Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 x64 - Startup Repair - Will not start - Drivers


  • This topic is locked This topic is locked
12 replies to this topic

#1 Cerealtxtr

Cerealtxtr

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 23 June 2011 - 01:36 AM

Hello - Please Help! My computer will not start. It is locked in Startup Repair mode and cannot proceed. Facts so far:
1. Boots in Startup Repair if F8 is pressed and Driver Signing Disabled
2. Ran MalwareBytes which identified 5 suspect issues which were deleted
3. Still will not boot in Safe Mode or Any Other Mode but with Driver Signing Disabled
4. I ran Farbars recovery scan and have a log if that helps

It seems I may have the same/ similar issue to this previously discussed thread: http://www.bleepingcomputer.com/forums/topic405133.html

Please help, I am not sure what to do. Thank you!

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:59 AM

Posted 23 June 2011 - 05:18 AM

Hi,

Welcome here, I will be assisting you with the issue.

Please post the FRST log.

#3 Cerealtxtr

Cerealtxtr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 23 June 2011 - 06:35 AM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.1
Ran by SYSTEM at 2011-06-23 03:16:57
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: []
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [896032 2010-03-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2916584 2010-08-12] (ESET)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [38840 2009-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2009-12-21] (Adobe Systems Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\Cereal\...\Run: [AdobeBridge]
HKU\Cereal\...\Policies\system: [DisableLockWorkstation] 0
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,
HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46


==================== Services ====================

3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [202752 2010-03-15] (AMD)
3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2010-11-20] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [37664 2011-01-05] (Apple Inc.)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [345376 2010-10-07] (Apple Inc.)
3 Browser; C:\Windows\System32\browser.dll [136192 2010-11-20] (Microsoft Corporation)
3 bthserv; C:\Windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [177152 2010-11-20] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
2 EFS; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42360 2010-08-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810144 2010-08-12] (ESET)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [402944 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2010-10-15] (Macrovision Europe Ltd.)
2 FontCache; C:\Windows\System32\FntCache.dll [1139200 2011-02-19] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [238328 2009-12-03] (WildTangent, Inc.)
2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [355840 2009-11-18] (Marvell)
2 HPSIService; C:\windows\system32\HPSIsvc.exe [126520 2009-12-03] (HP)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856400 2010-11-04] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [853504 2010-11-20] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2010-11-20] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [933664 2011-01-25] (Apple Inc.)
3 KeyIso; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 KtmRm; C:\Windows\System32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)
2 MMCSS; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [128000 2010-11-20] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2010-11-20] (Microsoft Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s [103792 2010-01-28] (Symantec Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4925184 2010-01-09] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [404480 2010-11-20] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
2 Power; C:\Windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [209920 2010-11-20] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
3 SensrSvc; C:\Windows\System32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2010-11-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation)
3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation)
2 Themes; C:\Windows\System32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
2 Thpsrv; C:\windows\system32\ThpSrv.exe [531520 2009-10-21] (TOSHIBA Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
3 TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-06] (TOSHIBA Corporation)
2 TODDSrv; C:\Windows\system32\TODDSrv.exe [140632 2009-07-28] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [489312 2009-11-05] (TOSHIBA Corporation)
2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [258928 2010-04-06] (TOSHIBA Corporation)
3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [137560 2010-02-05] (TOSHIBA Corporation)
3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [835952 2010-02-23] (TOSHIBA Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
2 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
3 W32Time; C:\Windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2010-10-18] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1504256 2010-11-20] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WebClient; C:\Windows\System32\webclnt.dll [258560 2010-11-20] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation)
2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 2010-09-21] (Microsoft Corp.)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
2 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 2010-11-20] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [593408 2009-07-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [2420736 2010-11-20] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [78848 2010-11-20] (Microsoft Corporation)
3 WwanSvc; C:\Windows\System32\wwansvc.dll [229888 2009-07-13] (Microsoft Corporation)

