Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan:Win64/Sirefef.p


  • This topic is locked This topic is locked
18 replies to this topic

#1 eick

eick

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 09 June 2012 - 10:38 AM

My laptop has been infected with the Sirefef.P trojan and don't know how to remove it. I have downloaded the Farbar Recovery Scan Tool and ran it in recovery mode.

FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 09-06-2012 10:27:04
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [328048 2011-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544104 2011-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167704 2011-07-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [392472 2011-07-01] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [416024 2011-07-01] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2475384 2011-01-16] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ThrustTSR] C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe [217088 2003-04-10] (Guillemot Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKU\Brian\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-13] (Google Inc.)
HKU\Brian\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\Brian\...\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-09] (Google Inc.)
HKU\Brian\...\Run: [MusicManager] "C:\Users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806080 2012-05-14] (Google Inc.)
HKU\Brian\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-25] (BitTorrent, Inc.)
HKU\Brian\...\Run: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window [1240088 2012-05-22] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Brian\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Brian\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Brian\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
2 lxdw_device; C:\windows\system32\lxdwcoms.exe -service [1044136 2009-10-16] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MouseWithoutBordersSvc; "C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe" [17920 2011-08-31] (Microsoft)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [58345832 2011-09-22] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [61976 2009-07-22] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe /s [135608 2011-12-07] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll" /prefetch:1 [132984 2011-02-03] (Symantec Corporation)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [431464 2011-09-22] (Microsoft Corporation)
4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [255336 2011-09-22] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [154984 2011-09-22] (Microsoft Corporation)
2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe" [79872 2012-01-18] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [846448 2011-08-29] (VMware, Inc.)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [6144 2009-01-29] (Motorola Inc)
2 cpuz135; \??\C:\windows\system32\drivers\cpuz135_x64.sys [21992 2011-01-19] (CPUID)
1 igvlmcxc; C:\Windows\System32\Drivers\igvlmcxc.sys [50000 2012-06-09] (Microsoft Corporation)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola)
3 motccgp; C:\Windows\System32\Drivers\motccgp.sys [21504 2011-04-04] (Motorola)
3 motccgpfl; C:\Windows\System32\Drivers\motccgpfl.sys [9216 2009-01-29] (Motorola)
3 motmodem; C:\Windows\System32\Drivers\motmodem.sys [30208 2011-03-31] (Motorola)
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [8576 2007-11-02] (Motorola)
3 Motousbnet; C:\Windows\System32\Drivers\Motousbnet.sys [26624 2010-04-01] (Motorola)
1 mpkwlipi; C:\Windows\System32\Drivers\mpkwlipi.sys [50000 2012-06-09] (Microsoft Corporation)
2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101376 2011-04-22] (REDC)
4 RsFx0105; C:\Windows\System32\Drivers\RsFx0105.sys [311144 2011-09-22] (Microsoft Corporation)
3 Ser2pl; C:\Windows\system32\drivers\ser2pl64.sys [97280 2010-03-12] (Prolific Technology Inc.)
3 TPM; C:\Windows\System32\Drivers\TPM.sys [38400 2009-07-13] (Microsoft Corporation)
0 TVALZ; C:\Windows\System32\Drivers\TVALZ.sys [26840 2009-07-14] (TOSHIBA Corporation)
1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [21504 2010-09-01] (Shrew Soft Inc)
3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2010-09-01] (Shrew Soft Inc)
1 zmhtrqla; C:\Windows\System32\Drivers\zmhtrqla.sys [50000 2012-06-09] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-09 07:18 - 2012-06-09 07:18 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\igvlmcxc.sys
2012-06-09 07:12 - 2012-06-09 07:12 - 00000000 ____D C:\Qoobox
2012-06-09 07:11 - 2012-06-09 07:14 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 07:10 - 2012-06-09 07:11 - 04539936 ____R (Swearware) C:\Users\Brian\Desktop\ComboFix.exe
2012-06-09 07:10 - 2012-06-09 07:10 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zmhtrqla.sys
2012-06-09 07:08 - 2012-06-09 07:08 - 00000497 ____A C:\Users\Brian\Desktop\CFscript.txt
2012-06-09 07:02 - 2012-06-09 07:03 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpkwlipi.sys
2012-06-09 06:54 - 2012-06-09 06:54 - 00007586 ____A C:\Users\Brian\Downloads\WinDefend.reg
2012-06-09 06:53 - 2012-06-09 06:53 - 00005256 ____A C:\Users\Brian\Downloads\wscsvc.reg
2012-06-09 06:39 - 2012-06-09 06:39 - 00105612 ____A C:\Users\Brian\Desktop\ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee.htm
2012-06-09 06:39 - 2012-06-09 06:39 - 00000000 ____D C:\Users\Brian\Desktop\ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee_files
2012-06-09 06:38 - 2012-06-09 06:38 - 00176940 ____A C:\Users\Brian\Downloads\BFE.reg
2012-06-09 06:38 - 2012-06-09 06:38 - 00006396 ____A C:\Users\Brian\Downloads\MpsSvc.reg
2012-06-09 06:21 - 2012-06-09 06:21 - 00002975 ____A C:\Users\Brian\Desktop\HiJackThis.lnk
