:38.0556 6380 Mup - ok
    18:36:38.0603 6380 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    18:36:38.0619 6380 napagent - ok
    18:36:38.0650 6380 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    18:36:38.0697 6380 NativeWifiP - ok
    18:36:38.0759 6380 [ 8043D41F881D6ACE40B854AD6E32217F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120517.005\ENG64.SYS
    18:36:38.0806 6380 NAVENG - ok
    18:36:38.0884 6380 [ 9A9AB2FC45D701DAED465D14980F1305 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120517.005\EX64.SYS
    18:36:39.0056 6380 NAVEX15 - ok
    18:36:39.0102 6380 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
    18:36:39.0134 6380 NDIS - ok
    18:36:39.0149 6380 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    18:36:39.0180 6380 NdisCap - ok
    18:36:39.0196 6380 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    18:36:39.0212 6380 NdisTapi - ok
    18:36:39.0243 6380 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    18:36:39.0243 6380 Ndisuio - ok
    18:36:39.0274 6380 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    18:36:39.0321 6380 NdisWan - ok
    18:36:39.0336 6380 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    18:36:39.0352 6380 NDProxy - ok
    18:36:39.0368 6380 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    18:36:39.0383 6380 NetBIOS - ok
    18:36:39.0399 6380 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    18:36:39.0414 6380 NetBT - ok
    18:36:39.0477 6380 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    18:36:39.0477 6380 Netlogon - ok
    18:36:39.0524 6380 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    18:36:39.0539 6380 Netman - ok
     
  18. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    18:36:39.0633 6380 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:36:39.0711 6380 NetMsmqActivator - ok
    18:36:39.0726 6380 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:36:39.0726 6380 NetPipeActivator - ok
    18:36:39.0804 6380 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    18:36:39.0804 6380 netprofm - ok
    18:36:39.0820 6380 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:36:39.0820 6380 NetTcpActivator - ok
    18:36:39.0836 6380 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:36:39.0836 6380 NetTcpPortSharing - ok
    18:36:39.0898 6380 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
    18:36:39.0914 6380 nfrd960 - ok
    18:36:40.0023 6380 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
    18:36:40.0038 6380 NIS - ok
    18:36:40.0070 6380 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
    18:36:40.0101 6380 NisDrv - ok
    18:36:40.0194 6380 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    18:36:40.0241 6380 NisSrv - ok
    18:36:40.0319 6380 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
    18:36:40.0335 6380 NlaSvc - ok
    18:36:40.0366 6380 Norton PC Checkup Application Launcher - ok
    18:36:40.0382 6380 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    18:36:40.0397 6380 Npfs - ok
    18:36:40.0475 6380 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    18:36:40.0506 6380 nsi - ok
    18:36:40.0553 6380 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    18:36:40.0553 6380 nsiproxy - ok
    18:36:40.0694 6380 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    18:36:40.0803 6380 Ntfs - ok
    18:36:40.0834 6380 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    18:36:40.0834 6380 Null - ok
    18:36:40.0850 6380 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    18:36:40.0865 6380 nvraid - ok
    18:36:40.0865 6380 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    18:36:40.0896 6380 nvstor - ok
    18:36:40.0943 6380 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    18:36:40.0974 6380 nv_agp - ok
    18:36:41.0021 6380 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    18:36:41.0037 6380 ohci1394 - ok
    18:36:41.0099 6380 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:36:41.0177 6380 ose - ok
    18:36:41.0411 6380 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:36:42.0831 6380 osppsvc - ok
    18:36:42.0924 6380 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    18:36:42.0940 6380 p2pimsvc - ok
    18:36:42.0956 6380 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    18:36:43.0034 6380 p2psvc - ok
    18:36:43.0096 6380 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
    18:36:43.0174 6380 Parport - ok
    18:36:43.0221 6380 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    18:36:43.0221 6380 partmgr - ok
    18:36:43.0252 6380 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    18:36:43.0268 6380 PcaSvc - ok
    18:36:43.0314 6380 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    18:36:43.0314 6380 PCCUJobMgr - ok
    18:36:43.0361 6380 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    18:36:43.0377 6380 pci - ok
    18:36:43.0392 6380 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
    18:36:43.0408 6380 pciide - ok
    18:36:43.0424 6380 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
    18:36:43.0470 6380 pcmcia - ok
    18:36:43.0517 6380 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    18:36:43.0533 6380 pcw - ok
    18:36:43.0564 6380 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    18:36:43.0580 6380 PEAUTH - ok
