TechSpot

Svchost.exe trojan.agent, along with a few others I believe

Solved
By ClineStine
Jul 16, 2012
  1. Hello, first of I want to thank you people for what your doing here! its wonderful how many people you guys are helping here! So thank you in advance for your time and help :)

    I am using toshiba satellite L745 64-bit windows 7 home premium
    Ive read the preliminary removal instructions. I have malwarebytes pro 1.62.0.1300 and have downloaded GMER and dds (saved as screen saver?) awaiting instructions before I run anything.

    my norton has expired, but still scans and blocks certain things it seems, and tells if files are safe or not. but has not helped much at all in finding trojans or anything really.
    Should I download avast or MSE? or stay with norton I cant reactivate as I live in poverty.

    My main issue has been random audio commercials playing.
    also on any website (exporer and firefox) random words are turned into hyperlinks for ads.
    I've had the blue screen of death everytime trying to intall or run (cant remember) Autodesk 3ds max design, hasnt happened in a while, it does a memory dump I believe.
    and about 50% of the time when I restart or turn laptop on I get a grey error screen with a code similar to f3-f1000-00 cant remember exact numbers but when googled cannont find my error code exactly.
    The audio ads started quite some time ago and went away on their own, either that or I did something to stop/block temporarly, or, it seemed to go away because at the time I left my laptop on for extended times without restart or shutdown, just sleeping.

    the ads came back recently after restarting laptop after using auslogics boostspeed to clean registry I think or I fragmented disk, ive used the boostspeed to do a few things. after that audio ads promptly came back.

    after reading up on the issues I obtained malwarebytes today and ran a full scan today, it showed about 15 items with three trojan.agents in C: windows\svchost.exe, two rootkit.zeroaccess among other adware and sketchy sounding vendors.
    even after removing an/or quarantine ads and hyperlink issues remain.
    I have CONSTANT attacks blocked with malbytes from a different port everytime, sometimes same websites.

    P 38807 site 109.163.231.236 was first to come from azureus.exe and has not since
    otherwise everytime since it is svchost.exe outgoing
    sites: 206.161.121.126 - 78.41.203.125 - 206.161.121.126 (3 times) 206.161.121.3 (2 times) 78.41.203.125... these are the ones I noticed and wrote down
    also the commercial ads are usually random intervals but almost always come in TWOS playing at same time!

    Thank you for your time.
     
  2. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    im aware these problems more than likely came from using Vuze p2p to download music, in which I have learned my lesson :(
     
  3. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    Thank you Broni for taking this up. I see its much reading and some time to help these matters.

    GMER would not produce a log, I disabled norton and malwarebytes and internet adapter, tried in safe mode too, made multiple attemps at no avail. After the initial quick scan nothing comes up at all saved the log anyways but opened it and its blank.

    On DDS I see that my WINDOWS DEFENDER is Disabled and I Dont believe ive disabled not aware of what it is exactly or that I had it.
    also I have two Nortons?
     
  5. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.17.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    TLC :: TLC-PC [administrator]
    Protection: Enabled
    7/16/2012 10:06:58 PM
    mbam-log-2012-07-16 (22-06-58).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 268326
    Time elapsed: 3 minute(s), 44 second(s)
    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4548 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    (end)
     
  6. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/25/2011 10:05:12 AM
    System Uptime: 7/16/2012 11:25:31 PM (0 hours ago)
    .
    Motherboard: Intel Corp. | | Base Board Product Name
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 386.51 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
    Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\4&13A08DB7&0&00E5
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\4&13A08DB7&0&00E5
    Service: RTL8192Ce
    .
    ==== System Restore Points ===================
    .
    RP99: 7/13/2012 3:00:12 AM - Windows Update
    RP100: 7/14/2012 1:40:02 AM - Windows Update
    RP101: 7/14/2012 3:00:17 AM - Windows Update
    RP102: 7/15/2012 3:00:14 AM - Windows Update
    RP103: 7/16/2012 3:00:18 AM - Windows Update
    RP104: 7/16/2012 1:20:14 PM - Removed Google Drive
    RP105: 7/16/2012 8:47:00 PM - Installed HiJackThis
    RP106: 7/16/2012 9:23:03 PM - Windows Update
    RP107: 7/16/2012 9:28:33 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X MUI
    Ask Toolbar
    Ask Toolbar Updater
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Auslogics BoostSpeed
    Autodesk Backburner 2013.0.0
    Autodesk Civil View for 3ds Max Design 2013
    Autodesk Material Library 2013
    Autodesk Material Library Base Resolution Image Library 2013
    Autodesk Material Library Medium Resolution Image Library 2013
    Best Buy pc app
    BitZipper 2010
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conquer Online 2.0
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DivX Setup
    Expert PDF 7 Reader
    File Type Assistant
    Google Chrome
    Google Update Helper
    HiJackThis
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    Label@Once 1.0
    Magic ISO Maker v5.4 (build 0239)
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Norton AntiVirus
    PianoFX STUDIO 4.0
    PlayReady PC Runtime x86
    Realtek USB 2.0 Reader Driver
    Realtek WLAN Driver
    Rosetta Stone Version 3
    Sansa Updater
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Service Station
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBA Wireless LAN Indicator
    ToshibaRegistration
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 2.0.1
    Vuze
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/9/2012 7:47:02 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user TLC-PC\TLC SID (S-1-5-21-3521774429-2675038-2825181902-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/16/2012 9:29:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
    7/16/2012 9:29:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
    7/16/2012 7:28:54 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    7/16/2012 4:19:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    7/16/2012 11:47:11 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    7/16/2012 11:47:11 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    7/16/2012 11:47:11 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    7/16/2012 10:55:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/16/2012 10:55:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/16/2012 10:55:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/16/2012 10:55:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/16/2012 10:55:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/16/2012 10:55:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/16/2012 10:55:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    7/16/2012 10:54:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    7/16/2012 10:54:57 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    7/16/2012 10:54:54 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/16/2012 10:54:54 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/15/2012 7:35:05 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service has not been started.
    7/14/2012 12:57:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002eb7fca, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 071412-30139-01.
    7/13/2012 11:36:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e7a32f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 071312-31200-01.
    7/12/2012 10:46:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.
    .
    ==== End Of File ===========================
     