2012-06-09 06:21 - 2012-06-09 06:21 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 06:20 - 2012-06-09 06:20 - 01402880 ____A C:\Users\Brian\Downloads\HiJackThis.msi
2012-06-09 06:15 - 2012-06-09 06:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 06:15 - 2012-06-09 06:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-08 13:29 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-08 13:29 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-08 13:29 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-08 13:29 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-08 13:28 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-08 13:28 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-08 13:28 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-08 13:28 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-08 13:28 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-07 02:40 - 2012-06-07 12:18 - 00000000 ____D C:\Users\Brian\Doctor Web
2012-06-07 02:14 - 2012-06-07 02:14 - 00000000 ____D C:\Users\All Users\VS
2012-06-06 19:41 - 2011-09-22 18:07 - 00105832 ____A (Microsoft Corporation) C:\Windows\System32\SQSRVRES.DLL
2012-06-06 19:41 - 2011-09-22 18:06 - 00109416 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-06 19:41 - 2011-09-22 14:18 - 00073064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-06 18:54 - 2012-06-06 19:07 - 90406336 ____A C:\Users\Brian\Desktop\vgsmpfwe.exe
2012-06-06 18:02 - 2012-06-06 18:02 - 00001121 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Malwarebytes
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 18:02 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-06 17:54 - 2012-06-06 18:01 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-06 17:49 - 2012-06-06 18:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\mseinstall(1).exe
2012-06-05 18:28 - 2012-06-05 18:28 - 00739856 ____A (Google Inc.) C:\Users\Brian\Downloads\ChromeSetup.exe
2012-06-05 17:29 - 2012-06-05 17:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-03 19:02 - 2012-06-03 19:02 - 00690856 ____A () C:\Users\Brian\Downloads\setup-mlbbluejayspersona.exe
2012-06-03 15:59 - 2012-06-03 16:00 - 02094492 ____A C:\Users\Brian\Downloads\13218099196b1ba9c4d08a2d30061577.zip
2012-06-03 05:47 - 2012-06-03 05:47 - 00000000 ____D C:\Users\Brian\AppData\Local\Frameworkx.com
2012-06-03 05:36 - 2012-06-07 02:11 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-06-03 05:34 - 2012-06-03 05:34 - 00003101 ____A C:\Users\Brian\Desktop\Vista Shortcut Manager.lnk
2012-06-03 05:34 - 2012-06-03 05:34 - 00000000 ____D C:\Program Files\Frameworkx
2012-06-03 05:33 - 2012-06-03 05:34 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2012-06-03 05:33 - 2012-06-03 05:33 - 01352435 ____A C:\Users\Brian\Downloads\setup_magicdisc.exe
2012-06-03 05:33 - 2009-02-24 15:35 - 00255552 ____A (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2012-06-03 05:33 - 2009-02-24 15:35 - 00255552 ____A (MagicISO, Inc.) C:\Windows\System32\Drivers\mcdbus.sys
2012-06-03 05:28 - 2012-06-03 05:28 - 01733632 ____A C:\Users\Brian\Downloads\FxVisor64.msi
2012-06-03 04:38 - 2012-06-03 04:38 - 00000000 ____D C:\Program Files (x86)\MagicISO
2012-06-03 04:35 - 2012-06-03 04:36 - 03067400 ____A C:\Users\Brian\Downloads\Setup_MagicISO.exe
2012-05-30 15:27 - 2012-05-30 15:29 - 00000000 ____D C:\Users\Brian\Documents\My Barnes & Noble eBooks
2012-05-30 15:27 - 2012-05-30 15:27 - 00001220 ____A C:\Users\Public\Desktop\NOOK for PC.lnk
2012-05-30 15:27 - 2012-05-30 15:27 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Barnes & Noble
2012-05-30 15:27 - 2012-05-30 15:27 - 00000000 ____D C:\Program Files (x86)\Barnes & Noble
2012-05-30 15:25 - 2012-05-30 15:25 - 17557408 ____A (Barnes & Noble, Inc.) C:\Users\Brian\Downloads\bndr2_setup_latest.exe
2012-05-30 15:11 - 2012-05-30 15:40 - 00000000 ____D C:\Users\Brian\Documents\Calibre Library
2012-05-30 15:11 - 2012-05-30 15:12 - 00000000 ____D C:\Users\Brian\AppData\Roaming\calibre
2012-05-30 15:11 - 2012-05-30 15:11 - 00000972 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-05-30 15:11 - 2012-05-30 15:11 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-05-30 15:11 - 2012-05-30 14:04 - 01561038 ____A C:\Users\Brian\Desktop\Protocol Analysis.pdf
2012-05-30 15:03 - 2012-05-30 15:03 - 47406512 ____A C:\Users\Brian\Downloads\calibre-0.8.53.msi
2012-05-28 08:29 - 2012-05-28 08:32 - 09953989 ____A C:\Users\Brian\Downloads\showtime.rar
2012-05-26 10:58 - 2012-05-26 10:58 - 00002149 ____A C:\Users\Brian\.recently-used.xbel
2012-05-26 10:39 - 2012-05-26 10:40 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-25 18:42 - 2012-05-25 18:44 - 00000000 ____D C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651 (1)
2012-05-25 18:41 - 2012-05-25 18:41 - 05345919 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651.7z
2012-05-25 18:41 - 2012-05-25 18:41 - 05345919 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651 (1).7z
2012-05-14 00:01 - 2012-05-14 00:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 00:01 - 2012-05-14 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 13:08 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 13:08 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 13:08 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 13:08 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 13:08 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 13:08 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 13:08 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 13:07 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 08:23 - 2012-05-12 08:24 - 00000000 ____D C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634 (1)
2012-05-12 08:17 - 2012-05-12 08:17 - 05342136 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634 (1).7z
2012-05-12 08:14 - 2012-05-12 08:14 - 05342136 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634.7z