    18:36:43.0736 6380 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    18:36:43.0782 6380 PerfHost - ok
    18:36:43.0845 6380 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    18:36:43.0860 6380 PGEffect - ok
    18:36:44.0016 6380 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    18:36:44.0141 6380 pla - ok
    18:36:44.0188 6380 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    18:36:44.0204 6380 PlugPlay - ok
    18:36:44.0219 6380 PnkBstrA - ok
    18:36:44.0250 6380 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    18:36:44.0266 6380 PNRPAutoReg - ok
    18:36:44.0297 6380 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    18:36:44.0297 6380 PNRPsvc - ok
    18:36:44.0328 6380 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    18:36:44.0360 6380 PolicyAgent - ok
    18:36:44.0391 6380 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    18:36:44.0406 6380 Power - ok
    18:36:44.0453 6380 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    18:36:44.0500 6380 PptpMiniport - ok
    18:36:44.0516 6380 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
    18:36:44.0531 6380 Processor - ok
    18:36:44.0562 6380 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    18:36:44.0594 6380 ProfSvc - ok
    18:36:44.0609 6380 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    18:36:44.0609 6380 ProtectedStorage - ok
    18:36:44.0640 6380 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    18:36:44.0656 6380 Psched - ok
    18:36:44.0687 6380 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    18:36:44.0687 6380 PSI_SVC_2 - ok
    18:36:44.0765 6380 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
    18:36:44.0859 6380 ql2300 - ok
    18:36:44.0874 6380 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
    18:36:44.0937 6380 ql40xx - ok
    18:36:44.0968 6380 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    18:36:44.0999 6380 QWAVE - ok
    18:36:45.0030 6380 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    18:36:45.0046 6380 QWAVEdrv - ok
    18:36:45.0093 6380 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    18:36:45.0124 6380 RasAcd - ok
    18:36:45.0155 6380 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    18:36:45.0171 6380 RasAgileVpn - ok
    18:36:45.0202 6380 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    18:36:45.0249 6380 RasAuto - ok
    18:36:45.0264 6380 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    18:36:45.0311 6380 Rasl2tp - ok
    18:36:45.0374 6380 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    18:36:45.0405 6380 RasMan - ok
    18:36:45.0420 6380 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    18:36:45.0452 6380 RasPppoe - ok
    18:36:45.0498 6380 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    18:36:45.0514 6380 RasSstp - ok
    18:36:45.0545 6380 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    18:36:45.0608 6380 rdbss - ok
    18:36:45.0639 6380 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
    18:36:45.0670 6380 rdpbus - ok
    18:36:45.0701 6380 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    18:36:45.0701 6380 RDPCDD - ok
    18:36:45.0732 6380 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    18:36:45.0732 6380 RDPENCDD - ok
    18:36:45.0748 6380 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    18:36:45.0748 6380 RDPREFMP - ok
    18:36:45.0795 6380 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    18:36:45.0842 6380 RDPWD - ok
    18:36:45.0888 6380 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    18:36:45.0920 6380 rdyboost - ok
    18:36:45.0951 6380 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\windows\system32\drivers\regi.sys
    18:36:45.0951 6380 regi - ok
    18:36:46.0013 6380 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    18:36:46.0076 6380 RemoteAccess - ok
    18:36:46.0154 6380 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    18:36:46.0200 6380 RemoteRegistry - ok
    18:36:46.0232 6380 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    18:36:46.0247 6380 RpcEptMapper - ok
    18:36:46.0294 6380 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    18:36:46.0341 6380 RpcLocator - ok
    18:36:46.0372 6380 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    18:36:46.0388 6380 RpcSs - ok
    18:36:46.0434 6380 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    18:36:46.0450 6380 rspndr - ok
    18:36:46.0481 6380 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    18:36:46.0497 6380 RTL8167 - ok
    18:36:46.0512 6380 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    18:36:46.0512 6380 SamSs - ok
    18:36:46.0559 6380 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    18:36:46.0606 6380 sbp2port - ok
    18:36:46.0668 6380 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    18:36:46.0715 6380 SCardSvr - ok
    18:36:46.0746 6380 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    18:36:46.0762 6380 scfilter - ok
    18:36:46.0809 6380 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    18:36:46.0902 6380 Schedule - ok
    18:36:46.0934 6380 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    18:36:46.0934 6380 SCPolicySvc - ok
    18:36:46.0980 6380 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