  7. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by TLC at 23:47:59 on 2012-07-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1706 [GMT -7:00]
    .
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Toshiba\TBS\HSON.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\TECO\Teco.exe
    C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
    C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    -netsvcs
    C:\windows\system32\conhost.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://start.toshiba.com/g/
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: AutorunsDisabled - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.55.1
    TCP: Interfaces\{5DE77CBF-A38A-4A31-8240-E6AB82D9DE4D} : DhcpNameServer = 192.168.55.1
    TCP: Interfaces\{5DE77CBF-A38A-4A31-8240-E6AB82D9DE4D}\2375942554739343 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5DE77CBF-A38A-4A31-8240-E6AB82D9DE4D}\2716A67616D6D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{5DE77CBF-A38A-4A31-8240-E6AB82D9DE4D}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: AutorunsDisabled - No File
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\ezn15uzn.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
    FF - plugin: C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\ezn15uzn.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112454
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - f04f7068000000000000d0df9a65cae6
    FF - user.js: extensions.BabylonToolbar_i.hardId - f04f7068000000000000d0df9a65cae6
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15466
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:17:30
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQy8ShW9V
    FF - user.js: extensions.incredibar_i.upn2n - 92542927961203623
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10650
    FF - user.js: extensions.incredibar_i.ppd - 20%5F6
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQy8ShW9V&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - f04f7068000000000000d0df9a65cae6
    FF - user.js: extensions.incredibar_i.instlDay - 15482
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.142:21:48
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120715.001\IDSviA64.sys [2012-7-16 509088]
    R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NAVx64\1207010.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
    R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-14 86016]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-13 2656280]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-7 138912]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-13 54136]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
    R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-13 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-11 250056]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-28 1432400]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-13 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-24 113120]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-17 05:23:45 20480 ----a-w- C:\windows\svchost.exe
    2012-07-17 03:48:29 388096 ----a-r- C:\Users\TLC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-07-17 03:48:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-07-16 17:52:26 -------- d-----w- C:\Users\TLC\AppData\Roaming\Malwarebytes
    2012-07-16 17:50:20 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-16 17:50:16 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-07-16 17:50:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-14 06:00:14 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-07-14 06:00:14 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-07-11 10:07:27 3148800 ----a-w- C:\windows\System32\win32k.sys
    2012-07-11 09:00:10 2004480 ----a-w- C:\windows\System32\msxml6.dll
    2012-07-11 09:00:10 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-07-11 09:00:09 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
    2012-07-11 09:00:09 2048 ----a-w- C:\windows\System32\msxml3r.dll
    2012-07-11 09:00:09 1881600 ----a-w- C:\windows\System32\msxml3.dll
    2012-07-11 09:00:09 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-06-29 01:37:43 -------- d-----w- C:\Users\TLC\AppData\Roaming\Auslogics
    2012-06-29 01:32:10 -------- d-----w- C:\Program Files (x86)\Auslogics
    2012-06-29 00:44:37 -------- d-----w- C:\Users\TLC\AppData\Local\Autodesk
    2012-06-29 00:35:08 -------- d-----w- C:\Program Files (x86)\Autodesk
    2012-06-29 00:32:05 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
    2012-06-29 00:18:54 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
    2012-06-29 00:18:54 -------- d-----w- C:\Program Files\Autodesk
    2012-06-29 00:12:02 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
    2012-06-29 00:10:59 68104 ----a-w- C:\windows\System32\XAPOFX1_0.dll
    2012-06-28 19:58:36 -------- d-----w- C:\Users\TLC\AppData\Roaming\Autodesk
    2012-06-24 19:23:54 -------- d-----w- C:\Users\TLC\AppData\Local\Macromedia
    2012-06-19 08:12:09 -------- d-----w- C:\ProgramData\VirtualizedApplications
    2012-06-19 06:08:22 2622464 ----a-w- C:\windows\System32\wucltux.dll
    2012-06-19 06:07:54 99840 ----a-w- C:\windows\System32\wudriver.dll
    2012-06-19 06:07:41 36864 ----a-w- C:\windows\System32\wuapp.exe
    2012-06-19 06:07:41 186752 ----a-w- C:\windows\System32\wuwebv.dll
    2012-06-19 04:39:40 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2012-06-19 04:35:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-06-19 04:34:47 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-06-19 04:34:18 -------- d-----w- C:\Users\TLC\AppData\Local\Microsoft Help
    2012-06-19 04:25:39 -------- d-----w- C:\Users\TLC\AppData\Local\SoftGrid Client
    2012-06-19 04:25:38 -------- d-----w- C:\Users\TLC\AppData\Roaming\SoftGrid Client
    2012-06-19 04:24:45 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
    2012-06-19 04:24:13 -------- d-----w- C:\Users\TLC\AppData\Roaming\TP
    .
    ==================== Find3M ====================
    .
    2012-07-12 03:20:49 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 03:20:49 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    2012-05-02 01:12:51 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 23:49:24.26 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Windows Defender is totally worthless so it really doesn't matter if it runs or not.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    22:29:49.0911 4552 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
    22:29:50.0425 4552 ============================================================
    22:29:50.0425 4552 Current date / time: 2012/07/17 22:29:50.0425
    22:29:50.0425 4552 SystemInfo:
    22:29:50.0425 4552
    22:29:50.0425 4552 OS Version: 6.1.7601 ServicePack: 1.0
    22:29:50.0425 4552 Product type: Workstation
    22:29:50.0425 4552 ComputerName: TLC-PC
    22:29:50.0425 4552 UserName: TLC
    22:29:50.0425 4552 Windows directory: C:\windows
    22:29:50.0425 4552 System windows directory: C:\windows
    22:29:50.0425 4552 Running under WOW64
    22:29:50.0425 4552 Processor architecture: Intel x64
    22:29:50.0425 4552 Number of processors: 4
    22:29:50.0425 4552 Page size: 0x1000
    22:29:50.0425 4552 Boot type: Normal boot
    22:29:50.0425 4552 ============================================================
    22:29:51.0127 4552 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:29:51.0127 4552 ============================================================
    22:29:51.0127 4552 \Device\Harddisk0\DR0:
    22:29:51.0127 4552 MBR partitions:
    22:29:51.0127 4552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800
    22:29:51.0127 4552 ============================================================
    22:29:51.0174 4552 C: <-> \Device\Harddisk0\DR0\Partition0
    22:29:51.0190 4552 ============================================================
    22:29:51.0190 4552 Initialize success
    22:29:51.0190 4552 ============================================================
    22:30:27.0764 7800 ============================================================
    22:30:27.0764 7800 Scan started
    22:30:27.0764 7800 Mode: Manual;
    22:30:27.0764 7800 ============================================================
    22:30:30.0182 7800 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    22:30:30.0182 7800 1394ohci - ok
    22:30:30.0245 7800 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    22:30:30.0245 7800 ACPI - ok
    22:30:30.0276 7800 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    22:30:30.0276 7800 AcpiPmi - ok
    22:30:30.0494 7800 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:30:30.0494 7800 AdobeFlashPlayerUpdateSvc - ok
    22:30:30.0572 7800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    22:30:30.0572 7800 adp94xx - ok
    22:30:30.0635 7800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    22:30:30.0650 7800 adpahci - ok
    22:30:30.0682 7800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    22:30:30.0682 7800 adpu320 - ok
    22:30:30.0728 7800 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    22:30:30.0728 7800 AeLookupSvc - ok
    22:30:30.0791 7800 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    22:30:30.0791 7800 AFD - ok
    22:30:30.0822 7800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    22:30:30.0822 7800 agp440 - ok
    22:30:30.0853 7800 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    22:30:30.0853 7800 ALG - ok
    22:30:30.0869 7800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    22:30:30.0869 7800 aliide - ok
    22:30:30.0884 7800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    22:30:30.0884 7800 amdide - ok
    22:30:30.0900 7800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    22:30:30.0916 7800 AmdK8 - ok
    22:30:30.0916 7800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
    22:30:30.0916 7800 AmdPPM - ok
    22:30:30.0962 7800 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    22:30:30.0962 7800 amdsata - ok
    22:30:30.0994 7800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    22:30:30.0994 7800 amdsbs - ok
    22:30:31.0009 7800 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    22:30:31.0009 7800 amdxata - ok
    22:30:31.0040 7800 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    22:30:31.0040 7800 AppID - ok
    22:30:31.0072 7800 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    22:30:31.0072 7800 AppIDSvc - ok
    22:30:31.0087 7800 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    22:30:31.0087 7800 Appinfo - ok
    22:30:31.0118 7800 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    22:30:31.0134 7800 arc - ok
    22:30:31.0134 7800 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    22:30:31.0134 7800 arcsas - ok
    22:30:31.0243 7800 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:30:31.0274 7800 aspnet_state - ok
    22:30:31.0321 7800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    22:30:31.0321 7800 AsyncMac - ok
    22:30:31.0352 7800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    22:30:31.0352 7800 atapi - ok
    22:30:31.0415 7800 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    22:30:31.0415 7800 AudioEndpointBuilder - ok
    22:30:31.0430 7800 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    22:30:31.0430 7800 AudioSrv - ok
    22:30:31.0462 7800 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    22:30:31.0462 7800 AxInstSV - ok
    22:30:31.0508 7800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    22:30:31.0508 7800 b06bdrv - ok
    22:30:31.0540 7800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    22:30:31.0555 7800 b57nd60a - ok
    22:30:31.0602 7800 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    22:30:31.0602 7800 BDESVC - ok
    22:30:31.0649 7800 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    22:30:31.0649 7800 Beep - ok
    22:30:31.0711 7800 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
    22:30:31.0711 7800 BFE - ok
    22:30:31.0930 7800 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
    22:30:31.0945 7800 BHDrvx64 - ok
    22:30:32.0086 7800 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
    22:30:32.0101 7800 BITS - ok
    22:30:32.0179 7800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    22:30:32.0179 7800 blbdrive - ok
    22:30:32.0210 7800 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    22:30:32.0226 7800 bowser - ok
    22:30:32.0257 7800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    22:30:32.0257 7800 BrFiltLo - ok
    22:30:32.0257 7800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    22:30:32.0257 7800 BrFiltUp - ok
    22:30:32.0304 7800 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    22:30:32.0304 7800 Browser - ok
    22:30:32.0366 7800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    22:30:32.0366 7800 Brserid - ok
    22:30:32.0382 7800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    22:30:32.0382 7800 BrSerWdm - ok
    22:30:32.0398 7800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    22:30:32.0398 7800 BrUsbMdm - ok
    22:30:32.0398 7800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    22:30:32.0398 7800 BrUsbSer - ok
    22:30:32.0413 7800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    22:30:32.0413 7800 BTHMODEM - ok
    22:30:32.0460 7800 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    22:30:32.0476 7800 bthserv - ok
    22:30:32.0491 7800 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    22:30:32.0491 7800 cdfs - ok
    22:30:32.0522 7800 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    22:30:32.0522 7800 cdrom - ok
    22:30:32.0554 7800 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    22:30:32.0569 7800 CertPropSvc - ok
    22:30:32.0585 7800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    22:30:32.0585 7800 circlass - ok
    22:30:32.0647 7800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    22:30:32.0647 7800 CLFS - ok
    22:30:32.0710 7800 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:30:32.0710 7800 clr_optimization_v2.0.50727_32 - ok
    22:30:32.0756 7800 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:30:32.0756 7800 clr_optimization_v2.0.50727_64 - ok
    22:30:32.0850 7800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:30:32.0850 7800 clr_optimization_v4.0.30319_32 - ok
    22:30:32.0881 7800 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:30:32.0881 7800 clr_optimization_v4.0.30319_64 - ok
    22:30:32.0912 7800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    22:30:32.0912 7800 CmBatt - ok
    22:30:32.0928 7800 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    22:30:32.0928 7800 cmdide - ok
    22:30:32.0990 7800 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
    22:30:33.0006 7800 CNG - ok
    22:30:33.0131 7800 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
    22:30:33.0146 7800 CnxtHdAudService - ok
    22:30:33.0256 7800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    22:30:33.0256 7800 Compbatt - ok
    22:30:33.0271 7800 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
    22:30:33.0287 7800 CompositeBus - ok
    22:30:33.0302 7800 COMSysApp - ok
    22:30:33.0318 7800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    22:30:33.0318 7800 crcdisk - ok