==================== Drivers ====================

3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation)
3 adp94xx; C:\Windows\System32\DRIVERS\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
3 adpahci; C:\Windows\System32\DRIVERS\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
3 adpu320; C:\Windows\System32\DRIVERS\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
1 AFD; C:\Windows\System32\drivers\afd.sys [499200 2011-04-24] (Microsoft Corporation)
3 agp440; C:\Windows\System32\drivers\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
3 aliide; C:\Windows\System32\drivers\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
3 amdide; C:\Windows\System32\drivers\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6403072 2010-03-15] (ATI Technologies Inc.)
3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [188928 2010-03-15] (Advanced Micro Devices, Inc.)
3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
3 amdsata; C:\Windows\System32\drivers\amdsata.sys [107904 2011-03-10] (Advanced Micro Devices)
3 amdsbs; C:\Windows\System32\DRIVERS\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-10] (Advanced Micro Devices)
3 AppID; C:\Windows\System32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation)
3 arc; C:\Windows\System32\DRIVERS\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
3 arcsas; C:\Windows\System32\DRIVERS\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1550848 2009-11-06] (Atheros Communications, Inc.)
0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-05] (Advanced Micro Devices Inc.)
3 b06bdrv; C:\Windows\System32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\drivers\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
3 cmdide; C:\Windows\System32\drivers\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
0 CNG; C:\Windows\System32\Drivers\cng.sys [459248 2010-11-20] (Microsoft Corporation)
0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)
4 crcdisk; C:\Windows\System32\DRIVERS\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation)
1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982912 2010-11-20] (Microsoft Corporation)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [168544 2010-07-29] (ESET)
3 ebdrv; C:\Windows\System32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-07-29] (ESET)
3 elxstor; C:\Windows\System32\DRIVERS\elxstor.sys [530496 2009-07-13] (Emulex)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [126320 2010-07-29] (ESET)
3 ErrDev; C:\Windows\System32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-13] (Microsoft Corporation)
0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\DRIVERS\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] (GEAR Software Inc.)
3 hcw85cir; C:\Windows\System32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
3 HidBatt; C:\Windows\System32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation)
3 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
3 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [410496 2011-03-10] (Intel Corporation)
3 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2301344 2010-03-19] (Realtek Semiconductor Corp.)
3 intelide; C:\Windows\System32\drivers\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
3 isapnp; C:\Windows\System32\drivers\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [273792 2010-11-20] (Microsoft Corporation)
3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [144496 2009-09-23] (JMicron Technology Corporation)
3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95616 2010-11-20] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [152960 2010-11-20] (Microsoft Corporation)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [44912 2009-07-30] (COMPAL ELECTRONIC INC.)
3 LSI_FC; C:\Windows\System32\DRIVERS\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
3 LSI_SAS; C:\Windows\System32\DRIVERS\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
3 LSI_SAS2; C:\Windows\System32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
3 LSI_SCSI; C:\Windows\System32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
2 luafv; C:\Windows\System32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
3 megasas; C:\Windows\System32\DRIVERS\megasas.sys [35392 2009-07-13] (LSI Corporation)
3 MegaSR; C:\Windows\System32\DRIVERS\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Microsoft Corporation)
3 mpio; C:\Windows\System32\drivers\mpio.sys [155008 2010-11-20] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [140800 2010-11-20] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-26] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [289280 2011-04-26] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-26] (Microsoft Corporation)
0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
3 msdsm; C:\Windows\System32\drivers\msdsm.sys [140672 2010-11-20] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] (Microsoft Corporation)
1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
3 MTConfig; C:\Windows\System32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-20] (Microsoft Corporation)
3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation)
3 nfrd960; C:\Windows\System32\DRIVERS\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659776 2011-03-10] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
3 nvraid; C:\Windows\System32\drivers\nvraid.sys [148352 2011-03-10] (NVIDIA Corporation)
3 nvstor; C:\Windows\System32\drivers\nvstor.sys [166272 2011-03-10] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
3 ohci1394; C:\Windows\System32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75136 2010-11-20] (Microsoft Corporation)
0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
3 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation)
3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [35008 2009-06-22] (TOSHIBA Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
3 Processor; C:\Windows\System32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation)
1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation)
3 ql2300; C:\Windows\System32\DRIVERS\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
3 ql40xx; C:\Windows\System32\DRIVERS\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation)
3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2010-11-20] (Microsoft Corporation)
0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [213280 2009-12-02] (Realtek Semiconductor Corp.)
3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [325152 2010-01-12] (Realtek )
3 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)
3 sdbus; C:\Windows\System32\drivers\sdbus.sys [109056 2010-11-20] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation)
3 sermouse; C:\Windows\System32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
3 sffdisk; C:\Windows\System32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)
3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
3 SiSRaid2; C:\Windows\System32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
3 SiSRaid4; C:\Windows\System32\DRIVERS\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-28] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-28] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-28] (Microsoft Corporation)
3 stexstor; C:\Windows\System32\DRIVERS\stexstor.sys [24656 2009-07-13] (Promise Technology)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 swenum; C:\Windows\System32\drivers\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [316464 2010-03-10] (Synaptics Incorporated)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1923968 2011-04-24] (Microsoft Corporation)
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1923968 2011-04-24] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] (Microsoft Corporation)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [27784 2009-07-30] (TOSHIBA Corporation.)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-13] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\drivers\termdd.sys [63360 2010-11-20] (Microsoft Corporation)
0 Thpdrv; C:\Windows\System32\DRIVERS\thpdrv.sys [34880 2009-06-29] (TOSHIBA Corporation)
0 Thpevm; C:\Windows\System32\DRIVERS\Thpevm.SYS [14784 2009-06-29] (TOSHIBA Corporation)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-20] (Microsoft Corporation)
3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [14472 2009-06-19] (TOSHIBA Corporation)
3 uagp35; C:\Windows\System32\DRIVERS\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
3 umbus; C:\Windows\System32\drivers\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2010-12-14] (Apple, Inc.)
3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109696 2010-11-20] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-24] (Microsoft Corporation)
3 usbcir; C:\Windows\System32\drivers\usbcir.sys [100352 2009-07-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52736 2011-03-24] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-24] (Microsoft Corporation)
3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2011-03-24] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-10] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2009-07-13] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-20] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
3 viaide; C:\Windows\System32\drivers\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
3 vsmraid; C:\Windows\System32\DRIVERS\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)
3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation)
3 WacomPen; C:\Windows\System32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
3 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-13] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation)
3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] (Microsoft Corporation)