============ 3 Months Modified Files and Folders =============

2012-06-09 10:27 - 2012-06-09 10:26 - 00000000 ____D C:\FRST
2012-06-09 07:24 - 2011-09-14 07:28 - 00000000 ____D C:\Users\Brian\AppData\Roaming\uTorrent
2012-06-09 07:24 - 2011-06-13 10:34 - 02023131 ____A C:\Windows\WindowsUpdate.log
2012-06-09 07:18 - 2012-06-09 07:18 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\igvlmcxc.sys
2012-06-09 07:15 - 2011-06-13 11:11 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-09 07:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 07:14 - 2012-06-09 07:11 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 07:14 - 2009-07-13 21:08 - 00019898 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 07:12 - 2012-06-09 07:12 - 00000000 ____D C:\Qoobox
2012-06-09 07:11 - 2012-06-09 07:10 - 04539936 ____R (Swearware) C:\Users\Brian\Desktop\ComboFix.exe
2012-06-09 07:11 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 07:11 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 07:10 - 2012-06-09 07:10 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zmhtrqla.sys
2012-06-09 07:08 - 2012-06-09 07:08 - 00000497 ____A C:\Users\Brian\Desktop\CFscript.txt
2012-06-09 07:05 - 2011-06-13 11:11 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-09 07:03 - 2012-06-09 07:02 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mpkwlipi.sys
2012-06-09 07:02 - 2011-09-07 12:47 - 00000000 ___RD C:\Users\Brian\Dropbox
2012-06-09 07:02 - 2011-09-07 12:45 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Dropbox
2012-06-09 07:01 - 2012-03-26 09:47 - 00000000 ____D C:\Users\All Users\VMware
2012-06-09 07:00 - 2009-07-13 20:51 - 00000893 ____A C:\Windows\setupact.log
2012-06-09 06:54 - 2012-06-09 06:54 - 00007586 ____A C:\Users\Brian\Downloads\WinDefend.reg
2012-06-09 06:53 - 2012-06-09 06:53 - 00005256 ____A C:\Users\Brian\Downloads\wscsvc.reg
2012-06-09 06:39 - 2012-06-09 06:39 - 00105612 ____A C:\Users\Brian\Desktop\ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee.htm
2012-06-09 06:39 - 2012-06-09 06:39 - 00000000 ____D C:\Users\Brian\Desktop\ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee_files
2012-06-09 06:38 - 2012-06-09 06:38 - 00176940 ____A C:\Users\Brian\Downloads\BFE.reg
2012-06-09 06:38 - 2012-06-09 06:38 - 00006396 ____A C:\Users\Brian\Downloads\MpsSvc.reg
2012-06-09 06:32 - 2012-04-21 15:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 06:31 - 2011-09-09 10:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1785430191-539180829-411235372-1000UA.job
2012-06-09 06:21 - 2012-06-09 06:21 - 00002975 ____A C:\Users\Brian\Desktop\HiJackThis.lnk
2012-06-09 06:21 - 2012-06-09 06:21 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 06:20 - 2012-06-09 06:20 - 01402880 ____A C:\Users\Brian\Downloads\HiJackThis.msi
2012-06-09 06:18 - 2009-10-23 12:46 - 2729239552 ____A C:\Users\Brian\Documents\Outlook.pst
2012-06-09 06:15 - 2012-06-09 06:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 06:15 - 2012-06-09 06:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-09 06:15 - 2011-09-26 12:21 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 06:15 - 2011-09-07 19:12 - 00894400 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-08 17:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-08 16:43 - 2010-11-20 19:47 - 00441920 ____A C:\Windows\PFRO.log
2012-06-08 12:35 - 2011-09-09 10:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1785430191-539180829-411235372-1000Core.job
2012-06-07 12:18 - 2012-06-07 02:40 - 00000000 ____D C:\Users\Brian\Doctor Web
2012-06-07 02:40 - 2011-09-05 14:06 - 00000000 ____D C:\users\Brian
2012-06-07 02:15 - 2011-10-29 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-06-07 02:14 - 2012-06-07 02:14 - 00000000 ____D C:\Users\All Users\VS
2012-06-07 02:11 - 2012-06-03 05:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-06-07 02:11 - 2011-04-14 19:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-06 19:41 - 2009-07-13 21:13 - 00807174 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-06 19:35 - 2011-10-29 18:53 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2012-06-06 19:35 - 2011-10-29 18:53 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-06-06 19:07 - 2012-06-06 18:54 - 90406336 ____A C:\Users\Brian\Desktop\vgsmpfwe.exe
2012-06-06 18:53 - 2011-09-07 05:21 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Apple Computer
2012-06-06 18:53 - 2011-09-05 14:51 - 00000000 ____D C:\Users\Brian\AppData\Local\Apple Computer
2012-06-06 18:39 - 2011-09-07 05:17 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-06 18:02 - 2012-06-06 18:02 - 00001121 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Malwarebytes
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 18:02 - 2012-06-06 17:49 - 12621696 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\mseinstall(1).exe
2012-06-06 18:01 - 2012-06-06 17:54 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-05 18:28 - 2012-06-05 18:28 - 00739856 ____A (Google Inc.) C:\Users\Brian\Downloads\ChromeSetup.exe