    18:36:47.0012 6380 sdbus - ok
    18:36:47.0058 6380 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    18:36:47.0090 6380 SDRSVC - ok
    18:36:47.0136 6380 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    18:36:47.0136 6380 secdrv - ok
    18:36:47.0183 6380 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    18:36:47.0199 6380 seclogon - ok
    18:36:47.0214 6380 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    18:36:47.0230 6380 SENS - ok
    18:36:47.0246 6380 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    18:36:47.0277 6380 SensrSvc - ok
    18:36:47.0308 6380 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
    18:36:47.0355 6380 Serenum - ok
    18:36:47.0386 6380 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
    18:36:47.0433 6380 Serial - ok
    18:36:47.0448 6380 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
    18:36:47.0495 6380 sermouse - ok
    18:36:47.0558 6380 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    18:36:47.0589 6380 SessionEnv - ok
    18:36:47.0620 6380 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    18:36:47.0636 6380 sffdisk - ok
    18:36:47.0636 6380 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    18:36:47.0651 6380 sffp_mmc - ok
    18:36:47.0651 6380 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    18:36:47.0651 6380 sffp_sd - ok
    18:36:47.0667 6380 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
    18:36:47.0667 6380 sfloppy - ok
    18:36:47.0714 6380 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
    18:36:47.0714 6380 Sftfs - ok
    18:36:47.0807 6380 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    18:36:47.0807 6380 sftlist - ok
    18:36:47.0838 6380 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
    18:36:47.0838 6380 Sftplay - ok
    18:36:47.0870 6380 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
    18:36:47.0870 6380 Sftredir - ok
    18:36:47.0901 6380 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
    18:36:47.0901 6380 Sftvol - ok
    18:36:47.0994 6380 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    18:36:47.0994 6380 sftvsa - ok
    18:36:48.0057 6380 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    18:36:48.0088 6380 ShellHWDetection - ok
    18:36:48.0119 6380 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
    18:36:48.0135 6380 SiSRaid2 - ok
    18:36:48.0135 6380 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
    18:36:48.0150 6380 SiSRaid4 - ok
    18:36:48.0291 6380 [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    18:36:48.0306 6380 Skype C2C Service - ok
    18:36:48.0353 6380 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:36:48.0353 6380 SkypeUpdate - ok
    18:36:48.0400 6380 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    18:36:48.0416 6380 Smb - ok
    18:36:48.0462 6380 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    18:36:48.0478 6380 SNMPTRAP - ok
    18:36:48.0494 6380 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    18:36:48.0494 6380 spldr - ok
    18:36:48.0525 6380 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
    18:36:48.0587 6380 Spooler - ok
    18:36:48.0774 6380 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    18:36:49.0196 6380 sppsvc - ok
    18:36:49.0211 6380 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    18:36:49.0242 6380 sppuinotify - ok
    18:36:49.0367 6380 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
    18:36:49.0445 6380 SRTSP - ok
    18:36:49.0476 6380 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
    18:36:49.0523 6380 SRTSPX - ok
    18:36:49.0539 6380 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    18:36:49.0601 6380 srv - ok
    18:36:49.0648 6380 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    18:36:49.0710 6380 srv2 - ok
    18:36:49.0710 6380 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    18:36:49.0757 6380 srvnet - ok
    18:36:49.0804 6380 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    18:36:49.0835 6380 SSDPSRV - ok
    18:36:49.0866 6380 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    18:36:49.0898 6380 SstpSvc - ok
    18:36:49.0944 6380 [ 90C3D4D7B7F8F4B722EBF40B2304AB66 ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
    18:36:49.0991 6380 ssudmdm - ok
    18:36:50.0007 6380 Steam Client Service - ok
    18:36:50.0022 6380 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
    18:36:50.0054 6380 stexstor - ok
    18:36:50.0178 6380 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    18:36:50.0194 6380 stisvc - ok
    18:36:50.0241 6380 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
    18:36:50.0272 6380 swenum - ok
    18:36:50.0334 6380 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    18:36:50.0397 6380 swprv - ok
    18:36:50.0459 6380 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
    18:36:50.0506 6380 SymDS - ok
    18:36:50.0600 6380 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
    18:36:50.0615 6380 SymEFA - ok
    18:36:50.0662 6380 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    18:36:50.0693 6380 SymEvent - ok
    18:36:50.0740 6380 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
    18:36:50.0771 6380 SymIRON - ok
    18:36:50.0818 6380 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