    22:30:33.0380 7800 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
    22:30:33.0380 7800 CryptSvc - ok
    22:30:33.0536 7800 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    22:30:33.0536 7800 cvhsvc - ok
    22:30:33.0599 7800 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    22:30:33.0599 7800 DcomLaunch - ok
    22:30:33.0630 7800 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    22:30:33.0661 7800 defragsvc - ok
    22:30:33.0708 7800 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    22:30:33.0724 7800 DfsC - ok
    22:30:33.0739 7800 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    22:30:33.0739 7800 Dhcp - ok
    22:30:33.0770 7800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    22:30:33.0770 7800 discache - ok
    22:30:33.0817 7800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    22:30:33.0817 7800 Disk - ok
    22:30:33.0833 7800 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    22:30:33.0833 7800 Dnscache - ok
    22:30:33.0880 7800 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    22:30:33.0880 7800 dot3svc - ok
    22:30:33.0895 7800 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    22:30:33.0895 7800 DPS - ok
    22:30:33.0911 7800 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    22:30:33.0911 7800 drmkaud - ok
    22:30:33.0973 7800 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    22:30:33.0973 7800 DXGKrnl - ok
    22:30:34.0020 7800 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    22:30:34.0020 7800 EapHost - ok
    22:30:34.0176 7800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    22:30:34.0238 7800 ebdrv - ok
    22:30:34.0410 7800 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    22:30:34.0426 7800 eeCtrl - ok
    22:30:34.0519 7800 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    22:30:34.0519 7800 EFS - ok
    22:30:34.0613 7800 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    22:30:34.0613 7800 ehRecvr - ok
    22:30:34.0644 7800 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    22:30:34.0644 7800 ehSched - ok
    22:30:34.0722 7800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    22:30:34.0722 7800 elxstor - ok
    22:30:34.0847 7800 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:30:34.0847 7800 EraserUtilRebootDrv - ok
    22:30:34.0862 7800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    22:30:34.0862 7800 ErrDev - ok
    22:30:34.0940 7800 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    22:30:34.0940 7800 EventSystem - ok
    22:30:34.0987 7800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    22:30:34.0987 7800 exfat - ok
    22:30:35.0018 7800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    22:30:35.0018 7800 fastfat - ok
    22:30:35.0096 7800 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    22:30:35.0096 7800 Fax - ok
    22:30:35.0128 7800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    22:30:35.0128 7800 fdc - ok
    22:30:35.0159 7800 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    22:30:35.0159 7800 fdPHost - ok
    22:30:35.0174 7800 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    22:30:35.0174 7800 FDResPub - ok
    22:30:35.0206 7800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    22:30:35.0206 7800 FileInfo - ok
    22:30:35.0221 7800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    22:30:35.0221 7800 Filetrace - ok
    22:30:35.0377 7800 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:30:35.0393 7800 FLEXnet Licensing Service - ok
    22:30:35.0533 7800 FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    22:30:35.0596 7800 FLEXnet Licensing Service 64 - ok
    22:30:35.0705 7800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    22:30:35.0705 7800 flpydisk - ok
    22:30:35.0736 7800 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    22:30:35.0736 7800 FltMgr - ok
    22:30:35.0798 7800 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    22:30:35.0814 7800 FontCache - ok
    22:30:35.0892 7800 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:30:35.0892 7800 FontCache3.0.0.0 - ok
    22:30:35.0939 7800 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    22:30:35.0939 7800 FsDepends - ok
    22:30:35.0970 7800 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
    22:30:35.0970 7800 Fs_Rec - ok
    22:30:36.0017 7800 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    22:30:36.0017 7800 fvevol - ok
    22:30:36.0048 7800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    22:30:36.0048 7800 gagp30kx - ok
    22:30:36.0188 7800 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    22:30:36.0204 7800 gpsvc - ok
    22:30:36.0313 7800 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:30:36.0313 7800 gupdate - ok
    22:30:36.0376 7800 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:30:36.0376 7800 gupdatem - ok
    22:30:36.0407 7800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    22:30:36.0407 7800 hcw85cir - ok
    22:30:36.0454 7800 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    22:30:36.0454 7800 HdAudAddService - ok
    22:30:36.0500 7800 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
    22:30:36.0500 7800 HDAudBus - ok
    22:30:36.0500 7800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    22:30:36.0500 7800 HidBatt - ok
    22:30:36.0500 7800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    22:30:36.0500 7800 HidBth - ok
    22:30:36.0547 7800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    22:30:36.0547 7800 HidIr - ok
    22:30:36.0578 7800 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
    22:30:36.0578 7800 hidserv - ok
    22:30:36.0610 7800 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
    22:30:36.0610 7800 HidUsb - ok
    22:30:36.0641 7800 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    22:30:36.0641 7800 hkmsvc - ok
    22:30:36.0672 7800 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    22:30:36.0672 7800 HomeGroupListener - ok
    22:30:36.0719 7800 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    22:30:36.0719 7800 HomeGroupProvider - ok
    22:30:36.0750 7800 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    22:30:36.0750 7800 HpSAMD - ok
    22:30:36.0797 7800 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    22:30:36.0812 7800 HTTP - ok
    22:30:36.0828 7800 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    22:30:36.0828 7800 hwpolicy - ok
    22:30:36.0859 7800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    22:30:36.0859 7800 i8042prt - ok
    22:30:36.0906 7800 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
    22:30:36.0922 7800 iaStor - ok
    22:30:36.0968 7800 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    22:30:36.0984 7800 iaStorV - ok
    22:30:37.0109 7800 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    22:30:37.0124 7800 IDriverT - ok
    22:30:37.0234 7800 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:30:37.0234 7800 idsvc - ok
    22:30:37.0421 7800 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120715.001\IDSvia64.sys
    22:30:37.0421 7800 IDSVia64 - ok
    22:30:37.0936 7800 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
    22:30:38.0216 7800 igfx - ok
    22:30:38.0341 7800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    22:30:38.0341 7800 iirsp - ok
    22:30:38.0404 7800 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    22:30:38.0404 7800 IKEEXT - ok
    22:30:38.0466 7800 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
    22:30:38.0466 7800 IntcDAud - ok
    22:30:38.0497 7800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    22:30:38.0513 7800 intelide - ok
    22:30:38.0528 7800 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    22:30:38.0528 7800 intelppm - ok
    22:30:38.0575 7800 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    22:30:38.0575 7800 IPBusEnum - ok
    22:30:38.0591 7800 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    22:30:38.0591 7800 IpFilterDriver - ok
    22:30:38.0622 7800 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
    22:30:38.0638 7800 iphlpsvc - ok
    22:30:38.0653 7800 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    22:30:38.0653 7800 IPMIDRV - ok
    22:30:38.0669 7800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    22:30:38.0669 7800 IPNAT - ok
    22:30:38.0716 7800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    22:30:38.0716 7800 IRENUM - ok
    22:30:38.0716 7800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    22:30:38.0716 7800 isapnp - ok
    22:30:38.0747 7800 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    22:30:38.0762 7800 iScsiPrt - ok
    22:30:38.0778 7800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    22:30:38.0778 7800 kbdclass - ok
    22:30:38.0794 7800 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
    22:30:38.0794 7800 kbdhid - ok
    22:30:38.0825 7800 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:30:38.0825 7800 KeyIso - ok
    22:30:38.0856 7800 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
    22:30:38.0856 7800 KSecDD - ok
    22:30:38.0872 7800 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
    22:30:38.0887 7800 KSecPkg - ok
    22:30:38.0918 7800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    22:30:38.0918 7800 ksthunk - ok
    22:30:38.0950 7800 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    22:30:38.0981 7800 KtmRm - ok
    22:30:39.0028 7800 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
    22:30:39.0028 7800 L1C - ok
    22:30:39.0074 7800 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
    22:30:39.0074 7800 LanmanServer - ok
    22:30:39.0106 7800 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    22:30:39.0121 7800 LanmanWorkstation - ok
    22:30:39.0152 7800 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    22:30:39.0168 7800 lltdio - ok
    22:30:39.0215 7800 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    22:30:39.0215 7800 lltdsvc - ok
    22:30:39.0246 7800 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    22:30:39.0246 7800 lmhosts - ok
    22:30:39.0355 7800 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:30:39.0355 7800 LMS - ok
    22:30:39.0402 7800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    22:30:39.0402 7800 LSI_FC - ok
    22:30:39.0418 7800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    22:30:39.0433 7800 LSI_SAS - ok
    22:30:39.0449 7800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    22:30:39.0449 7800 LSI_SAS2 - ok
    22:30:39.0464 7800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    22:30:39.0480 7800 LSI_SCSI - ok
    22:30:39.0511 7800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    22:30:39.0511 7800 luafv - ok
    22:30:39.0589 7800 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys
    22:30:39.0589 7800 MBAMProtector - ok
    22:30:39.0667 7800 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:30:39.0683 7800 MBAMService - ok
    22:30:39.0714 7800 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    22:30:39.0714 7800 Mcx2Svc - ok
    22:30:39.0745 7800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    22:30:39.0745 7800 megasas - ok
    22:30:39.0792 7800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    22:30:39.0792 7800 MegaSR - ok
    22:30:39.0839 7800 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
    22:30:39.0839 7800 MEIx64 - ok
    22:30:39.0964 7800 mi-raysat_3dsmax2013_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    22:30:39.0964 7800 mi-raysat_3dsmax2013_64 - ok
    22:30:40.0088 7800 Microsoft SharePoint Workspace Audit Service - ok
    22:30:40.0135 7800 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    22:30:40.0135 7800 MMCSS - ok
    22:30:40.0166 7800 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    22:30:40.0166 7800 Modem - ok
    22:30:40.0198 7800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    22:30:40.0198 7800 monitor - ok
    22:30:40.0229 7800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    22:30:40.0229 7800 mouclass - ok
    22:30:40.0260 7800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
    22:30:40.0260 7800 mouhid - ok
    22:30:40.0307 7800 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    22:30:40.0307 7800 mountmgr - ok
    22:30:40.0432 7800 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:30:40.0556 7800 MozillaMaintenance - ok
    22:30:40.0619 7800 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    22:30:40.0619 7800 mpio - ok
    22:30:40.0650 7800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    22:30:40.0650 7800 mpsdrv - ok
    22:30:40.0712 7800 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
    22:30:40.0712 7800 MpsSvc - ok
    22:30:40.0728 7800 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    22:30:40.0744 7800 MRxDAV - ok
    22:30:40.0775 7800 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    22:30:40.0775 7800 mrxsmb - ok
    22:30:40.0806 7800 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    22:30:40.0806 7800 mrxsmb10 - ok
    22:30:40.0822 7800 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    22:30:40.0822 7800 mrxsmb20 - ok
    22:30:40.0853 7800 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
    22:30:40.0853 7800 msahci - ok
    22:30:40.0884 7800 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    22:30:40.0884 7800 msdsm - ok
    22:30:40.0915 7800 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    22:30:40.0915 7800 MSDTC - ok
    22:30:40.0946 7800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    22:30:40.0946 7800 Msfs - ok
    22:30:40.0946 7800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    22:30:40.0946 7800 mshidkmdf - ok
    22:30:40.0978 7800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    22:30:40.0978 7800 msisadrv - ok
    22:30:41.0009 7800 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    22:30:41.0024 7800 MSiSCSI - ok
    22:30:41.0024 7800 msiserver - ok
    22:30:41.0071 7800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    22:30:41.0071 7800 MSKSSRV - ok
    22:30:41.0087 7800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    22:30:41.0087 7800 MSPCLOCK - ok
    22:30:41.0118 7800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    22:30:41.0118 7800 MSPQM - ok
    22:30:41.0149 7800 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    22:30:41.0149 7800 MsRPC - ok
    22:30:41.0165 7800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    22:30:41.0165 7800 mssmbios - ok
    22:30:41.0180 7800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    22:30:41.0180 7800 MSTEE - ok
    22:30:41.0180 7800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    22:30:41.0196 7800 MTConfig - ok
    22:30:41.0212 7800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    22:30:41.0212 7800 Mup - ok
    22:30:41.0258 7800 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    22:30:41.0274 7800 napagent - ok
    22:30:41.0321 7800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    22:30:41.0321 7800 NativeWifiP - ok
    22:30:41.0461 7800 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
    22:30:41.0461 7800 NAV - ok
    22:30:41.0602 7800 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120716.018\ENG64.SYS
    22:30:41.0602 7800 NAVENG - ok
     