2012-06-05 17:29 - 2012-06-05 17:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-05 17:16 - 2012-04-21 15:43 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-05 17:16 - 2011-10-30 13:30 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-03 19:02 - 2012-06-03 19:02 - 00690856 ____A () C:\Users\Brian\Downloads\setup-mlbbluejayspersona.exe
2012-06-03 16:00 - 2012-06-03 15:59 - 02094492 ____A C:\Users\Brian\Downloads\13218099196b1ba9c4d08a2d30061577.zip
2012-06-03 15:15 - 2011-09-07 12:47 - 00001029 ____A C:\Users\Brian\Desktop\Dropbox.lnk
2012-06-03 08:08 - 2011-09-08 16:52 - 00000000 ____D C:\Users\Brian\AppData\Local\WinZip
2012-06-03 05:47 - 2012-06-03 05:47 - 00000000 ____D C:\Users\Brian\AppData\Local\Frameworkx.com
2012-06-03 05:34 - 2012-06-03 05:34 - 00003101 ____A C:\Users\Brian\Desktop\Vista Shortcut Manager.lnk
2012-06-03 05:34 - 2012-06-03 05:34 - 00000000 ____D C:\Program Files\Frameworkx
2012-06-03 05:34 - 2012-06-03 05:33 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2012-06-03 05:33 - 2012-06-03 05:33 - 01352435 ____A C:\Users\Brian\Downloads\setup_magicdisc.exe
2012-06-03 05:28 - 2012-06-03 05:28 - 01733632 ____A C:\Users\Brian\Downloads\FxVisor64.msi
2012-06-03 04:38 - 2012-06-03 04:38 - 00000000 ____D C:\Program Files (x86)\MagicISO
2012-06-03 04:36 - 2012-06-03 04:35 - 03067400 ____A C:\Users\Brian\Downloads\Setup_MagicISO.exe
2012-06-02 14:19 - 2012-06-08 13:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 13:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 13:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 13:28 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 13:28 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 13:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 13:28 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-08 13:28 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-08 13:28 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 15:40 - 2012-05-30 15:11 - 00000000 ____D C:\Users\Brian\Documents\Calibre Library
2012-05-30 15:29 - 2012-05-30 15:27 - 00000000 ____D C:\Users\Brian\Documents\My Barnes & Noble eBooks
2012-05-30 15:27 - 2012-05-30 15:27 - 00001220 ____A C:\Users\Public\Desktop\NOOK for PC.lnk
2012-05-30 15:27 - 2012-05-30 15:27 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Barnes & Noble
2012-05-30 15:27 - 2012-05-30 15:27 - 00000000 ____D C:\Program Files (x86)\Barnes & Noble
2012-05-30 15:25 - 2012-05-30 15:25 - 17557408 ____A (Barnes & Noble, Inc.) C:\Users\Brian\Downloads\bndr2_setup_latest.exe
2012-05-30 15:16 - 2012-01-10 15:59 - 00000000 ____D C:\Users\Brian\Documents\My Kindle Content
2012-05-30 15:12 - 2012-05-30 15:11 - 00000000 ____D C:\Users\Brian\AppData\Roaming\calibre
2012-05-30 15:11 - 2012-05-30 15:11 - 00000972 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-05-30 15:11 - 2012-05-30 15:11 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-05-30 15:03 - 2012-05-30 15:03 - 47406512 ____A C:\Users\Brian\Downloads\calibre-0.8.53.msi
2012-05-30 14:50 - 2011-09-08 04:35 - 00000000 ____D C:\Users\Brian\Documents\Electronic Arts
2012-05-30 14:43 - 2011-09-08 04:13 - 00447752 ____A (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2012-05-30 14:04 - 2012-05-30 15:11 - 01561038 ____A C:\Users\Brian\Desktop\Protocol Analysis.pdf
2012-05-28 08:32 - 2012-05-28 08:29 - 09953989 ____A C:\Users\Brian\Downloads\showtime.rar
2012-05-28 08:07 - 2011-09-07 03:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-05-28 07:42 - 2011-09-07 03:11 - 00000000 ____D C:\Program Files (x86)\Origin
2012-05-26 11:01 - 2010-08-19 14:25 - 00000000 ____D C:\Users\Brian\.gimp-2.6
2012-05-26 10:58 - 2012-05-26 10:58 - 00002149 ____A C:\Users\Brian\.recently-used.xbel
2012-05-26 10:58 - 2011-09-27 16:12 - 00000000 ____D C:\Users\Brian\AppData\Roaming\gtk-2.0
2012-05-26 10:40 - 2012-05-26 10:39 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-25 18:44 - 2012-05-25 18:42 - 00000000 ____D C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651 (1)
2012-05-25 18:41 - 2012-05-25 18:41 - 05345919 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651.7z
2012-05-25 18:41 - 2012-05-25 18:41 - 05345919 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651 (1).7z
2012-05-25 13:21 - 2011-09-14 07:29 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-14 00:01 - 2012-05-14 00:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 00:01 - 2012-05-14 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 00:34 - 2009-07-13 20:45 - 00434376 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 00:12 - 2011-09-09 05:01 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-13 00:12 - 2011-09-06 15:01 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-13 00:00 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-12 11:51 - 2011-10-13 10:01 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-12 11:51 - 2011-10-13 10:01 - 00000000 ____D C:\Program Files (x86)\Safari
2012-05-12 11:35 - 2012-04-21 16:32 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-12 08:24 - 2012-05-12 08:23 - 00000000 ____D C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634 (1)
2012-05-12 08:17 - 2012-05-12 08:17 - 05342136 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634 (1).7z