    18:36:50.0849 6380 SymNetS - ok
    18:36:50.0958 6380 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    18:36:50.0974 6380 SynTP - ok
    18:36:51.0083 6380 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    18:36:51.0146 6380 SysMain - ok
    18:36:51.0192 6380 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    18:36:51.0224 6380 TabletInputService - ok
    18:36:51.0255 6380 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    18:36:51.0302 6380 TapiSrv - ok
    18:36:51.0348 6380 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    18:36:51.0348 6380 TBS - ok
    18:36:51.0473 6380 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    18:36:51.0504 6380 Tcpip - ok
    18:36:51.0614 6380 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    18:36:51.0645 6380 TCPIP6 - ok
    18:36:51.0692 6380 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    18:36:51.0692 6380 tcpipreg - ok
    18:36:51.0738 6380 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    18:36:51.0770 6380 tdcmdpst - ok
    18:36:51.0785 6380 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    18:36:51.0816 6380 TDPIPE - ok
    18:36:51.0848 6380 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    18:36:51.0848 6380 TDTCP - ok
    18:36:51.0894 6380 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    18:36:51.0910 6380 tdx - ok
    18:36:51.0926 6380 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
    18:36:51.0941 6380 TermDD - ok
    18:36:52.0082 6380 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    18:36:52.0128 6380 TermService - ok
    18:36:52.0160 6380 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    18:36:52.0175 6380 Themes - ok
    18:36:52.0206 6380 [ 7F35CA8296A52C7161088EB1D952E8ED ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
    18:36:52.0206 6380 Thpdrv - ok
    18:36:52.0238 6380 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
    18:36:52.0238 6380 Thpevm - ok
    18:36:52.0269 6380 [ 0B4734AE9EC70B843DF02E7B1C056377 ] Thpsrv C:\windows\system32\ThpSrv.exe
    18:36:52.0300 6380 Thpsrv - ok
    18:36:52.0331 6380 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    18:36:52.0331 6380 THREADORDER - ok
    18:36:52.0425 6380 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    18:36:52.0425 6380 TMachInfo - ok
    18:36:52.0472 6380 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
    18:36:52.0472 6380 TODDSrv - ok
    18:36:52.0565 6380 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    18:36:52.0565 6380 TosCoSrv - ok
    18:36:52.0643 6380 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    18:36:52.0643 6380 TOSHIBA Bluetooth Service - ok
    18:36:52.0706 6380 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    18:36:52.0706 6380 TOSHIBA eco Utility Service - ok
    18:36:52.0768 6380 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    18:36:52.0768 6380 TOSHIBA HDD SSD Alert Service - ok
    18:36:52.0830 6380 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
    18:36:52.0846 6380 tosporte - ok
    18:36:52.0924 6380 [ 09CF82C0068C7CFF7E2B3797BE7F5CC2 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
    18:36:53.0174 6380 tosrfbd - ok
    18:36:53.0220 6380 [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
    18:36:53.0298 6380 tosrfbnp - ok
    18:36:53.0330 6380 [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
    18:36:53.0345 6380 Tosrfcom - ok
    18:36:53.0361 6380 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
    18:36:53.0361 6380 tosrfec - ok
    18:36:53.0376 6380 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
    18:36:53.0392 6380 Tosrfhid - ok
    18:36:53.0423 6380 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
    18:36:53.0470 6380 tosrfnds - ok
    18:36:53.0517 6380 [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
    18:36:53.0642 6380 TosRfSnd - ok
    18:36:53.0751 6380 [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
    18:36:53.0766 6380 Tosrfusb - ok
    18:36:53.0844 6380 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
    18:36:53.0844 6380 tos_sps64 - ok
    18:36:53.0954 6380 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    18:36:54.0016 6380 TPCHSrv - ok
    18:36:54.0094 6380 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    18:36:54.0125 6380 TrkWks - ok
    18:36:54.0250 6380 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    18:36:54.0328 6380 TrustedInstaller - ok
    18:36:54.0359 6380 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    18:36:54.0422 6380 tssecsrv - ok
    18:36:54.0437 6380 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    18:36:54.0593 6380 TsUsbFlt - ok
    18:36:54.0624 6380 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
    18:36:54.0702 6380 TsUsbGD - ok
    18:36:54.0718 6380 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    18:36:54.0890 6380 tunnel - ok
    18:36:54.0952 6380 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    18:36:54.0952 6380 TVALZ - ok
    18:36:55.0014 6380 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    18:36:55.0046 6380 TVALZFL - ok
    18:36:55.0108 6380 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
    18:36:55.0139 6380 uagp35 - ok
    18:36:55.0170 6380 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    18:36:55.0233 6380 udfs - ok