  10. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    22:30:41.0726 7800 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120716.018\EX64.SYS
    22:30:41.0742 7800 NAVEX15 - ok
    22:30:41.0898 7800 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
    22:30:41.0914 7800 NDIS - ok
    22:30:41.0929 7800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    22:30:41.0929 7800 NdisCap - ok
    22:30:41.0945 7800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    22:30:41.0945 7800 NdisTapi - ok
    22:30:41.0992 7800 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    22:30:41.0992 7800 Ndisuio - ok
    22:30:42.0007 7800 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    22:30:42.0023 7800 NdisWan - ok
    22:30:42.0038 7800 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    22:30:42.0038 7800 NDProxy - ok
    22:30:42.0038 7800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    22:30:42.0054 7800 NetBIOS - ok
    22:30:42.0070 7800 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    22:30:42.0070 7800 NetBT - ok
    22:30:42.0101 7800 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:30:42.0101 7800 Netlogon - ok
    22:30:42.0553 7800 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    22:30:42.0584 7800 Netman - ok
    22:30:42.0694 7800 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:30:42.0709 7800 NetMsmqActivator - ok
    22:30:42.0709 7800 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:30:42.0709 7800 NetPipeActivator - ok
    22:30:42.0787 7800 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    22:30:42.0787 7800 netprofm - ok
    22:30:42.0818 7800 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:30:42.0818 7800 NetTcpActivator - ok
    22:30:42.0818 7800 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:30:42.0834 7800 NetTcpPortSharing - ok
    22:30:43.0302 7800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    22:30:43.0318 7800 nfrd960 - ok
    22:30:43.0364 7800 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    22:30:43.0364 7800 NlaSvc - ok
    22:30:43.0396 7800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    22:30:43.0396 7800 Npfs - ok
    22:30:43.0427 7800 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    22:30:43.0427 7800 nsi - ok
    22:30:43.0458 7800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    22:30:43.0458 7800 nsiproxy - ok
    22:30:43.0630 7800 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    22:30:43.0661 7800 Ntfs - ok
    22:30:43.0848 7800 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    22:30:43.0848 7800 Null - ok
    22:30:43.0895 7800 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    22:30:43.0895 7800 nvraid - ok
    22:30:43.0942 7800 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    22:30:43.0957 7800 nvstor - ok
    22:30:44.0004 7800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    22:30:44.0004 7800 nv_agp - ok
    22:30:44.0066 7800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    22:30:44.0066 7800 ohci1394 - ok
    22:30:44.0207 7800 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:30:44.0222 7800 ose - ok
    22:30:44.0675 7800 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:30:44.0784 7800 osppsvc - ok
    22:30:44.0940 7800 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    22:30:44.0940 7800 p2pimsvc - ok
    22:30:45.0034 7800 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    22:30:45.0065 7800 p2psvc - ok
    22:30:45.0127 7800 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    22:30:45.0127 7800 Parport - ok
    22:30:45.0174 7800 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
    22:30:45.0190 7800 partmgr - ok
    22:30:45.0268 7800 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    22:30:45.0268 7800 PcaSvc - ok
    22:30:45.0314 7800 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    22:30:45.0314 7800 pci - ok
    22:30:45.0330 7800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    22:30:45.0330 7800 pciide - ok
    22:30:45.0377 7800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    22:30:45.0377 7800 pcmcia - ok
    22:30:45.0392 7800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    22:30:45.0392 7800 pcw - ok
    22:30:45.0439 7800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    22:30:45.0439 7800 PEAUTH - ok
    22:30:45.0502 7800 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    22:30:45.0502 7800 PerfHost - ok
    22:30:45.0548 7800 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
    22:30:45.0548 7800 PGEffect - ok
    22:30:45.0626 7800 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    22:30:45.0642 7800 pla - ok
    22:30:45.0689 7800 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    22:30:45.0689 7800 PlugPlay - ok
    22:30:45.0704 7800 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    22:30:45.0704 7800 PNRPAutoReg - ok
    22:30:45.0736 7800 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    22:30:45.0736 7800 PNRPsvc - ok
    22:30:45.0782 7800 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    22:30:45.0782 7800 PolicyAgent - ok
    22:30:45.0814 7800 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    22:30:45.0814 7800 Power - ok
    22:30:45.0892 7800 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    22:30:45.0892 7800 PptpMiniport - ok
    22:30:45.0907 7800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    22:30:45.0907 7800 Processor - ok
    22:30:45.0954 7800 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
    22:30:45.0970 7800 ProfSvc - ok
    22:30:46.0016 7800 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:30:46.0016 7800 ProtectedStorage - ok
    22:30:46.0063 7800 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    22:30:46.0063 7800 Psched - ok
    22:30:46.0110 7800 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
    22:30:46.0126 7800 QIOMem - ok
    22:30:46.0297 7800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    22:30:46.0313 7800 ql2300 - ok
    22:30:46.0422 7800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    22:30:46.0422 7800 ql40xx - ok
    22:30:46.0453 7800 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    22:30:46.0469 7800 QWAVE - ok
    22:30:46.0484 7800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    22:30:46.0484 7800 QWAVEdrv - ok
    22:30:46.0500 7800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    22:30:46.0500 7800 RasAcd - ok
    22:30:46.0547 7800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    22:30:46.0547 7800 RasAgileVpn - ok
    22:30:46.0578 7800 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    22:30:46.0578 7800 RasAuto - ok
    22:30:46.0594 7800 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    22:30:46.0594 7800 Rasl2tp - ok
    22:30:46.0625 7800 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    22:30:46.0625 7800 RasMan - ok
    22:30:46.0656 7800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    22:30:46.0656 7800 RasPppoe - ok
    22:30:46.0687 7800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    22:30:46.0687 7800 RasSstp - ok
    22:30:46.0718 7800 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    22:30:46.0718 7800 rdbss - ok
    22:30:46.0734 7800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
    22:30:46.0734 7800 rdpbus - ok
    22:30:46.0765 7800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    22:30:46.0765 7800 RDPCDD - ok
    22:30:46.0781 7800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    22:30:46.0781 7800 RDPENCDD - ok
    22:30:46.0796 7800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    22:30:46.0796 7800 RDPREFMP - ok
    22:30:46.0843 7800 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
    22:30:46.0843 7800 RDPWD - ok
    22:30:46.0890 7800 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    22:30:46.0890 7800 rdyboost - ok
    22:30:46.0921 7800 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    22:30:46.0921 7800 RemoteAccess - ok
    22:30:46.0952 7800 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    22:30:46.0968 7800 RemoteRegistry - ok
    22:30:46.0999 7800 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    22:30:46.0999 7800 RpcEptMapper - ok
    22:30:47.0015 7800 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    22:30:47.0015 7800 RpcLocator - ok
    22:30:47.0062 7800 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    22:30:47.0062 7800 RpcSs - ok
    22:30:47.0093 7800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    22:30:47.0093 7800 rspndr - ok
    22:30:47.0140 7800 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
    22:30:47.0140 7800 RSUSBSTOR - ok
    22:30:47.0171 7800 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
    22:30:47.0202 7800 RSUSBVSTOR - ok
    22:30:47.0280 7800 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
    22:30:47.0296 7800 RTL8192Ce - ok
    22:30:47.0311 7800 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:30:47.0311 7800 SamSs - ok
    22:30:47.0358 7800 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    22:30:47.0358 7800 sbp2port - ok
    22:30:47.0389 7800 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    22:30:47.0405 7800 SCardSvr - ok
    22:30:47.0420 7800 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    22:30:47.0420 7800 scfilter - ok
    22:30:47.0467 7800 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    22:30:47.0483 7800 Schedule - ok
    22:30:47.0498 7800 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    22:30:47.0514 7800 SCPolicySvc - ok
    22:30:47.0530 7800 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    22:30:47.0545 7800 SDRSVC - ok
    22:30:47.0576 7800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    22:30:47.0576 7800 secdrv - ok
    22:30:47.0592 7800 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    22:30:47.0592 7800 seclogon - ok
    22:30:47.0608 7800 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
    22:30:47.0608 7800 SENS - ok
    22:30:47.0654 7800 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    22:30:47.0654 7800 SensrSvc - ok
    22:30:47.0701 7800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    22:30:47.0701 7800 Serenum - ok
    22:30:47.0732 7800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    22:30:47.0748 7800 Serial - ok
    22:30:47.0764 7800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    22:30:47.0764 7800 sermouse - ok
    22:30:47.0795 7800 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    22:30:47.0810 7800 SessionEnv - ok
    22:30:47.0810 7800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    22:30:47.0810 7800 sffdisk - ok
    22:30:47.0826 7800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    22:30:47.0826 7800 sffp_mmc - ok
    22:30:47.0826 7800 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    22:30:47.0826 7800 sffp_sd - ok
    22:30:47.0857 7800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    22:30:47.0857 7800 sfloppy - ok
    22:30:47.0935 7800 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
    22:30:47.0951 7800 Sftfs - ok
    22:30:48.0060 7800 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    22:30:48.0076 7800 sftlist - ok
    22:30:48.0169 7800 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
    22:30:48.0169 7800 Sftplay - ok
    22:30:48.0200 7800 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
    22:30:48.0200 7800 Sftredir - ok
    22:30:48.0232 7800 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
    22:30:48.0232 7800 Sftvol - ok
    22:30:48.0278 7800 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    22:30:48.0278 7800 sftvsa - ok
    22:30:48.0341 7800 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    22:30:48.0341 7800 SharedAccess - ok
    22:30:48.0388 7800 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    22:30:48.0388 7800 ShellHWDetection - ok
    22:30:48.0419 7800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    22:30:48.0434 7800 SiSRaid2 - ok
    22:30:48.0450 7800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    22:30:48.0450 7800 SiSRaid4 - ok
    22:30:48.0466 7800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    22:30:48.0466 7800 Smb - ok
    22:30:48.0497 7800 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    22:30:48.0512 7800 SNMPTRAP - ok
    22:30:48.0512 7800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    22:30:48.0512 7800 spldr - ok
    22:30:48.0544 7800 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    22:30:48.0559 7800 Spooler - ok
    22:30:48.0684 7800 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    22:30:48.0715 7800 sppsvc - ok
    22:30:48.0809 7800 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    22:30:48.0824 7800 sppuinotify - ok
    22:30:48.0965 7800 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS
    22:30:48.0980 7800 SRTSP - ok
    22:30:48.0996 7800 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
    22:30:48.0996 7800 SRTSPX - ok
    22:30:49.0027 7800 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    22:30:49.0043 7800 srv - ok
    22:30:49.0074 7800 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    22:30:49.0074 7800 srv2 - ok
    22:30:49.0136 7800 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
    22:30:49.0152 7800 SrvHsfHDA - ok
    22:30:49.0199 7800 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
    22:30:49.0214 7800 SrvHsfV92 - ok
    22:30:49.0355 7800 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
    22:30:49.0370 7800 SrvHsfWinac - ok
    22:30:49.0402 7800 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    22:30:49.0417 7800 srvnet - ok
    22:30:49.0464 7800 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    22:30:49.0464 7800 SSDPSRV - ok
    22:30:49.0480 7800 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    22:30:49.0480 7800 SstpSvc - ok