2012-05-12 08:14 - 2012-05-12 08:14 - 05342136 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634.7z
2012-05-03 09:50 - 2011-09-08 15:38 - 00000000 ____D C:\Users\Brian\AppData\Local\CrashDumps
2012-04-24 18:50 - 2012-04-24 18:50 - 00000183 ____A C:\Users\Brian\Downloads\100079778001.sdx
2012-04-24 18:50 - 2012-02-01 13:56 - 00000000 ____A C:\Users\Brian\Downloads\SecureDownloadManager.log
2012-04-21 17:20 - 2012-03-26 09:50 - 00000000 ____D C:\Users\Brian\AppData\Local\VMware
2012-04-21 16:35 - 2012-04-21 15:36 - 00000000 ____D C:\Users\Brian\Documents\Virtual Machines
2012-04-21 16:35 - 2012-03-26 09:50 - 00000000 ____D C:\Users\Brian\AppData\Roaming\VMware
2012-04-21 16:23 - 2012-04-21 16:23 - 00000000 ____D C:\Users\Public\TOSHIBA
2012-04-21 15:56 - 2012-04-21 15:56 - 00002144 ____A C:\Users\Public\Desktop\VMware Player.lnk
2012-04-21 15:55 - 2012-04-21 15:55 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-04-21 15:42 - 2012-04-21 15:42 - 00000000 ____D C:\Windows\System32\Macromed
2012-04-20 18:55 - 2012-04-20 18:55 - 00017174 ____A C:\Users\Brian\Documents\irl.xlsx
2012-04-18 17:56 - 2012-04-18 17:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 17:56 - 2012-04-18 17:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-18 11:59 - 2012-04-18 11:48 - 00001908 ____A C:\Windows\diagwrn.xml
2012-04-18 11:59 - 2012-04-18 11:48 - 00001908 ____A C:\Windows\diagerr.xml
2012-04-18 11:53 - 2012-04-18 11:53 - 00000029 ____A C:\Users\Brian\Documents\Windows 8 Licence Key.txt
2012-04-18 11:48 - 2012-04-18 11:48 - 00000000 ___HD C:\$WINDOWS.~BT
2012-04-18 11:48 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log
2012-04-17 14:06 - 2012-04-17 14:05 - 00841728 ____A C:\Users\Brian\Downloads\SDM_EN (2).msi
2012-04-17 14:05 - 2012-04-17 14:05 - 00000183 ____A C:\Users\Brian\Downloads\100078261517.sdx
2012-04-15 13:06 - 2012-02-10 17:24 - 00001656 ____A C:\Users\Brian\Documents\584109eb_eick74.sav
2012-04-12 20:10 - 2012-04-12 20:09 - 16610892 ____A C:\Users\Brian\Downloads\QRflct 1.4.apk
2012-04-12 19:34 - 2012-04-12 18:54 - 16969485 ____A C:\Users\Brian\Downloads\quell_1.41.apk
2012-04-12 06:09 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-04-12 06:07 - 2012-04-12 06:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-12 06:07 - 2012-04-12 06:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-11 12:42 - 2012-04-11 12:42 - 01169000 ____A C:\Users\Brian\Downloads\NFL_2012_Elite51Uniform_original.pdf
2012-04-11 12:42 - 2012-04-11 12:42 - 00039936 ____A C:\Users\Brian\Downloads\Nike_NFL_PR_Uniforms_Unveiled_05APR2012_original.doc
2012-04-08 04:59 - 2012-04-08 04:59 - 00856178 ____A C:\Users\Brian\Downloads\Object Oriented Modelling Presentation.pdf
2012-04-08 00:02 - 2012-04-06 15:08 - 00000039 ____A C:\Windows\vbaddin.ini
2012-04-06 15:15 - 2012-04-06 15:15 - 01786727 ____A C:\Users\Brian\Downloads\770-97-3a.pdf
2012-04-06 15:14 - 2012-04-06 15:13 - 00541672 ____A C:\Users\Brian\Downloads\274269 (1).pdf
2012-04-06 15:12 - 2012-04-06 15:12 - 00888021 ____A C:\Users\Brian\Downloads\274787.pdf
2012-04-06 15:12 - 2012-04-06 15:12 - 00541672 ____A C:\Users\Brian\Downloads\274269.pdf
2012-04-06 15:03 - 2012-04-06 15:02 - 00000000 ____D C:\Users\Brian\Downloads\Microsoft Visio 2010
2012-04-06 14:44 - 2012-04-06 14:44 - 00000000 ____D C:\Users\Brian\Downloads\Visio 2010 with Service Pack 1 (x86 and x64) - DVD (English)
2012-04-06 13:43 - 2012-04-06 13:43 - 00841728 ____A C:\Users\Brian\Downloads\SDM_EN (1).msi
2012-04-06 13:43 - 2012-04-06 13:43 - 00000183 ____A C:\Users\Brian\Downloads\100075944513.sdx
2012-04-06 06:53 - 2012-04-06 06:53 - 00082580 ____A C:\Users\Brian\Documents\SOFTWARE REQUIREMENTS SPECIFICATION.docx
2012-04-04 12:56 - 2012-06-06 18:02 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 14:41 - 2011-10-27 14:17 - 00000000 ____D C:\Users\Brian\AppData\Roaming\codeblocks
2012-04-03 12:58 - 2012-04-03 12:58 - 01508573 ____A C:\Users\Brian\Downloads\Visual_Voicemail (1).zip
2012-04-03 12:08 - 2011-12-22 10:50 - 00080357 ____A C:\Users\Brian\Documents\afmbe.xlsx
2012-04-02 19:00 - 2012-04-02 19:00 - 00011130 ____A C:\Users\Brian\Downloads\Dr Van Helsing Use Case.docx
2012-03-31 11:07 - 2011-09-06 15:01 - 00000000 ____D C:\Users\Brian\AppData\Local\Microsoft Help
2012-03-31 10:44 - 2012-03-31 10:44 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-31 10:43 - 2012-03-31 10:42 - 00000000 ____D C:\Program Files\iTunes
2012-03-31 10:43 - 2011-11-20 15:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-03-31 10:42 - 2012-03-31 10:42 - 00000000 ____D C:\Program Files\iPod
2012-03-31 05:35 - 2012-03-31 05:29 - 131315268 ____A C:\Users\Brian\Downloads\DROID3-CM9-03-31-UNOFFICIAL.zip
2012-03-30 22:05 - 2012-05-12 13:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-12 13:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-12 13:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-12 13:08 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-12 13:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 18:55 - 2012-03-27 18:44 - 00000000 ____D C:\Users\Brian\Downloads\Danger Danger
2012-03-27 14:40 - 2012-03-27 14:40 - 04422394 ____A C:\Users\Brian\Documents\Athens State 2012 Summer Schedule.pdf