    18:36:55.0295 6380 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    18:36:55.0358 6380 UI0Detect - ok
    18:36:55.0404 6380 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    18:36:55.0498 6380 uliagpkx - ok
    18:36:55.0545 6380 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
    18:36:55.0592 6380 umbus - ok
    18:36:55.0654 6380 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
    18:36:55.0685 6380 UmPass - ok
    18:36:55.0748 6380 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    18:36:55.0763 6380 upnphost - ok
    18:36:55.0794 6380 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    18:36:55.0872 6380 usbccgp - ok
    18:36:55.0904 6380 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    18:36:55.0966 6380 usbcir - ok
    18:36:55.0997 6380 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
    18:36:56.0044 6380 usbehci - ok
    18:36:56.0106 6380 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys
    18:36:56.0231 6380 usbhub - ok
    18:36:56.0278 6380 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    18:36:56.0294 6380 usbohci - ok
    18:36:56.0356 6380 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
    18:36:56.0387 6380 usbprint - ok
    18:36:56.0418 6380 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    18:36:56.0481 6380 USBSTOR - ok
    18:36:56.0528 6380 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    18:36:56.0559 6380 usbuhci - ok
    18:36:56.0574 6380 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
    18:36:56.0637 6380 usbvideo - ok
    18:36:56.0668 6380 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys
    18:36:56.0684 6380 usb_rndisx - ok
    18:36:56.0715 6380 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    18:36:56.0746 6380 UxSms - ok
    18:36:56.0777 6380 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    18:36:56.0777 6380 VaultSvc - ok
    18:36:56.0824 6380 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\windows\system32\DRIVERS\VClone.sys
    18:36:56.0871 6380 VClone - ok
    18:36:56.0933 6380 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    18:36:56.0933 6380 vdrvroot - ok
    18:36:57.0074 6380 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    18:36:57.0198 6380 vds - ok
    18:36:57.0261 6380 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    18:36:57.0292 6380 vga - ok
    18:36:57.0323 6380 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    18:36:57.0354 6380 VgaSave - ok
    18:36:57.0370 6380 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    18:36:57.0479 6380 vhdmp - ok
    18:36:57.0526 6380 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    18:36:57.0557 6380 viaide - ok
    18:36:57.0604 6380 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    18:36:57.0620 6380 volmgr - ok
    18:36:57.0651 6380 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    18:36:57.0666 6380 volmgrx - ok
    18:36:57.0744 6380 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
    18:36:57.0744 6380 volsnap - ok
    18:36:57.0776 6380 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
    18:36:57.0822 6380 vsmraid - ok
    18:36:57.0947 6380 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    18:36:58.0212 6380 VSS - ok
    18:36:58.0244 6380 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    18:36:58.0275 6380 vwifibus - ok
    18:36:58.0322 6380 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    18:36:58.0368 6380 vwififlt - ok
    18:36:58.0384 6380 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    18:36:58.0431 6380 vwifimp - ok
    18:36:58.0493 6380 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    18:36:58.0509 6380 W32Time - ok
    18:36:58.0540 6380 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
    18:36:58.0556 6380 WacomPen - ok
    18:36:58.0618 6380 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    18:36:58.0680 6380 WANARP - ok
    18:36:58.0680 6380 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    18:36:58.0680 6380 Wanarpv6 - ok
    18:36:58.0821 6380 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    18:36:59.0726 6380 WatAdminSvc - ok
    18:36:59.0835 6380 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    18:37:00.0365 6380 wbengine - ok
    18:37:00.0428 6380 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    18:37:00.0552 6380 WbioSrvc - ok
    18:37:00.0615 6380 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    18:37:00.0615 6380 wcncsvc - ok
    18:37:00.0646 6380 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    18:37:00.0708 6380 WcsPlugInService - ok
    18:37:00.0771 6380 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
    18:37:00.0802 6380 Wd - ok
    18:37:00.0849 6380 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    18:37:00.0864 6380 Wdf01000 - ok
    18:37:00.0958 6380 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    18:37:00.0958 6380 WdiServiceHost - ok
    18:37:00.0989 6380 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    18:37:00.0989 6380 WdiSystemHost - ok
    18:37:01.0052 6380 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    18:37:01.0145 6380 WebClient - ok
    18:37:01.0208 6380 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    18:37:01.0317 6380 Wecsvc - ok