========================= NetSvcs ============================

============ One Month Created Files and folders =============

2011-06-22 22:52 - 2011-04-26 18:40 - 0158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-06-22 22:52 - 2011-04-26 18:39 - 0289280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-06-22 22:52 - 2011-04-26 18:39 - 0128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-06-22 22:52 - 2011-04-24 21:33 - 1923968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-06-22 22:52 - 2011-04-24 18:34 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-06-22 22:51 - 2011-05-27 21:32 - 9001984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-06-22 22:51 - 2011-05-27 20:33 - 5984768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-06-22 22:51 - 2011-05-27 19:06 - 3135488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-06-22 22:51 - 2011-04-28 21:52 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-06-22 22:51 - 2011-04-28 21:51 - 2443776 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-06-22 22:51 - 2011-04-28 20:54 - 2064384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-06-22 22:51 - 2011-04-28 20:54 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-06-22 22:51 - 2011-04-22 14:08 - 1492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-06-22 22:51 - 2011-04-22 14:08 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-06-22 22:51 - 2011-04-22 14:04 - 12262400 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-06-22 22:51 - 2011-04-22 11:10 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-06-22 22:51 - 2011-04-22 11:09 - 1230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-06-22 22:51 - 2011-04-22 11:09 - 10990592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-06-22 22:51 - 2011-04-22 11:09 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-06-22 22:50 - 2011-05-27 19:30 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-06-22 22:50 - 2011-05-27 18:53 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-06-22 22:50 - 2011-04-22 14:04 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-06-22 22:50 - 2011-04-22 14:04 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-06-22 22:50 - 2011-04-22 11:09 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-06-22 22:50 - 2011-01-17 03:09 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2011-06-22 22:50 - 2011-01-16 21:47 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2011-06-22 22:49 - 2011-04-28 19:06 - 0467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-06-22 22:49 - 2011-04-28 19:05 - 0410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-06-22 22:49 - 2011-04-28 19:05 - 0168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-06-22 22:49 - 2011-02-24 22:22 - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-06-22 22:49 - 2011-02-24 21:34 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-06-22 22:48 - 2011-05-02 21:29 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-06-22 22:48 - 2011-05-02 20:30 - 0741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-06-22 20:42 - 2011-06-23 03:16 - 0000000 ____D C:\FRST
2011-06-22 15:57 - 2011-06-22 15:57 - 0002004 ____A C:\Users\Cereal\AppData\Roaming\0BA2.958
2011-06-15 14:40 - 2011-06-15 14:40 - 0035781 ____A C:\Users\Cereal\Desktop\1615983917.pdf
2011-06-14 11:21 - 2011-06-14 11:25 - 0000132 ____A C:\Users\Cereal\AppData\Roaming\Adobe BMP Format CS5 Prefs
2011-06-08 11:06 - 2011-06-08 11:06 - 0475871 ____A C:\Users\Cereal\Downloads\clothing_silhouettes.zip
2011-06-08 07:38 - 2011-06-08 07:38 - 1483424 ____A C:\Users\Cereal\Downloads\Helvetica.zip
2011-06-05 19:11 - 2011-06-05 19:11 - 0000132 ____A C:\Users\Cereal\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2011-06-05 16:51 - 2011-06-05 16:51 - 0001950 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-06-02 14:18 - 2011-06-02 14:18 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2011-05-30 21:12 - 2011-05-30 21:12 - 0000000 ____D C:\Program Files (x86)\UEFI WinFlash
2011-05-30 21:07 - 2011-05-30 21:07 - 0274696 ____A C:\Windows\Minidump\053111-17737-01.dmp
2011-05-28 15:57 - 2011-06-22 23:05 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-28 15:57 - 2011-05-28 15:57 - 0000000 ____D C:\Users\Cereal\AppData\Roaming\Malwarebytes
2011-05-28 15:57 - 2011-05-28 15:57 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-05-28 15:57 - 2011-05-28 15:57 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-05-28 15:57 - 2010-12-20 14:09 - 0038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-05-28 15:57 - 2010-12-20 14:08 - 0024152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-05-28 07:50 - 2011-05-28 17:13 - 0000420 ____A C:\rkill.log
2011-05-28 06:52 - 2011-05-28 06:52 - 0000136 ____A C:\Users\All Users\~38788856r
2011-05-28 06:52 - 2011-05-28 06:52 - 0000136 ____A C:\ProgramData\~38788856r
2011-05-28 06:52 - 2011-05-28 06:52 - 0000104 ____A C:\Users\All Users\~38788856
2011-05-28 06:52 - 2011-05-28 06:52 - 0000104 ____A C:\ProgramData\~38788856
2011-05-28 06:51 - 2011-05-28 06:51 - 0000328 ____A C:\Users\All Users\38788856
2011-05-28 06:51 - 2011-05-28 06:51 - 0000328 ____A C:\ProgramData\38788856
2011-05-26 06:50 - 2011-05-26 06:50 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-05-25 05:27 - 2011-04-22 14:15 - 0027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys

============ 3 Months Modified Files and folders =============

2011-06-23 03:16 - 2011-06-22 20:42 - 0000000 ____D C:\FRST
2011-06-22 23:13 - 2010-07-28 02:48 - 1934525 ____A C:\Windows\WindowsUpdate.log
2011-06-22 23:13 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-06-22 23:13 - 2009-07-13 18:36 - 0624178 ____A C:\Windows\System32\perfh009.dat
2011-06-22 23:13 - 2009-07-13 18:36 - 0106522 ____A C:\Windows\System32\perfc009.dat
2011-06-22 23:11 - 2010-10-18 06:52 - 49454024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-06-22 23:11 - 2010-10-18 05:56 - 3140947 ___AH C:\Users\Cereal\AppData\Local\IconCache.db
2011-06-22 23:06 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-06-22 23:05 - 2011-05-28 15:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-22 23:05 - 2010-07-28 02:53 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-06-22 23:05 - 2010-07-28 02:53 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-06-22 23:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wfp
2011-06-22 23:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wbem
2011-06-22 23:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-06-22 23:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-06-22 23:04 - 2010-04-08 22:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-22 22:52 - 2009-07-13 20:45 - 0016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-06-22 22:52 - 2009-07-13 20:45 - 0016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-06-22 22:42 - 2010-10-11 22:39 - 0000000 ____D C:\users\Cereal
2011-06-22 22:41 - 2010-07-28 02:43 - 1942761472 __ASH C:\hiberfil.sys
2011-06-22 22:41 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-06-22 22:41 - 2009-07-13 20:51 - 0034374 ____A C:\Windows\setupact.log
2011-06-22 20:07 - 2010-10-17 15:50 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-06-22 20:07 - 2010-10-17 15:50 - 0000000 ____D C:\ProgramData\FLEXnet
2011-06-22 20:06 - 2010-10-12 11:29 - 0000000 ____D C:\Users\Cereal\AppData\Roaming\Adobe
2011-06-22 20:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-06-22 16:58 - 2010-10-12 10:44 - 0155040 ____A C:\Users\Cereal\AppData\Local\GDIPFONTCACHEV1.DAT
2011-06-22 15:57 - 2011-06-22 15:57 - 0002004 ____A C:\Users\Cereal\AppData\Roaming\0BA2.958
2011-06-18 04:18 - 2010-10-12 11:07 - 0000000 ____D C:\Users\Cereal\AppData\Local\Microsoft Help
2011-06-14 11:25 - 2011-06-14 11:21 - 0000132 ____A C:\Users\Cereal\AppData\Roaming\Adobe BMP Format CS5 Prefs
2011-06-14 11:23 - 2010-10-19 13:28 - 0001456 ____A C:\Users\Cereal\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-06-08 11:06 - 2009-12-27 12:52 - 0000000 ___RD C:\Users\Cereal\Desktop\Images
2011-06-05 19:11 - 2011-06-05 19:11 - 0000132 ____A C:\Users\Cereal\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2011-06-05 16:51 - 2011-06-05 16:51 - 0001950 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-06-02 14:18 - 2011-06-02 14:18 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2011-06-02 14:18 - 2011-02-23 09:54 - 0000000 ____D C:\Users\All Users\Apple
2011-06-02 14:18 - 2011-02-23 09:54 - 0000000 ____D C:\ProgramData\Apple
2011-06-01 12:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-05-30 21:12 - 2011-05-30 21:12 - 0000000 ____D C:\Program Files (x86)\UEFI WinFlash
2011-05-30 21:12 - 2009-07-13 19:20 - 0000000 ___RD C:\Program Files (x86)
2011-05-30 21:07 - 2011-05-30 21:07 - 0274696 ____A C:\Windows\Minidump\053111-17737-01.dmp
2011-05-30 21:07 - 2010-11-11 10:55 - 0000000 ____D C:\Windows\Minidump
2011-05-30 21:07 - 2010-11-11 10:54 - 553468299 ____A C:\Windows\MEMORY.DMP
2011-05-28 17:13 - 2011-05-28 07:50 - 0000420 ____A C:\rkill.log
2011-05-28 17:03 - 2010-10-17 08:25 - 0391384 ____A C:\Windows\ntbtlog.txt
2011-05-28 15:57 - 2011-05-28 15:57 - 0000000 ____D C:\Users\Cereal\AppData\Roaming\Malwarebytes