2012-03-27 12:53 - 2012-03-27 12:53 - 22138797 ____A (Organize Music, Inc. ) C:\Users\Brian\Downloads\organize_music_setup.exe
2012-03-27 07:37 - 2012-03-27 07:37 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Unity
2012-03-27 07:35 - 2012-03-27 07:35 - 00595056 ____A (Unity Technologies ApS) C:\Users\Brian\Downloads\UnityWebPlayer.exe
2012-03-27 07:35 - 2012-03-27 07:35 - 00000000 ____D C:\Users\Brian\AppData\Local\Unity
2012-03-27 07:35 - 2011-09-05 14:07 - 00000000 ____D C:\Users\Brian\AppData\LocalLow
2012-03-26 14:32 - 2012-03-26 09:33 - 227772461 ____A C:\Users\Brian\Downloads\ICS-B4.zip
2012-03-26 11:34 - 2012-03-26 11:33 - 00000000 ____D C:\Users\Brian\Downloads\2002 Let Go
2012-03-26 09:48 - 2012-03-26 09:48 - 00001024 ____A C:\.rnd
2012-03-26 09:47 - 2012-03-26 09:47 - 00000000 ____D C:\Program Files (x86)\VMware
2012-03-25 15:59 - 2012-03-25 15:59 - 00001176 ____A C:\Users\Public\Desktop\Duplicate File Detective 2.lnk
2012-03-25 15:59 - 2012-03-25 15:59 - 00000000 ___HD C:\Users\All Users\{069BCE30-6EC3-40CD-8DBA-EFECA88F79CC}
2012-03-25 15:59 - 2012-03-19 13:42 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Key Metric Software
2012-03-25 15:59 - 2012-03-18 10:45 - 00000000 ____D C:\Program Files (x86)\Key Metric Software
2012-03-20 17:44 - 2012-03-20 17:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 17:44 - 2012-03-20 17:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 12:40 - 2012-03-20 12:40 - 00039936 ____A C:\Users\Brian\Downloads\VectorWorkOut Pgm.doc
2012-03-20 11:19 - 2012-03-20 08:12 - 00000000 ____D C:\Users\Brian\.android
2012-03-20 11:03 - 2011-09-05 14:20 - 00000000 ____D C:\Users\Brian\AppData\Local\Google
2012-03-20 09:01 - 2012-03-20 09:01 - 00000000 ____D C:\Users\Brian\AppData\Roaming\eBookConverter
2012-03-20 09:01 - 2012-03-20 09:01 - 00000000 ____D C:\Program Files (x86)\eBookConverter
2012-03-20 08:58 - 2009-09-24 09:01 - 00000000 ____D C:\Users\Brian\Documents\My eBooks
2012-03-20 08:57 - 2012-03-20 08:57 - 08505253 ____A C:\Users\Brian\Downloads\pdbdrm.zip
2012-03-20 08:34 - 2012-03-20 08:33 - 07990275 ____A C:\Users\Brian\Downloads\eReader Win Pro 3.0.3 (1).zip
2012-03-20 08:08 - 2012-03-20 08:08 - 00000000 ____D C:\Program Files (x86)\Android
2012-03-20 08:08 - 2012-03-20 08:07 - 00000000 ____D C:\Program Files\Oracle
2012-03-20 08:05 - 2012-03-20 08:05 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-20 08:05 - 2012-03-20 08:05 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-20 08:05 - 2012-03-20 08:03 - 00000000 ____D C:\Program Files\Java
2012-03-20 08:00 - 2012-03-20 07:55 - 91662296 ____A (Oracle Corporation) C:\Users\Brian\Downloads\jdk-7u3-windows-x64.exe
2012-03-20 06:13 - 2012-03-20 06:11 - 29561554 ____A (Google Inc.) C:\Users\Brian\Downloads\installer_r16-windows (1).exe
2012-03-19 11:34 - 2009-10-26 16:32 - 00019120 ____A C:\Users\Brian\Documents\cover letter.docx
2012-03-18 10:45 - 2012-03-18 10:45 - 00001137 ____A C:\Users\Public\Desktop\FolderSizes 4.lnk
2012-03-18 10:45 - 2012-03-18 10:45 - 00000000 __HDC C:\Users\All Users\{C7BD2D7C-2F1C-4583-8CF0-FC304745CBCE}
2012-03-18 10:38 - 2012-03-18 10:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motoandroid_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2012-03-18 10:36 - 2012-03-18 10:36 - 00000000 ____D C:\Program Files\Motorola Inc
2012-03-18 10:36 - 2012-03-18 10:36 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-03-18 10:34 - 2012-03-18 10:34 - 02443264 ____A C:\Users\Brian\Downloads\Motorola_End_User_Driver_Installation_5.2.0_64bit.msi
2012-03-18 10:33 - 2012-03-15 06:33 - 00000000 ____D C:\Users\Brian\Downloads\Android Ice Cream Sandwich
2012-03-18 10:32 - 2012-03-18 10:31 - 01747541 ____A C:\Users\Brian\Downloads\PetesMotorolaRootTools_v1.07.zip
2012-03-18 07:33 - 2011-12-15 16:18 - 00016323 ____A C:\Users\Brian\Documents\AFMBE.docx
2012-03-17 19:31 - 2012-03-17 19:31 - 04107517 ____A C:\Users\Brian\Downloads\Droid3Safestrap-1.0.apk
2012-03-17 08:08 - 2012-03-17 07:54 - 00208468 ____A C:\Windows\hpoins41.dat
2012-03-17 08:08 - 2011-10-08 20:05 - 00002119 ____A C:\Users\All Users\hpzinstall.log
2012-03-17 07:58 - 2011-10-08 20:05 - 00000000 ____D C:\Users\All Users\HP
2012-03-17 07:54 - 2012-03-17 07:54 - 00000000 ____D C:\Program Files\HP
2012-03-17 07:50 - 2012-03-17 07:48 - 174044000 ____A C:\Users\Brian\Downloads\PS_AIO_06_C309g-m_USW_Full_Win_enu_140_175.exe
2012-03-17 04:42 - 2012-03-16 19:18 - 00000000 ____D C:\Users\Brian\Downloads\Nintendo DS Emulator
2012-03-16 23:58 - 2012-05-12 13:08 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 19:18 - 2012-03-16 19:17 - 02196552 ____A C:\Users\Brian\Downloads\desmume-0.9.7-win32.zip
2012-03-12 19:27 - 2012-03-12 19:27 - 00047104 ____A C:\Users\Brian\Downloads\PRICEEREQ.doc
2012-03-12 19:27 - 2012-03-12 19:27 - 00037888 ____A C:\Users\Brian\Downloads\MORGAN COUNTY REGISTRATION FORM1_1.doc
2012-03-12 04:08 - 2012-03-12 04:08 - 04547559 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-458.7z
2012-03-12 04:08 - 2012-03-12 04:08 - 04547559 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-458 (1).7z