    18:37:01.0379 6380 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    18:37:01.0457 6380 wercplsupport - ok
    18:37:01.0504 6380 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    18:37:01.0566 6380 WerSvc - ok
    18:37:01.0613 6380 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    18:37:01.0644 6380 WfpLwf - ok
    18:37:01.0676 6380 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    18:37:01.0691 6380 WIMMount - ok
    18:37:01.0707 6380 WinHttpAutoProxySvc - ok
    18:37:01.0925 6380 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    18:37:01.0988 6380 Winmgmt - ok
    18:37:02.0144 6380 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    18:37:02.0393 6380 WinRM - ok
    18:37:02.0440 6380 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
    18:37:02.0487 6380 WinUSB - ok
    18:37:02.0549 6380 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    18:37:02.0627 6380 Wlansvc - ok
    18:37:02.0705 6380 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    18:37:02.0861 6380 wlcrasvc - ok
    18:37:03.0111 6380 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:37:03.0251 6380 wlidsvc - ok
    18:37:03.0282 6380 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    18:37:03.0329 6380 WmiAcpi - ok
    18:37:03.0376 6380 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    18:37:03.0423 6380 wmiApSrv - ok
    18:37:03.0470 6380 WMPNetworkSvc - ok
    18:37:03.0657 6380 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
    18:37:03.0688 6380 WMZuneComm - ok
    18:37:03.0719 6380 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    18:37:03.0750 6380 WPCSvc - ok
    18:37:03.0782 6380 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    18:37:03.0782 6380 WPDBusEnum - ok
    18:37:03.0844 6380 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    18:37:03.0860 6380 ws2ifsl - ok
    18:37:03.0860 6380 WSearch - ok
    18:37:03.0953 6380 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    18:37:04.0078 6380 WudfPf - ok
    18:37:04.0094 6380 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    18:37:04.0094 6380 WUDFRd - ok
    18:37:04.0140 6380 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    18:37:04.0187 6380 wudfsvc - ok
    18:37:04.0218 6380 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    18:37:04.0374 6380 WwanSvc - ok
    18:37:04.0546 6380 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
    18:37:04.0655 6380 xusb21 - ok
    18:37:05.0045 6380 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
    18:37:05.0622 6380 ZuneNetworkSvc - ok
    18:37:05.0685 6380 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
    18:37:05.0997 6380 ZuneWlanCfgSvc - ok
    18:37:06.0012 6380 ================ Scan global ===============================
    18:37:06.0231 6380 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    18:37:06.0402 6380 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
    18:37:06.0824 6380 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
    18:37:06.0870 6380 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    18:37:06.0980 6380 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    18:37:07.0089 6380 [Global] - ok
    18:37:07.0089 6380 ================ Scan MBR ==================================
    18:37:07.0120 6380 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    18:37:07.0245 6380 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    18:37:07.0370 6380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    18:37:07.0370 6380 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    18:37:07.0385 6380 [ 68EB4C912CEEC60CAD478D9D4C9C338A ] \Device\Harddisk1\DR1
    18:37:11.0504 6380 \Device\Harddisk1\DR1 - ok
    18:37:11.0519 6380 ================ Scan VBR ==================================
    18:37:11.0550 6380 [ 661985AB0A09D3B9844180F6E96AC997 ] \Device\Harddisk0\DR0\Partition1
    18:37:11.0628 6380 \Device\Harddisk0\DR0\Partition1 - ok
    18:37:11.0628 6380 ============================================================
    18:37:11.0628 6380 Scan finished
    18:37:11.0628 6380 ============================================================
    18:37:11.0644 6600 Detected object count: 1
    18:37:11.0644 6600 Actual detected object count: 1
    18:37:34.0767 6600 \Device\Harddisk0\DR0\# - copied to quarantine
    18:37:34.0819 6600 \Device\Harddisk0\DR0 - copied to quarantine
    18:37:35.0090 6600 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    18:37:35.0105 6600 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    18:37:35.0152 6600 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    18:37:35.0168 6600 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    18:37:36.0369 6600 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    18:37:36.0478 6600 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    18:37:36.0478 6600 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    18:37:36.0509 6600 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    18:37:36.0775 6600 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    18:37:36.0993 6600 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    18:37:37.0024 6600 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    18:37:37.0102 6600 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    18:37:37.0133 6600 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    18:37:37.0274 6600 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    18:37:37.0367 6600 \Device\Harddisk0\DR0 - ok