    22:30:49.0495 7800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    22:30:49.0495 7800 stexstor - ok
    22:30:49.0558 7800 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    22:30:49.0558 7800 stisvc - ok
    22:30:49.0573 7800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    22:30:49.0573 7800 swenum - ok
    22:30:49.0620 7800 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    22:30:49.0636 7800 swprv - ok
    22:30:49.0729 7800 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
    22:30:49.0760 7800 SymDS - ok
    22:30:49.0838 7800 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
    22:30:49.0854 7800 SymEFA - ok
    22:30:49.0901 7800 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    22:30:49.0932 7800 SymEvent - ok
    22:30:50.0010 7800 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
    22:30:50.0010 7800 SymIRON - ok
    22:30:50.0072 7800 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS
    22:30:50.0072 7800 SymNetS - ok
    22:30:50.0228 7800 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
    22:30:50.0244 7800 SynTP - ok
    22:30:50.0431 7800 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    22:30:50.0447 7800 SysMain - ok
    22:30:50.0556 7800 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    22:30:50.0556 7800 TabletInputService - ok
    22:30:50.0587 7800 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    22:30:50.0587 7800 TapiSrv - ok
    22:30:50.0587 7800 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    22:30:50.0603 7800 TBS - ok
    22:30:50.0728 7800 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
    22:30:50.0743 7800 Tcpip - ok
    22:30:50.0930 7800 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
    22:30:50.0946 7800 TCPIP6 - ok
    22:30:51.0040 7800 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    22:30:51.0040 7800 tcpipreg - ok
    22:30:51.0071 7800 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    22:30:51.0071 7800 tdcmdpst - ok
    22:30:51.0086 7800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    22:30:51.0086 7800 TDPIPE - ok
    22:30:51.0133 7800 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    22:30:51.0133 7800 TDTCP - ok
    22:30:51.0149 7800 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    22:30:51.0149 7800 tdx - ok
    22:30:51.0180 7800 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
    22:30:51.0180 7800 TermDD - ok
    22:30:51.0227 7800 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    22:30:51.0242 7800 TermService - ok
    22:30:51.0258 7800 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    22:30:51.0258 7800 Themes - ok
    22:30:51.0289 7800 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    22:30:51.0289 7800 THREADORDER - ok
    22:30:51.0398 7800 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    22:30:51.0398 7800 TMachInfo - ok
    22:30:51.0430 7800 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
    22:30:51.0430 7800 TODDSrv - ok
    22:30:51.0523 7800 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    22:30:51.0539 7800 TosCoSrv - ok
    22:30:51.0586 7800 TOSHIBA eco Utility Service (d0f868a67cb4d817a3f7abef8c42f49c) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    22:30:51.0586 7800 TOSHIBA eco Utility Service - ok
    22:30:51.0648 7800 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    22:30:51.0648 7800 TOSHIBA HDD SSD Alert Service - ok
    22:30:51.0710 7800 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
    22:30:51.0726 7800 tos_sps64 - ok
    22:30:51.0804 7800 TPCHSrv (d65c6b0c070534336b72005391b6168a) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    22:30:51.0804 7800 TPCHSrv - ok
    22:30:51.0898 7800 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    22:30:51.0913 7800 TrkWks - ok
    22:30:51.0960 7800 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    22:30:51.0960 7800 TrustedInstaller - ok
    22:30:52.0007 7800 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    22:30:52.0007 7800 tssecsrv - ok
    22:30:52.0022 7800 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    22:30:52.0022 7800 TsUsbFlt - ok
    22:30:52.0038 7800 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    22:30:52.0038 7800 TsUsbGD - ok
    22:30:52.0069 7800 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    22:30:52.0069 7800 tunnel - ok
    22:30:52.0100 7800 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    22:30:52.0100 7800 TVALZ - ok
    22:30:52.0132 7800 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
    22:30:52.0132 7800 TVALZFL - ok
    22:30:52.0147 7800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    22:30:52.0147 7800 uagp35 - ok
    22:30:52.0194 7800 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    22:30:52.0210 7800 udfs - ok
    22:30:52.0241 7800 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    22:30:52.0241 7800 UI0Detect - ok
    22:30:52.0272 7800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    22:30:52.0272 7800 uliagpkx - ok
    22:30:52.0319 7800 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    22:30:52.0319 7800 umbus - ok
    22:30:52.0350 7800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
    22:30:52.0350 7800 UmPass - ok
    22:30:52.0553 7800 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:30:52.0584 7800 UNS - ok
    22:30:52.0693 7800 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    22:30:52.0693 7800 upnphost - ok
    22:30:52.0771 7800 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
    22:30:52.0787 7800 usbaudio - ok
    22:30:52.0818 7800 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
    22:30:52.0818 7800 usbccgp - ok
    22:30:52.0834 7800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    22:30:52.0834 7800 usbcir - ok
    22:30:52.0849 7800 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
    22:30:52.0849 7800 usbehci - ok
    22:30:52.0880 7800 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
    22:30:52.0880 7800 usbhub - ok
    22:30:52.0896 7800 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
    22:30:52.0896 7800 usbohci - ok
    22:30:52.0912 7800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    22:30:52.0912 7800 usbprint - ok
    22:30:52.0943 7800 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    22:30:52.0943 7800 USBSTOR - ok
    22:30:52.0958 7800 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    22:30:52.0958 7800 usbuhci - ok
    22:30:53.0021 7800 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    22:30:53.0021 7800 usbvideo - ok
    22:30:53.0052 7800 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    22:30:53.0052 7800 UxSms - ok
    22:30:53.0068 7800 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:30:53.0068 7800 VaultSvc - ok
    22:30:53.0099 7800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    22:30:53.0099 7800 vdrvroot - ok
    22:30:53.0130 7800 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    22:30:53.0130 7800 vds - ok
    22:30:53.0161 7800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    22:30:53.0161 7800 vga - ok
    22:30:53.0177 7800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    22:30:53.0177 7800 VgaSave - ok
    22:30:53.0192 7800 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    22:30:53.0192 7800 vhdmp - ok
    22:30:53.0208 7800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    22:30:53.0208 7800 viaide - ok
    22:30:53.0224 7800 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    22:30:53.0224 7800 volmgr - ok
    22:30:53.0239 7800 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    22:30:53.0255 7800 volmgrx - ok
    22:30:53.0286 7800 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
    22:30:53.0286 7800 volsnap - ok
    22:30:53.0317 7800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    22:30:53.0333 7800 vsmraid - ok
    22:30:53.0411 7800 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    22:30:53.0426 7800 VSS - ok
    22:30:53.0536 7800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    22:30:53.0536 7800 vwifibus - ok
    22:30:53.0567 7800 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    22:30:53.0567 7800 vwififlt - ok
    22:30:53.0598 7800 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
    22:30:53.0598 7800 vwifimp - ok
    22:30:53.0645 7800 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    22:30:53.0645 7800 W32Time - ok
    22:30:53.0676 7800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    22:30:53.0676 7800 WacomPen - ok
    22:30:53.0707 7800 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    22:30:53.0707 7800 WANARP - ok
    22:30:53.0723 7800 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    22:30:53.0723 7800 Wanarpv6 - ok
    22:30:53.0863 7800 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    22:30:53.0894 7800 WatAdminSvc - ok
    22:30:53.0972 7800 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    22:30:54.0004 7800 wbengine - ok
    22:30:54.0160 7800 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    22:30:54.0160 7800 WbioSrvc - ok
    22:30:54.0191 7800 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    22:30:54.0191 7800 wcncsvc - ok
    22:30:54.0206 7800 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    22:30:54.0222 7800 WcsPlugInService - ok
    22:30:54.0253 7800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    22:30:54.0253 7800 Wd - ok
    22:30:54.0300 7800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    22:30:54.0316 7800 Wdf01000 - ok
    22:30:54.0347 7800 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    22:30:54.0347 7800 WdiServiceHost - ok
    22:30:54.0347 7800 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    22:30:54.0362 7800 WdiSystemHost - ok
    22:30:54.0394 7800 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    22:30:54.0409 7800 WebClient - ok
    22:30:54.0425 7800 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    22:30:54.0425 7800 Wecsvc - ok
    22:30:54.0440 7800 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    22:30:54.0456 7800 wercplsupport - ok
    22:30:54.0456 7800 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    22:30:54.0456 7800 WerSvc - ok
    22:30:54.0518 7800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    22:30:54.0518 7800 WfpLwf - ok
    22:30:54.0534 7800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    22:30:54.0550 7800 WIMMount - ok
    22:30:54.0596 7800 WinDefend - ok
    22:30:54.0596 7800 WinHttpAutoProxySvc - ok
    22:30:54.0674 7800 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    22:30:54.0674 7800 Winmgmt - ok
    22:30:54.0768 7800 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    22:30:54.0799 7800 WinRM - ok
    22:30:54.0955 7800 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
    22:30:54.0955 7800 WinUsb - ok
    22:30:55.0049 7800 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    22:30:55.0049 7800 Wlansvc - ok
    22:30:55.0142 7800 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:30:55.0158 7800 wlcrasvc - ok
    22:30:55.0298 7800 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:30:55.0314 7800 wlidsvc - ok
    22:30:55.0423 7800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
    22:30:55.0439 7800 WmiAcpi - ok
    22:30:55.0501 7800 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    22:30:55.0501 7800 wmiApSrv - ok
    22:30:55.0595 7800 WMPNetworkSvc - ok
    22:30:55.0626 7800 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    22:30:55.0626 7800 WPCSvc - ok
    22:30:55.0657 7800 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    22:30:55.0657 7800 WPDBusEnum - ok
    22:30:55.0688 7800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    22:30:55.0688 7800 ws2ifsl - ok
    22:30:55.0704 7800 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
    22:30:55.0704 7800 wscsvc - ok
    22:30:55.0704 7800 WSearch - ok
    22:30:55.0829 7800 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
    22:30:55.0860 7800 wuauserv - ok
    22:30:55.0954 7800 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    22:30:55.0969 7800 WudfPf - ok
    22:30:55.0985 7800 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    22:30:56.0000 7800 WUDFRd - ok
    22:30:56.0016 7800 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    22:30:56.0016 7800 wudfsvc - ok
    22:30:56.0047 7800 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    22:30:56.0047 7800 WwanSvc - ok
    22:30:56.0078 7800 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    22:30:56.0141 7800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    22:30:56.0141 7800 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    22:30:56.0156 7800 Boot (0x1200) (4eb1e2b90bed742042faa8a67b61b3ec) \Device\Harddisk0\DR0\Partition0
    22:30:56.0156 7800 \Device\Harddisk0\DR0\Partition0 - ok
    22:30:56.0156 7800 ============================================================
    22:30:56.0156 7800 Scan finished
    22:30:56.0156 7800 ============================================================
    22:30:56.0172 1204 Detected object count: 1
    22:30:56.0172 1204 Actual detected object count: 1
    22:31:21.0319 1204 \Device\Harddisk0\DR0\# - copied to quarantine
    22:31:21.0319 1204 \Device\Harddisk0\DR0 - copied to quarantine
    22:31:21.0350 1204 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    22:31:21.0366 1204 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    22:31:21.0366 1204 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    22:31:21.0397 1204 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    22:31:21.0397 1204 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    22:31:21.0397 1204 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    22:31:21.0444 1204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    22:31:21.0444 1204 \Device\Harddisk0\DR0 - ok
    22:31:21.0662 1204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    22:32:24.0577 2968 Deinitialize success
     