ZeroAccess:
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\@
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\L
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\U
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\L\00000004.@
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\L\1afb2d56
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\L\201d3dde
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\U\00000004.@
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\U\00000008.@
C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2}\U\000000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-04-14 19:17] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-04-14 19:17] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-04-14 19:17] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8095.43 MB
Available physical RAM: 7316.22 MB
Total Pagefile: 8093.63 MB
Available Pagefile: 7301.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106163W0C ) (Fixed) (Total:450.51 GB) (Free:131.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (16G) (Removable) (Total:14.92 GB) (Free:14.3 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 450 GB 1501 MB
Partition 3 Primary 13 GB 451 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106163W0C NTFS Partition 450 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1112 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F 16G FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 17:38

======================= End Of Log ==========================

Any help that can be given is very appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 10 June 2012 - 12:44 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2} 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 eick

eick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 June 2012 - 09:38 AM

Ran it. Here is the update fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012 01
Ran by SYSTEM at 2012-06-10 07:32:08 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{c4ea6125-da41-61c0-04e0-2ca8aa2efab2} moved successfully.

==== End of Fixlog ====

Rebooted in Windows and Trojan was still there.

Reran FRST64.exe and here is the updated FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 10-06-2012 07:55:00
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [328048 2011-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544104 2011-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-30] (TOSHIBA Corporation)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167704 2011-07-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [392472 2011-07-01] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [416024 2011-07-01] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2475384 2011-01-16] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ThrustTSR] C:\Program Files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe [217088 2003-04-10] (Guillemot Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKU\Brian\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-13] (Google Inc.)
HKU\Brian\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\Brian\...\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-09] (Google Inc.)
HKU\Brian\...\Run: [MusicManager] "C:\Users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806080 2012-05-14] (Google Inc.)
HKU\Brian\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-25] (BitTorrent, Inc.)
HKU\Brian\...\Run: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window [1240088 2012-05-22] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Brian\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Brian\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Brian\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
2 lxdw_device; C:\windows\system32\lxdwcoms.exe -service [1044136 2009-10-16] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MouseWithoutBordersSvc; "C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe" [17920 2011-08-31] (Microsoft)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [58345832 2011-09-22] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [61976 2009-07-22] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe /s [135608 2011-12-07] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll" /prefetch:1 [132984 2011-02-03] (Symantec Corporation)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [431464 2011-09-22] (Microsoft Corporation)
4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [255336 2011-09-22] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [154984 2011-09-22] (Microsoft Corporation)
2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe" [79872 2012-01-18] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [846448 2011-08-29] (VMware, Inc.)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [6144 2009-01-29] (Motorola Inc)
2 cpuz135; \??\C:\windows\system32\drivers\cpuz135_x64.sys [21992 2011-01-19] (CPUID)
1 lytxhqqm; C:\Windows\System32\Drivers\lytxhqqm.sys [50000 2012-06-10] (Microsoft Corporation)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola)