2011-05-28 15:57 - 2011-05-28 15:57 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-05-28 15:57 - 2011-05-28 15:57 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-05-28 07:14 - 2010-10-11 22:41 - 0000000 ____D C:\Users\Cereal\AppData\Local\VirtualStore
2011-05-28 06:52 - 2011-05-28 06:52 - 0000136 ____A C:\Users\All Users\~38788856r
2011-05-28 06:52 - 2011-05-28 06:52 - 0000136 ____A C:\ProgramData\~38788856r
2011-05-28 06:52 - 2011-05-28 06:52 - 0000104 ____A C:\Users\All Users\~38788856
2011-05-28 06:52 - 2011-05-28 06:52 - 0000104 ____A C:\ProgramData\~38788856
2011-05-28 06:51 - 2011-05-28 06:51 - 0000328 ____A C:\Users\All Users\38788856
2011-05-28 06:51 - 2011-05-28 06:51 - 0000328 ____A C:\ProgramData\38788856
2011-05-27 21:32 - 2011-06-22 22:51 - 9001984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-05-27 20:33 - 2011-06-22 22:51 - 5984768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-05-27 19:30 - 2011-06-22 22:50 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-05-27 19:06 - 2011-06-22 22:51 - 3135488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-05-27 18:53 - 2011-06-22 22:50 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-05-27 05:50 - 2009-07-13 20:45 - 7315832 ____A C:\Windows\System32\FNTCACHE.DAT
2011-05-26 09:05 - 2010-11-16 13:41 - 0000000 ____D C:\Users\Cereal\AppData\Roaming\Skype
2011-05-26 06:50 - 2011-05-26 06:50 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-05-24 15:14 - 2010-10-12 11:10 - 0270720 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-05-20 10:39 - 2010-11-16 13:41 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-05-20 10:39 - 2010-11-16 13:41 - 0000000 ____D C:\Users\All Users\Skype
2011-05-20 10:39 - 2010-11-16 13:41 - 0000000 ____D C:\ProgramData\Skype
2011-05-15 14:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-05-02 21:29 - 2011-06-22 22:48 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-05-02 20:30 - 2011-06-22 22:48 - 0741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-05-02 14:25 - 2011-05-02 14:25 - 0100503 ____A C:\Users\Cereal\Downloads\aimimg_1.png
2011-05-02 10:06 - 2010-10-25 12:43 - 0000000 ____D C:\Users\Cereal\Documents\Snagit
2011-05-01 10:45 - 2010-10-17 15:34 - 0000000 ____D C:\Users\Cereal\Documents\2009
2011-05-01 10:45 - 2010-10-17 15:34 - 0000000 ____D C:\Users\Cereal\Documents\2008
2011-05-01 10:43 - 2011-05-01 10:40 - 0000000 ____D C:\Users\Cereal\Documents\2010
2011-04-29 16:50 - 2010-11-01 07:39 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-04-28 21:52 - 2011-06-22 22:51 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-04-28 21:51 - 2011-06-22 22:51 - 2443776 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-04-28 20:54 - 2011-06-22 22:51 - 2064384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-04-28 20:54 - 2011-06-22 22:51 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-04-28 19:06 - 2011-06-22 22:49 - 0467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-04-28 19:05 - 2011-06-22 22:49 - 0410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-04-28 19:05 - 2011-06-22 22:49 - 0168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-04-26 18:40 - 2011-06-22 22:52 - 0158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-04-26 18:39 - 2011-06-22 22:52 - 0289280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-04-26 18:39 - 2011-06-22 22:52 - 0128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-04-26 07:03 - 2010-12-17 11:04 - 0000000 ____D C:\Users\Cereal\AppData\Local\Deployment