  11. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Good :)

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
     
  12. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    rougekiller asked if I wanted to delete when I closed program after scan, I clicked no, should I of let it delete?
     
  13. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: TLC [Admin rights]
    Mode: Scan -- Date: 07/18/2012 14:32:28
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 6 ¤¤¤
    [SUSP PATH] Best Buy pc app.lnk Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [SUSP PATH] Best Buy pc app.lnk Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [SUSP PATH] Best Buy pc app.lnk @Guest : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [SUSP PATH] Best Buy pc app.lnk @Mcx1-TLC-PC : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
    --- User ---
    [MBR] 442aaa6927b31297461e6f5031d50495
    [BSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594921 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221472256 | Size: 14058 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  14. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Do nothing else than indicated in my instructions.
     
  15. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    understood.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-18 14:34:58
    -----------------------------
    14:34:58.878 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:34:58.878 Number of processors: 4 586 0x2A07
    14:34:58.878 ComputerName: TLC-PC UserName: TLC
    14:35:00.328 Initialize success
    14:42:07.629 AVAST engine defs: 12071800
    14:42:15.227 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:42:15.227 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
    14:42:15.242 Disk 0 MBR read successfully
    14:42:15.273 Disk 0 MBR scan
    14:42:15.273 Disk 0 Windows VISTA default MBR code
    14:42:15.305 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    14:42:15.320 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594921 MB offset 3074048
    14:42:15.351 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 1221472256
    14:42:15.398 Disk 0 scanning C:\windows\system32\drivers
    14:42:24.805 Service scanning
    14:42:58.283 Modules scanning
    14:42:58.283 Disk 0 trace - called modules:
    14:42:58.314 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    14:42:58.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006924790]
    14:42:58.329 3 CLASSPNP.SYS[fffff88001dce43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004abd050]
    14:42:59.421 AVAST engine scan C:\windows
    14:43:01.340 AVAST engine scan C:\windows\system32
    14:45:46.470 AVAST engine scan C:\windows\system32\drivers
    14:46:06.040 AVAST engine scan C:\Users\TLC
    15:01:32.450 AVAST engine scan C:\ProgramData
    15:12:15.630 Scan finished successfully
    15:15:22.471 Disk 0 MBR has been saved successfully to "C:\Users\TLC\Desktop\MBR.dat"
    15:15:22.471 The log file has been saved successfully to "C:\Users\TLC\Desktop\aswMBR.txt"
     
  16. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    well combofix does run.
    but should it take two hours? its seems stuck at completed stage 4, I was waiting for about two hours and I closed it to ask.
     
  18. Broni

    Broni Malware Annihilator Posts: 48,033   +271

     
  19. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    sorry, I didnt try safe mode but I did try rkill, will try safe mode now.
     
  20. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    well now I get
    Error saving file
    HIV - Backup
    continue with next file?
    (RegCreateKeyEx: 5 Access Denied)
    If I click yes it will give error for multiple HIV-Backup files.
    If I click no it continues the start up but does not go to blue screen where it scans.
     
  21. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    I get these errors when trying safe mode approach
     