    18:37:39.0629 6600 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    18:37:48.0163 5128 Deinitialize success
     
  19. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  20. Joshua Escandon

    Joshua Escandon TS Rookie Topic Starter

    ComboFix 12-08-28.03 - Josh 08/28/2012 22:55:08.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3980 [GMT -6:00]
    Running from: c:\users\Josh\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Complitly
    c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
    c:\program files (x86)\Complitly\FireFoxExtension.exe
    c:\program files (x86)\Complitly\InstTracker.exe
    c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
    c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
    c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
    c:\program files (x86)\Complitly\unins000.dat
    c:\program files (x86)\Complitly\unins000.exe
    c:\users\Josh\AppData\Local\Temp\_MEI39163\_ctypes.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\_elementtree.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\_hashlib.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\_socket.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\_ssl.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\pyexpat.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\pysqlite2._sqlite.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\python26.dll
    c:\users\Josh\AppData\Local\Temp\_MEI39163\pythoncom26.dll
    c:\users\Josh\AppData\Local\Temp\_MEI39163\PyWinTypes26.dll
    c:\users\Josh\AppData\Local\Temp\_MEI39163\select.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\unicodedata.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\win32api.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\win32com.shell.shell.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\win32crypt.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\win32event.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\win32file.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\win32inet.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\win32pdh.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\win32process.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\windows._cacheinvalidation.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wx._controls_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wx._core_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wx._gdi_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wx._html2.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wx._misc_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wx._windows_.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wx._wizard.pyd
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wxbase293u_net_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wxbase293u_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wxmsw293u_adv_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wxmsw293u_core_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wxmsw293u_html_vc.dll
    c:\users\Josh\AppData\Local\Temp\_MEI39163\wxmsw293u_webview_vc.dll
    c:\users\Josh\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
    c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\1rqugoyq.default\searchplugins\bing-zugo.xml
    c:\windows\iun6002.exe
    c:\windows\svchost.exe
    c:\windows\SysWow64\config\systemprofile\0.4566031319428653.exe
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-29 00:37 . 2012-08-29 00:37 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-28 08:37 . 2012-08-28 08:37 -------- d-----w- C:\FRST
    2012-08-23 06:24 . 2012-08-20 07:53 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EFEBBB1-9554-47E1-B046-E2DBD60D031E}\mpengine.dll
    2012-08-23 06:24 . 2012-02-09 20:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F9DADED-FAE1-4B7D-94ED-335401612BD9}\gapaengine.dll
    2012-08-23 06:22 . 2012-08-23 06:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-23 06:22 . 2012-08-23 06:22 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-23 06:20 . 2012-08-23 06:20 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-08-23 06:19 . 2012-08-23 06:19 -------- d-----w- c:\program files (x86)\Java
    2012-08-07 21:17 . 2012-08-07 21:17 -------- d-----w- c:\users\Default\AppData\Local\Google
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-23 06:20 . 2011-11-23 07:00 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-21 05:50 . 2012-04-25 09:21 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-08-21 05:50 . 2012-04-25 09:13 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-08-21 05:49 . 2012-04-25 09:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-08-15 21:46 . 2012-06-21 21:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 21:46 . 2011-11-23 07:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-22 05:37 . 2012-04-18 06:45 1056 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-07-18 09:25 . 2012-07-18 09:25 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\E061.tmp
    2012-07-18 09:25 . 2012-07-18 09:25 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\E050.tmp