2011-04-24 21:33 - 2011-06-22 22:52 - 1923968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-04-24 18:34 - 2011-06-22 22:52 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-04-22 14:15 - 2011-05-25 05:27 - 0027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-04-22 14:08 - 2011-06-22 22:51 - 1492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-04-22 14:08 - 2011-06-22 22:51 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-04-22 14:04 - 2011-06-22 22:51 - 12262400 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-04-22 14:04 - 2011-06-22 22:50 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-04-22 14:04 - 2011-06-22 22:50 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-04-22 11:10 - 2011-06-22 22:51 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-04-22 11:09 - 2011-06-22 22:51 - 1230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-04-22 11:09 - 2011-06-22 22:51 - 10990592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-04-22 11:09 - 2011-06-22 22:51 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-04-22 11:09 - 2011-06-22 22:50 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-04-18 08:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Microsoft.NET
2011-04-08 23:02 - 2011-05-11 06:10 - 5562240 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-04-08 22:58 - 2011-05-14 07:37 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-04-08 22:02 - 2011-05-11 06:10 - 3967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-04-08 22:02 - 2011-05-11 06:10 - 3912576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-04-08 21:56 - 2011-05-14 07:37 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-04-01 11:15 - 2011-04-01 11:15 - 0537473 ____A C:\Users\Cereal\Downloads\kryosmobilewireframes_pngfiles.zip
2011-04-01 05:51 - 2010-04-08 22:56 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-03-31 10:40 - 2010-10-18 05:42 - 0000000 ____D C:\Users\Cereal\AppData\Roaming\eFax Messenger
2011-03-31 08:36 - 2011-03-31 06:20 - 0002002 ____A C:\Users\Cereal\Documents\Default.rdp
2011-03-31 05:46 - 2010-04-08 23:04 - 0299136 ____A C:\Windows\PFRO.log
2011-03-28 10:57 - 2010-10-11 22:41 - 0000174 ___SH C:\Users\Cereal\Start Menu\Programs\Startup\desktop.ini
2011-03-28 10:57 - 2010-10-11 22:41 - 0000174 ___SH C:\Users\Cereal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-03-28 10:49 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-03-28 10:49 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\en
2011-03-28 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-03-28 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-03-28 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-03-28 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-03-28 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-03-28 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-03-28 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-03-28 10:49 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\wbem
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-03-28 10:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-03-28 10:33 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2011-03-28 10:33 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2011-03-28 10:25 - 2011-03-28 10:25 - 0000000 ____D C:\Windows\System32\SPReview
2011-03-28 07:44 - 2011-03-28 07:44 - 0000000 ____D C:\Windows\System32\EventProviders
2011-03-24 19:29 - 2011-05-11 06:10 - 0343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2011-03-24 19:29 - 2011-05-11 06:10 - 0325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2011-03-24 19:29 - 2011-05-11 06:10 - 0098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2011-03-24 19:29 - 2011-05-11 06:10 - 0052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2011-03-24 19:29 - 2011-05-11 06:10 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2011-03-24 19:28 - 2011-05-11 06:10 - 0007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys

========================= Known DLLs =========================

[2009-07-13 16:41] - [2009-07-13 17:40] - 0877056 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2011-03-28 08:18] - [2010-11-20 04:18] - 0640512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
[2009-07-13 16:00] - [2009-07-13 17:40] - 0607744 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-13 15:44] - [2009-07-13 17:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
[2011-03-28 08:19] - [2010-11-20 05:25] - 0594432 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
[2011-03-28 08:18] - [2010-11-20 04:18] - 0485888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
[2011-03-28 08:18] - [2010-11-20 05:26] - 0403968 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2011-03-28 08:18] - [2010-11-20 04:08] - 0311296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
[2011-06-22 22:51] - [2011-04-28 21:51] - 2443776 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2011-06-22 22:51] - [2011-04-28 20:54] - 2064384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
[2011-03-28 08:17] - [2010-11-20 05:26] - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
[2011-03-28 08:17] - [2010-11-20 04:19] - 0155136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0167424 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2011-03-28 08:17] - [2010-11-20 04:08] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
[2011-03-28 08:19] - [2010-11-20 05:26] - 1161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2011-03-28 08:18] - [2010-11-20 04:08] - 0837632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
[2009-07-13 15:40] - [2009-07-13 17:41] - 1067008 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-13 15:28] - [2009-07-13 17:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
[2009-07-13 15:19] - [2009-07-13 17:41] - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-07-13 15:12] - [2009-07-13 17:15] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
[2009-07-13 15:26] - [2009-07-13 17:31] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-13 15:15] - [2009-07-13 17:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
[2011-03-28 08:19] - [2010-11-20 05:27] - 2086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2011-03-28 08:19] - [2010-11-20 04:20] - 1414144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
[2011-06-22 22:49] - [2011-02-24 22:22] - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
[2011-06-22 22:49] - [2011-02-24 21:34] - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
[2009-07-13 15:26] - [2009-07-13 17:41] - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-13 15:15] - [2009-07-13 17:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
[2011-03-28 08:19] - [2010-11-20 05:27] - 1219584 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2011-03-28 08:18] - [2010-11-20 04:08] - 0663040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
[2009-07-13 15:20] - [2009-07-13 17:41] - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-13 15:11] - [2009-07-13 17:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
[2011-03-28 08:19] - [2010-11-20 05:27] - 1900544 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2011-03-28 08:19] - [2010-11-20 04:21] - 1667584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
[2011-03-28 08:19] - [2010-11-20 05:27] - 14174208 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
[2011-03-28 08:19] - [2010-11-20 04:21] - 12872192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
[2011-03-28 08:19] - [2010-11-20 05:27] - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2011-03-28 08:18] - [2010-11-20 04:21] - 0350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
[2011-06-22 22:51] - [2011-04-22 14:08] - 1492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
[2011-06-22 22:51] - [2011-04-22 11:09] - 1230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
[2011-03-28 08:19] - [2010-11-20 05:27] - 1008128 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2011-03-28 08:18] - [2010-11-20 04:08] - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
[2011-03-28 08:19] - [2010-11-20 05:27] - 0800256 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2011-03-28 08:18] - [2010-11-20 04:21] - 0626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll
[2009-07-13 15:57] - [2009-07-13 17:41] - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\version.dll
[2009-07-13 15:41] - [2009-07-13 17:16] - 0021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\version.dll
[2011-06-22 22:51] - [2011-04-22 14:08] - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
[2011-06-22 22:51] - [2011-04-22 11:10] - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
[2011-03-28 08:18] - [2010-11-20 05:27] - 0312832 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll
[2011-03-28 08:18] - [2010-11-20 04:21] - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wldap32.dll
[2011-03-28 08:19] - [2010-11-20 05:27] - 0297984 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2011-03-28 08:18] - [2010-11-20 04:21] - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll

================== Bamital & volsnap Check ===================

C:\Windows\System32\winlogon.exe
[2011-03-28 08:19] - [2010-11-20 05:25] - 0390656 ____A (Microsoft Corporation)