  22. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  23. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 18-07-2012 18:10:04
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167256 2011-04-07] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391000 2011-04-07] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [418136 2011-04-07] (Intel Corporation)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1520552 2011-03-02] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
    HKU\Mcx1-TLC-PC\...\Winlogon: [Shell] C:\windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Guest\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Mcx1-TLC-PC\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    ==================== Services (Whitelisted) ======
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 mi-raysat_3dsmax2013_64; "C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe" [86016 2011-09-14] ()
    2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
    ========================== Drivers (Whitelisted) =============
    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-31] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-05-31] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120715.001\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)
    3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120716.018\ENG64.SYS [120440 2012-07-03] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120716.018\EX64.SYS [2068600 2012-07-03] (Symantec Corporation)
    3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA)
    3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-02-09] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
    3 BFE; . [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-07-18 18:10 - 2012-07-18 18:10 - 00000000 ____D C:\FRST
    2012-07-18 16:52 - 2012-07-18 16:52 - 00000000 ____D C:\ComboFix
    2012-07-18 14:29 - 2012-07-18 14:29 - 00000000 ____D C:\Qoobox
    2012-07-18 14:29 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-07-18 14:29 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-07-18 14:29 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-07-18 14:29 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-07-18 14:29 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-07-18 14:29 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-07-18 14:29 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-07-18 14:29 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-07-18 14:28 - 2012-07-18 16:52 - 00000000 ___SD C:\32788R22FWJFW
    2012-07-18 14:28 - 2012-07-18 16:52 - 00000000 ____D C:\Windows\erdnt
    2012-07-18 14:25 - 2012-07-18 14:25 - 01012656 ____A C:\Users\TLC\Desktop\rkill.com
    2012-07-18 14:24 - 2012-07-18 14:24 - 04582182 ____R (Swearware) C:\Users\TLC\Desktop\ComboFix.exe
    2012-07-18 14:15 - 2012-07-18 14:15 - 00001906 ____A C:\Users\TLC\Desktop\aswMBR.txt
    2012-07-18 14:15 - 2012-07-18 14:15 - 00000512 ____A C:\Users\TLC\Desktop\MBR.dat
    2012-07-18 13:32 - 2012-07-18 13:32 - 00001703 ____A C:\Users\TLC\Desktop\RKreport[1].txt
    2012-07-18 13:32 - 2012-07-18 13:32 - 00000000 ____D C:\Users\TLC\Desktop\RK_Quarantine
    2012-07-18 13:30 - 2012-07-18 13:30 - 04731392 ____A (AVAST Software) C:\Users\TLC\Desktop\aswMBR.exe
    2012-07-18 13:28 - 2012-07-18 13:29 - 01552384 ____A C:\Users\TLC\Desktop\RogueKiller.exe
    2012-07-17 21:31 - 2012-07-17 21:31 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-17 21:28 - 2012-07-16 21:11 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\TLC\Desktop\TDSSKiller.exe
    2012-07-17 02:38 - 2012-07-17 02:38 - 00262144 ____A C:\Windows\Minidump\071712-42026-01.dmp
    2012-07-17 02:15 - 2012-07-17 02:15 - 00537166 ____A C:\Users\TLC\Downloads\Autoruns.zip
    2012-07-17 01:41 - 2012-07-17 01:41 - 00000000 ____A C:\Windows\SysWOW64\shoBF7B.tmp
    2012-07-16 22:54 - 2012-07-16 22:54 - 00027626 ____A C:\Users\TLC\Desktop\DDS.txt
    2012-07-16 22:52 - 2012-07-16 22:52 - 00013696 ____A C:\Users\TLC\Desktop\Attach.txt
    2012-07-16 20:28 - 2012-07-16 20:28 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-07-16 20:24 - 2012-07-03 02:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-16 20:03 - 2012-07-16 20:01 - 00335992 ___RA C:\Users\TLC\Desktop\Dial-a-fix-v0.60.0.24.zip
    2012-07-16 19:48 - 2012-07-16 19:48 - 00002965 ____A C:\Users\TLC\Desktop\HiJackThis.lnk
    2012-07-16 19:48 - 2012-07-16 19:48 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2012-07-16 19:45 - 2012-07-16 19:45 - 01402880 ____A C:\Users\TLC\Downloads\HiJackThis.msi
    2012-07-16 16:17 - 2012-07-16 16:17 - 00607260 ____R (Swearware) C:\Users\TLC\Desktop\dds.scr
    2012-07-16 16:09 - 2012-07-16 16:09 - 00302592 ____A C:\Users\TLC\Desktop\bivn8klx.exe
    2012-07-16 10:05 - 2012-07-16 10:05 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-16 09:52 - 2012-07-16 09:52 - 00000000 ____D C:\Users\TLC\AppData\Roaming\Malwarebytes
    2012-07-16 09:50 - 2012-07-16 10:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-16 09:50 - 2012-07-16 09:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-16 09:50 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-14 02:43 - 2012-07-03 02:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-07-14 00:09 - 2012-07-14 00:09 - 00000000 ____A C:\install.rdf
    2012-07-13 23:57 - 2012-07-13 23:57 - 00262144 ____A C:\Windows\Minidump\071412-30139-01.dmp
    2012-07-13 22:36 - 2012-07-13 22:36 - 00266288 ____A C:\Windows\Minidump\071312-31200-01.dmp
    2012-07-13 16:43 - 2012-07-13 16:43 - 01221526 ____A C:\Users\TLC\Downloads\POPPeeper-Install.exe
    2012-07-11 06:43 - 2012-07-11 06:43 - 00000000 ____D C:\Windows\Sun
    2012-07-11 02:07 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 02:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 02:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 02:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 02:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 02:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 02:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 02:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 02:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 02:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 02:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 02:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 02:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 02:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 02:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 02:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-11 02:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-11 02:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-11 02:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-11 02:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-11 02:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-11 02:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-11 02:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-11 02:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-11 02:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-11 02:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-11 02:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-11 02:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-11 02:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-11 01:00 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 01:00 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 01:00 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 01:00 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 01:00 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 01:00 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 01:00 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 01:00 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-11 00:59 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 00:59 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 00:59 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 00:59 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 00:59 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 00:59 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 00:59 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 00:59 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 00:59 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 00:59 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 00:59 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-01 15:39 - 2009-07-13 20:55 - 00001230 ____A C:\Users\TLC\Desktop\Calculator.lnk
    2012-07-01 13:30 - 2012-07-01 13:30 - 00000000 ____D C:\Users\TLC\AppData\LocalGoogle
    2012-06-29 10:58 - 2012-06-29 10:58 - 00262144 ____A C:\Windows\Minidump\062912-18486-01.dmp
    2012-06-28 18:09 - 2012-06-28 18:09 - 00262144 ____A C:\Windows\Minidump\062812-20966-01.dmp
    2012-06-28 17:37 - 2012-07-13 22:39 - 00000000 ____D C:\Users\TLC\AppData\Roaming\Auslogics
    2012-06-28 17:32 - 2012-06-28 17:32 - 00001246 ____A C:\Users\TLC\Desktop\Auslogics BoostSpeed.lnk
    2012-06-28 17:32 - 2012-06-28 17:32 - 00000000 ____D C:\Program Files (x86)\Auslogics
    2012-06-28 17:00 - 2012-06-28 17:00 - 00262144 ____A C:\Windows\Minidump\062812-19390-01.dmp
    2012-06-28 16:57 - 2012-06-28 16:57 - 00262144 ____A C:\Windows\Minidump\062812-26832-01.dmp
    2012-06-28 16:46 - 2012-06-28 16:46 - 00262144 ____A C:\Windows\Minidump\062812-30217-01.dmp
    2012-06-28 16:44 - 2012-06-28 18:08 - 00000000 ____D C:\Users\All Users\FLEXnet
    2012-06-28 16:44 - 2012-06-28 16:44 - 00000000 ____D C:\Users\TLC\AppData\Local\Autodesk
    2012-06-28 16:38 - 2012-06-28 16:38 - 00000000 ____D C:\Users\TLC\Documents\Inventor Server x64 3dsMaxDesign
    2012-06-28 16:37 - 2012-06-28 16:37 - 00000000 ____D C:\Users\TLC\Documents\Inventor Server x64 Direct Connect
    2012-06-28 16:35 - 2012-06-28 16:35 - 00000000 ____D C:\Program Files (x86)\Autodesk
    2012-06-28 16:32 - 2012-06-28 16:32 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
    2012-06-28 16:31 - 2012-06-28 16:31 - 00002026 ____A C:\Users\Public\Desktop\Autodesk 3ds Max Design 2013 64-bit.lnk
    2012-06-28 16:21 - 2012-06-28 16:21 - 00000000 ____D C:\Users\TLC\Documents\3dsMaxDesign
    2012-06-28 16:18 - 2012-06-28 16:39 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
    2012-06-28 16:18 - 2012-06-28 16:32 - 00000000 ____D C:\Program Files\Autodesk
    2012-06-28 16:11 - 2010-06-02 03:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2012-06-28 16:11 - 2010-06-02 03:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2012-06-28 16:11 - 2010-06-02 03:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2012-06-28 16:11 - 2010-06-02 03:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2012-06-28 16:11 - 2010-06-02 03:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2012-06-28 16:11 - 2010-06-02 03:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
    2012-06-28 16:11 - 2010-05-26 10:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2012-06-28 16:11 - 2010-02-04 09:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
    2012-06-28 16:11 - 2010-02-04 09:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2012-06-28 16:11 - 2010-02-04 09:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2012-06-28 16:11 - 2010-02-04 09:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
    2012-06-28 16:11 - 2010-02-04 09:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
    2012-06-28 16:11 - 2010-02-04 09:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2012-06-28 16:11 - 2010-02-04 09:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
    2012-06-28 16:11 - 2010-02-04 09:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2012-06-28 16:11 - 2009-09-04 16:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2012-06-28 16:11 - 2009-09-04 16:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2012-06-28 16:11 - 2009-09-04 16:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2012-06-28 16:11 - 2009-09-04 16:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2012-06-28 16:11 - 2009-09-04 16:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2012-06-28 16:11 - 2009-09-04 16:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2012-06-28 16:11 - 2009-09-04 16:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2012-06-28 16:11 - 2009-09-04 16:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2012-06-28 16:11 - 2009-09-04 16:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2012-06-28 16:11 - 2009-09-04 16:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2012-06-28 16:11 - 2009-09-04 16:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2012-06-28 16:11 - 2009-09-04 16:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2012-06-28 16:11 - 2009-03-16 13:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2012-06-28 16:11 - 2009-03-16 13:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2012-06-28 16:11 - 2009-03-16 13:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2012-06-28 16:11 - 2009-03-16 13:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2012-06-28 16:11 - 2009-03-16 13:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2012-06-28 16:11 - 2009-03-16 13:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2012-06-28 16:11 - 2009-03-09 14:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
    2012-06-28 16:11 - 2009-03-09 14:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2012-06-28 16:11 - 2009-03-09 14:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2012-06-28 16:11 - 2009-03-09 14:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2012-06-28 16:11 - 2008-10-27 09:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2012-06-28 16:11 - 2008-10-27 09:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2012-06-28 16:11 - 2008-10-27 09:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2012-06-28 16:11 - 2008-10-27 09:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2012-06-28 16:11 - 2008-10-27 09:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2012-06-28 16:11 - 2008-10-27 09:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2012-06-28 16:11 - 2008-10-27 09:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2012-06-28 16:11 - 2008-10-27 09:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2012-06-28 16:11 - 2008-10-15 05:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2012-06-28 16:11 - 2008-10-15 05:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2012-06-28 16:11 - 2008-10-15 05:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2012-06-28 16:11 - 2008-10-15 05:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2012-06-28 16:11 - 2008-10-15 05:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
    2012-06-28 16:11 - 2008-10-15 05:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2012-06-28 16:11 - 2008-07-31 09:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2012-06-28 16:11 - 2008-07-31 09:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2012-06-28 16:11 - 2008-07-31 09:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2012-06-28 16:11 - 2008-07-31 09:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2012-06-28 16:11 - 2008-07-31 09:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2012-06-28 16:11 - 2008-07-31 09:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2012-06-28 16:11 - 2008-07-10 10:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2012-06-28 16:11 - 2008-07-10 10:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
    2012-06-28 16:11 - 2008-07-10 10:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2012-06-28 16:11 - 2008-07-10 10:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
    2012-06-28 16:11 - 2008-07-10 10:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2012-06-28 16:11 - 2008-07-10 10:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
    2012-06-28 16:10 - 2008-05-30 13:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2012-06-28 16:10 - 2008-05-30 13:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2012-06-28 16:10 - 2008-05-30 13:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2012-06-28 16:10 - 2008-05-30 13:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2012-06-28 16:10 - 2008-05-30 13:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2012-06-28 16:10 - 2008-05-30 13:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2012-06-28 16:10 - 2008-05-30 13:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2012-06-28 16:10 - 2008-05-30 13:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2012-06-28 16:10 - 2008-05-30 13:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2012-06-28 16:10 - 2008-05-30 13:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2012-06-28 16:10 - 2008-05-30 13:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2012-06-28 16:10 - 2008-05-30 13:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2012-06-28 16:10 - 2008-05-30 13:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2012-06-28 16:10 - 2008-05-30 13:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2012-06-28 16:10 - 2008-03-05 15:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2012-06-28 16:10 - 2008-03-05 15:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2012-06-28 16:10 - 2008-03-05 15:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2012-06-28 16:10 - 2008-03-05 15:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2012-06-28 16:10 - 2008-03-05 15:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2012-06-28 16:10 - 2008-03-05 15:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2012-06-28 16:10 - 2008-03-05 14:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2012-06-28 16:10 - 2008-03-05 14:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2012-06-28 16:10 - 2008-03-05 14:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2012-06-28 16:10 - 2008-03-05 14:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2012-06-28 16:10 - 2008-02-05 22:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2012-06-28 16:10 - 2008-02-05 22:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2012-06-28 11:58 - 2012-06-28 16:44 - 00000000 ____D C:\Users\TLC\AppData\Roaming\Autodesk
    2012-06-28 11:58 - 2012-06-28 16:44 - 00000000 ____D C:\Users\All Users\Autodesk
    2012-06-28 11:56 - 2012-06-28 16:55 - 00000000 ____D C:\Users\TLC\Desktop\maxdesign install
    2012-06-28 00:40 - 2012-07-17 02:38 - 554360400 ____A C:\Windows\MEMORY.DMP
    2012-06-28 00:40 - 2012-07-17 02:38 - 00000000 ____D C:\Windows\Minidump
    2012-06-28 00:40 - 2012-06-28 00:40 - 00266288 ____A C:\Windows\Minidump\062812-27612-01.dmp
    2012-06-25 21:10 - 2012-06-25 21:10 - 00007597 ____A C:\Users\TLC\AppData\Local\Resmon.ResmonCfg
    2012-06-24 11:23 - 2012-06-24 11:23 - 00000000 ____D C:\Users\TLC\AppData\Local\Macromedia
    2012-06-19 02:05 - 2012-06-19 02:05 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2012-06-19 02:05 - 2012-06-19 02:05 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2012-06-19 00:12 - 2012-06-22 09:03 - 00000000 ____D C:\Users\All Users\VirtualizedApplications
    2012-06-18 22:08 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-18 22:08 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-18 22:08 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-18 22:08 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-18 22:07 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-18 22:07 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-18 22:07 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-18 22:07 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-18 22:07 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-18 20:39 - 2012-06-18 20:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2012-06-18 20:38 - 2012-06-18 20:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
    2012-06-18 20:35 - 2012-06-18 20:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-06-18 20:34 - 2012-07-11 02:06 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-18 20:34 - 2012-06-18 20:34 - 00000000 ____D C:\Users\TLC\AppData\Local\Microsoft Help
    2012-06-18 20:34 - 2012-06-18 20:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
    2012-06-18 20:33 - 2012-06-18 20:33 - 00000000 __RHD C:\MSOCache
    2012-06-18 20:25 - 2012-06-18 20:25 - 00000000 ____D C:\Users\TLC\AppData\Roaming\SoftGrid Client
    2012-06-18 20:25 - 2012-06-18 20:25 - 00000000 ____D C:\Users\TLC\AppData\Local\SoftGrid Client
    2012-06-18 20:24 - 2012-06-29 11:30 - 00791744 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-18 20:24 - 2012-06-19 02:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
    2012-06-18 20:24 - 2012-06-18 20:25 - 00000000 ____D C:\Users\TLC\AppData\Roaming\TP
    2012-06-18 20:24 - 2012-06-18 20:24 - 00000000 ____D C:\Program Files\Microsoft Office
     