    2012-06-12 03:08 . 2012-07-11 09:02 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:43 . 2012-07-11 05:50 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-11 05:50 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 05:50 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 05:50 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 05:50 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 05:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 05:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-22 16:56 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 16:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 16:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 16:57 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 16:56 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 16:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 16:56 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 21:19 . 2012-06-22 16:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 21:15 . 2012-06-22 16:56 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 12:49 . 2012-07-11 09:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-11 09:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-11 09:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-11 09:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-11 09:00 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-11 09:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-11 09:01 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-11 09:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-11 09:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-11 09:00 818688 ----a-w- c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-11 09:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-11 09:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-11 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-11 09:01 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-11 09:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-11 09:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-11 09:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-11 09:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-11 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50 . 2012-07-11 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 05:50 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 05:50 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 05:50 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 05:50 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 05:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 05:50 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 05:50 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 05:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
    2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
    "{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-23 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-08 17425072]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-11 343168]
    "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2011-03-10 532480]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
    "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
    "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
    "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-3-2 2745760]
    Content Manager Assistant for PlayStation(R).lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-08-25 95544]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-18 21712]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-03 175192]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-08-25 203320]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-06-10 482384]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-11 204288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-11 10496512]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-11 326656]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
    S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-02-23 20592]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 21:46]
    .
    2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 17:56]
    .
    2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 17:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-07-20 21:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-21 11786344]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-21 2207848]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\1rqugoyq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z149&install_date=20120526
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z149&form=ZGAADF&install_date=20120526&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    SafeBoot-39693573.sys
    Toolbar-Locked - (no file)
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-Freecorder_1.0 - c:\windows\iun6002.exe
    AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-29 00:31:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-29 06:31
    .
    Pre-Run: 296,567,418,880 bytes free
    Post-Run: 322,253,221,888 bytes free
    .
    - - End Of File - - 426C2CEF9C8A0169D5459C273483B939
     
  21. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Looks good :)

    Any current issues?

    ================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.