C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation)

C:\Windows\explorer.exe
[2011-04-28 05:47] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation)

C:\Windows\System32\Drivers\volsnap.sys
[2011-03-28 08:18] - [2010-11-20 05:34] - 0295808 ____A (Microsoft Corporation)


========================= Memory info ========================

Percentage of memory in use: 8%
Total physical RAM: 7931.68 MB
Available physical RAM: 7218.42 MB
Total Pagefile: 7929.83 MB
Available Pagefile: 7196.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB

======================= Partitions ===========================

1 Drive c: (TI105832W0G) (Fixed) (Total:287.57 GB) (Free:209.45 GB) NTFS
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Edited by Cerealtxtr, 23 June 2011 - 07:47 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:59 AM

Posted 23 June 2011 - 06:45 AM

Please don't run any cleaner or scanner after running the tool until we make sure it is safe to do so.

Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

2011-05-28 06:52 - 2011-05-28 06:52 - 0000136 ____A C:\Users\All Users\~38788856r
2011-05-28 06:52 - 2011-05-28 06:52 - 0000104 ____A C:\Users\All Users\~38788856
2011-05-28 06:51 - 2011-05-28 06:51 - 0000328 ____A C:\Users\All Users\38788856
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart and let the computer boot normally and tell me how it went.

#5 Cerealtxtr

Cerealtxtr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 23 June 2011 - 06:53 AM

I just restarted and it was able to restart normally!! THANK YOU! Is there anything I should do now? Was this a virus or an error with my Microsoft updates?

My log is below:
Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.1.1)
Ran by SYSTEM at 2011-06-23 07:50:45 R:1
Running from E:\

==============================================

C:\Users\All Users\~38788856r moved successfully.
C:\Users\All Users\~38788856 moved successfully.
C:\Users\All Users\38788856 moved successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bcdedit /set {default} winpe no =========

The operation completed successfully.

========= End of CMD: =========

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:59 AM

Posted 23 June 2011 - 07:04 AM

Great. :thumbsup:

It had nothing to do with MS update, it was a virus, TDSS/TDL4 MBR infection and it is taken care of.

  • Delete FRST tool as we don't need it any more. Go to start => Computer => open C: drive and remove FRST folder.
  • Please run Malwarebytes, first under update tab select to update it, run a Quick Scan, if anything found let remove it and post the log here.
  • Also check if you you notice any issues, go to Strat -> Programs to see if you can see the programs and tell if there is any issue.


#7 Cerealtxtr

Cerealtxtr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 23 June 2011 - 07:12 AM

:clapping: It hasn't been said enough - YOU ARE AWESOME, THANK YOU! :clapping:
I am running MalwareBytes, but I had to navigate to it manually. All my "Program" folders in "Start" are (empty) even though the software is there.

#8 Cerealtxtr

Cerealtxtr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 23 June 2011 - 07:20 AM

I ran MalwareBytes and I am clean!

Also, I have ESET and it's amazing that it doesn't protect against ANYTHING I feel based on the fact that this is the 2nd time I have had something happen to my machine with it at full power.

I am not sure if it is possible to restore my Program info in Start, but I am just so happy my machine is working.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:59 AM

Posted 23 June 2011 - 07:24 AM

You are most welcome and thanks for your kind words.:)

The reason I asked you not to run any cleaner is that this is a double infection and we can still restore the Programs folder as long as we don't run any cleaner. The folder should be still in a temporary directory if after 28-05 (the day the infection got to your system) you have not run any cleaner.

Please download unhide.exe by Grinler and run it.
Tell me if you can see the Programs folder now.

#10 Cerealtxtr

Cerealtxtr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 23 June 2011 - 07:43 AM

And it worked!
Thank you again and there should be more kind people like yourself and all those who help n00bs like me at bleepingcomputer!

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:59 AM

Posted 23 June 2011 - 07:54 AM

Now please Delete all the restore points as they might contain infected files.
Then make a clean restore point by Creating a restore point.

Do you have any questions before we round off?

Edited by farbar, 23 June 2011 - 07:54 AM.


#12 Cerealtxtr

Cerealtxtr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 23 June 2011 - 09:20 AM

Nope - Deleted previous restore points and then Created a new one as per instructions.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:59 AM

Posted 23 June 2011 - 11:04 AM

Thank you for the donation.:)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users