  24. ClineStine

    ClineStine TS Rookie Topic Starter Posts: 50

    ============ 3 Months Modified Files ========================
    2012-07-18 17:07 - 2011-07-13 04:16 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-18 17:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-18 17:06 - 2009-07-13 20:51 - 00087496 ____A C:\Windows\setupact.log
    2012-07-18 17:02 - 2011-07-13 03:44 - 01909704 ____A C:\Windows\WindowsUpdate.log
    2012-07-18 17:01 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 17:01 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 16:58 - 2009-07-13 21:13 - 00797528 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-18 16:19 - 2012-06-11 20:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-18 16:14 - 2010-11-20 19:47 - 00292042 ____A C:\Windows\PFRO.log
    2012-07-18 16:05 - 2011-07-13 04:16 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-18 14:25 - 2012-07-18 14:25 - 01012656 ____A C:\Users\TLC\Desktop\rkill.com
    2012-07-18 14:24 - 2012-07-18 14:24 - 04582182 ____R (Swearware) C:\Users\TLC\Desktop\ComboFix.exe
    2012-07-18 14:15 - 2012-07-18 14:15 - 00001906 ____A C:\Users\TLC\Desktop\aswMBR.txt
    2012-07-18 14:15 - 2012-07-18 14:15 - 00000512 ____A C:\Users\TLC\Desktop\MBR.dat
    2012-07-18 13:32 - 2012-07-18 13:32 - 00001703 ____A C:\Users\TLC\Desktop\RKreport[1].txt
    2012-07-18 13:30 - 2012-07-18 13:30 - 04731392 ____A (AVAST Software) C:\Users\TLC\Desktop\aswMBR.exe
    2012-07-18 13:29 - 2012-07-18 13:28 - 01552384 ____A C:\Users\TLC\Desktop\RogueKiller.exe
    2012-07-17 02:38 - 2012-07-17 02:38 - 00262144 ____A C:\Windows\Minidump\071712-42026-01.dmp
    2012-07-17 02:38 - 2012-06-28 00:40 - 554360400 ____A C:\Windows\MEMORY.DMP
    2012-07-17 02:15 - 2012-07-17 02:15 - 00537166 ____A C:\Users\TLC\Downloads\Autoruns.zip
    2012-07-17 01:41 - 2012-07-17 01:41 - 00000000 ____A C:\Windows\SysWOW64\shoBF7B.tmp
    2012-07-16 22:54 - 2012-07-16 22:54 - 00027626 ____A C:\Users\TLC\Desktop\DDS.txt
    2012-07-16 22:52 - 2012-07-16 22:52 - 00013696 ____A C:\Users\TLC\Desktop\Attach.txt
    2012-07-16 21:11 - 2012-07-17 21:28 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\TLC\Desktop\TDSSKiller.exe
    2012-07-16 20:28 - 2012-07-16 20:28 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-07-16 20:01 - 2012-07-16 20:03 - 00335992 ___RA C:\Users\TLC\Desktop\Dial-a-fix-v0.60.0.24.zip
    2012-07-16 19:48 - 2012-07-16 19:48 - 00002965 ____A C:\Users\TLC\Desktop\HiJackThis.lnk
    2012-07-16 19:45 - 2012-07-16 19:45 - 01402880 ____A C:\Users\TLC\Downloads\HiJackThis.msi
    2012-07-16 16:17 - 2012-07-16 16:17 - 00607260 ____R (Swearware) C:\Users\TLC\Desktop\dds.scr
    2012-07-16 16:09 - 2012-07-16 16:09 - 00302592 ____A C:\Users\TLC\Desktop\bivn8klx.exe
    2012-07-16 10:05 - 2012-07-16 10:05 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-14 00:09 - 2012-07-14 00:09 - 00000000 ____A C:\install.rdf
    2012-07-13 23:57 - 2012-07-13 23:57 - 00262144 ____A C:\Windows\Minidump\071412-30139-01.dmp
    2012-07-13 22:36 - 2012-07-13 22:36 - 00266288 ____A C:\Windows\Minidump\071312-31200-01.dmp
    2012-07-13 16:43 - 2012-07-13 16:43 - 01221526 ____A C:\Users\TLC\Downloads\POPPeeper-Install.exe
    2012-07-11 19:20 - 2012-06-11 20:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-11 19:20 - 2012-01-04 08:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 06:29 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-03 12:46 - 2012-07-16 09:50 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 02:19 - 2012-07-16 20:24 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-03 02:13 - 2012-07-14 02:43 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-29 11:30 - 2012-06-18 20:24 - 00791744 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-29 10:58 - 2012-06-29 10:58 - 00262144 ____A C:\Windows\Minidump\062912-18486-01.dmp
    2012-06-28 18:10 - 2012-04-12 21:42 - 00092672 __ASH C:\Users\TLC\Desktop\Thumbs.db
    2012-06-28 18:09 - 2012-06-28 18:09 - 00262144 ____A C:\Windows\Minidump\062812-20966-01.dmp
    2012-06-28 17:32 - 2012-06-28 17:32 - 00001246 ____A C:\Users\TLC\Desktop\Auslogics BoostSpeed.lnk
    2012-06-28 17:00 - 2012-06-28 17:00 - 00262144 ____A C:\Windows\Minidump\062812-19390-01.dmp
    2012-06-28 16:57 - 2012-06-28 16:57 - 00262144 ____A C:\Windows\Minidump\062812-26832-01.dmp
    2012-06-28 16:46 - 2012-06-28 16:46 - 00262144 ____A C:\Windows\Minidump\062812-30217-01.dmp
    2012-06-28 16:31 - 2012-06-28 16:31 - 00002026 ____A C:\Users\Public\Desktop\Autodesk 3ds Max Design 2013 64-bit.lnk
    2012-06-28 16:17 - 2009-07-13 18:34 - 00017589 ____A C:\Windows\System32\Drivers\etc\services
    2012-06-28 16:10 - 2011-03-23 18:31 - 00219883 ____A C:\Windows\DirectX.log
    2012-06-28 00:40 - 2012-06-28 00:40 - 00266288 ____A C:\Windows\Minidump\062812-27612-01.dmp
    2012-06-25 21:10 - 2012-06-25 21:10 - 00007597 ____A C:\Users\TLC\AppData\Local\Resmon.ResmonCfg
    2012-06-19 02:13 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-06-18 22:03 - 2011-12-25 10:08 - 00108840 ____A C:\Users\TLC\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-13 12:02 - 2012-06-13 12:02 - 00001073 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-06-13 12:00 - 2012-06-13 11:39 - 22259528 ____A C:\Users\TLC\Downloads\vlc-2.0.1-win32.exe
    2012-06-13 10:02 - 2012-06-13 10:02 - 00001806 ____A C:\Users\TLC\Desktop\MagicISO.lnk
    2012-06-13 10:02 - 2012-06-13 10:02 - 00001806 ____A C:\Users\Mcx1-TLC-PC\Desktop\MagicISO.lnk
    2012-06-13 10:02 - 2012-06-13 10:02 - 00001806 ____A C:\Users\Guest\Desktop\MagicISO.lnk
    2012-06-13 10:01 - 2012-06-13 09:58 - 00001028 ____A C:\Users\TLC\Desktop\BitZipper.lnk
    2012-06-11 19:08 - 2012-07-11 02:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-11 01:00 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-11 01:00 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-11 01:00 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-11 01:00 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-11 00:59 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-11 01:00 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 01:00 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 00:59 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-18 22:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 22:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 22:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 22:07 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 22:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-18 22:07 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 22:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 22:07 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-18 22:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-11 02:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-11 02:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-11 02:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-11 02:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-11 02:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-11 02:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-11 02:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-11 02:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-11 02:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-11 02:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-11 02:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-11 02:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-11 02:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-11 02:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-11 02:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 02:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 02:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 02:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 02:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-11 02:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-11 02:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-11 02:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 02:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 02:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 02:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-11 02:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 02:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 02:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-11 00:59 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-11 00:59 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-11 00:59 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-11 00:59 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-11 00:59 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-11 00:59 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-11 00:59 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-11 00:59 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-11 00:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-31 16:12 - 2012-05-31 16:12 - 00003040 ____A C:\{D4BCFA12-3B2D-42E6-BB2C-2F4198B9B0CF}
    2012-05-31 11:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 22:21 - 2012-05-29 22:21 - 03930504 ____A (http://yourfiledownloader.com) C:\Users\TLC\Downloads\PhotoStage_Slideshow_Pro.rar_downloader_224a.exe
    2012-05-29 22:17 - 2012-05-29 22:17 - 05282968 ____A (http://www.express-files.com/) C:\Users\TLC\Downloads\NCH.PhotoStage.Slideshow.Producer.Pro.v2.13-LAXiTY_downloader_205b.exe
    2012-05-28 05:54 - 2012-05-28 05:54 - 00001936 ____A C:\Users\TLC\Desktop\RosettaStoneVersion3 - Shortcut.lnk
    2012-05-22 13:44 - 2012-05-22 13:38 - 00001204 ____A C:\1.txt
    2012-05-22 13:40 - 2012-05-22 13:40 - 01056016 ____A C:\Users\TLC\Downloads\Adema_Discography_[4_Albums].rar_downloader.exe
    2012-05-22 13:08 - 2012-05-22 13:07 - 00019041 ____A C:\Users\TLC\Downloads\[kat.ph]adema.unstable.readyman2009.re.seed.torrent
    2012-05-22 01:34 - 2012-05-22 01:34 - 00228520 ____A C:\Users\TLC\Downloads\Adema_Discography.exe
    2012-05-22 01:22 - 2012-02-19 15:41 - 00001328 ____A C:\user.js
    2012-05-15 23:09 - 2012-05-15 23:09 - 00001855 ____A C:\Users\Public\Desktop\Vuze.lnk
    2012-05-06 12:26 - 2012-05-06 12:26 - 00226168 ____A C:\Users\TLC\Downloads\Fuel_-_Something_Like_Human.exe
    2012-05-01 17:12 - 2012-05-01 17:13 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-01 17:12 - 2012-05-01 17:13 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-01 17:12 - 2012-05-01 17:13 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-01 17:12 - 2011-03-23 18:26 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-01 17:08 - 2012-05-01 17:08 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\TLC\Downloads\jxpiinstall.exe
    2012-04-30 21:40 - 2012-06-12 21:01 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:55 - 2012-06-12 20:56 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-12 21:08 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 21:08 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 21:08 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-12 21:22 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 21:22 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 21:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 21:22 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 21:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 21:22 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 14%
    Total physical RAM: 4043.86 MB
    Available physical RAM: 3463.34 MB
    Total Pagefile: 4042.06 MB
    Available Pagefile: 3448.93 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (TI106139W0E) (Fixed) (Total:580.98 GB) (Free:386.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: () (Removable) (Total:7.45 GB) (Free:5.64 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 7633 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 580 GB 1501 MB
    Partition 3 Primary 13 GB 582 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI106139W0E NTFS Partition 580 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 7633 MB 0 B
    ==================================================================================
    Disk: 1
    There is no partition selected.
    There is no partition selected.
    Please select a partition and try again.
    ==================================================================================
    ==========================================================
    Last Boot: 2012-07-18 11:17
    ======================= End Of Log ==========================
     
  25. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Looks fine.

    Update MBAM and post new log.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.