3 motccgp; C:\Windows\System32\Drivers\motccgp.sys [21504 2011-04-04] (Motorola)
3 motccgpfl; C:\Windows\System32\Drivers\motccgpfl.sys [9216 2009-01-29] (Motorola)
3 motmodem; C:\Windows\System32\Drivers\motmodem.sys [30208 2011-03-31] (Motorola)
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [8576 2007-11-02] (Motorola)
3 Motousbnet; C:\Windows\System32\Drivers\Motousbnet.sys [26624 2010-04-01] (Motorola)
2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101376 2011-04-22] (REDC)
4 RsFx0105; C:\Windows\System32\Drivers\RsFx0105.sys [311144 2011-09-22] (Microsoft Corporation)
3 Ser2pl; C:\Windows\system32\drivers\ser2pl64.sys [97280 2010-03-12] (Prolific Technology Inc.)
3 TPM; C:\Windows\System32\Drivers\TPM.sys [38400 2009-07-13] (Microsoft Corporation)
0 TVALZ; C:\Windows\System32\Drivers\TVALZ.sys [26840 2009-07-14] (TOSHIBA Corporation)
1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [21504 2010-09-01] (Shrew Soft Inc)
3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2010-09-01] (Shrew Soft Inc)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-09 10:26 - 2012-06-10 07:55 - 00000000 ____D C:\FRST
2012-06-09 07:12 - 2012-06-09 07:12 - 00000000 ____D C:\Qoobox
2012-06-09 07:11 - 2012-06-09 07:14 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 07:10 - 2012-06-09 07:11 - 04539936 ____R (Swearware) C:\Users\Brian\Desktop\ComboFix.exe
2012-06-09 07:08 - 2012-06-09 07:08 - 00000497 ____A C:\Users\Brian\Desktop\CFscript.txt
2012-06-09 06:54 - 2012-06-09 06:54 - 00007586 ____A C:\Users\Brian\Downloads\WinDefend.reg
2012-06-09 06:53 - 2012-06-09 06:53 - 00005256 ____A C:\Users\Brian\Downloads\wscsvc.reg
2012-06-09 06:39 - 2012-06-09 06:39 - 00105612 ____A C:\Users\Brian\Desktop\ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee.htm
2012-06-09 06:39 - 2012-06-09 06:39 - 00000000 ____D C:\Users\Brian\Desktop\ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee_files
2012-06-09 06:38 - 2012-06-09 06:38 - 00176940 ____A C:\Users\Brian\Downloads\BFE.reg
2012-06-09 06:38 - 2012-06-09 06:38 - 00006396 ____A C:\Users\Brian\Downloads\MpsSvc.reg
2012-06-09 06:21 - 2012-06-09 06:21 - 00002975 ____A C:\Users\Brian\Desktop\HiJackThis.lnk
2012-06-09 06:21 - 2012-06-09 06:21 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 06:20 - 2012-06-09 06:20 - 01402880 ____A C:\Users\Brian\Downloads\HiJackThis.msi
2012-06-09 06:15 - 2012-06-09 06:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 06:15 - 2012-06-09 06:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-08 19:19 - 2012-06-08 19:26 - 01071954 ____A C:\Users\Brian\Downloads\I Make My Own Sunshine - Alyssa Bonagura (Lowes Commercial).mp3
2012-06-08 19:15 - 2012-06-08 19:18 - 06944896 ____A C:\Users\Brian\Downloads\Rihanna - Please Don't Stop The Music.mp3
2012-06-08 18:49 - 2012-06-08 19:10 - 00000000 ____D C:\Users\Brian\Downloads\Kool and The Gang - The Very Best Of.2011[www.lokotorrents.com][mp3]
2012-06-08 18:48 - 2012-06-08 18:50 - 00000000 ____D C:\Users\Brian\Downloads\Len - You Can't Stop the Bum Rush
2012-06-08 18:46 - 2012-06-08 18:46 - 00000000 ____D C:\Users\Brian\Downloads\Kool & the Gang-Collection [Polygram International]
2012-06-08 18:43 - 2012-06-08 18:48 - 00000000 ____D C:\Users\Brian\Downloads\2001 - Anthology
2012-06-08 18:43 - 2012-06-08 18:43 - 00019721 ____A C:\Users\Brian\Downloads\Commodores_-_Anthology_[2001]___Art.7186093.TPB.torrent
2012-06-08 18:42 - 2012-06-08 18:46 - 00000000 ____D C:\Users\Brian\Downloads\1963 - Play
2012-06-08 18:42 - 2012-06-08 18:42 - 00014853 ____A C:\Users\Brian\Downloads\Kool___the_Gang-Collection_[Polygram_International]..4845700.TPB.torrent
2012-06-08 18:41 - 2012-06-08 18:41 - 00017037 ____A C:\Users\Brian\Downloads\Beach_Boys_-_Digitally_remastered_-_320_kbps.5512434.TPB.torrent
2012-06-08 18:41 - 2012-06-08 18:41 - 00011833 ____A C:\Users\Brian\Downloads\The_Surfaris_-_1963_-_Play.3766399.TPB.torrent
2012-06-08 18:31 - 2012-06-08 18:36 - 00000000 ____D C:\Users\Brian\Downloads\Jimmy_Buffet-Boats_Beaches_Bars_And_Ballads-4CD-(Retail)-1992-HHI
2012-06-08 18:26 - 2012-06-08 18:26 - 00014492 ____A C:\Users\Brian\Downloads\The_Best_of_the_Lovin___Spoonful__Vol._1.3823631.TPB.torrent
2012-06-08 13:29 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-08 13:29 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-08 13:29 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-08 13:29 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-08 13:28 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-08 13:28 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-08 13:28 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-08 13:28 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-08 13:28 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-07 02:40 - 2012-06-07 12:18 - 00000000 ____D C:\Users\Brian\Doctor Web
2012-06-07 02:14 - 2012-06-07 02:14 - 00000000 ____D C:\Users\All Users\VS
2012-06-07 02:11 - 2012-06-07 02:11 - 00002346 ____A C:\Users\Public\Desktop\The Sims™ 3 Katy Perry's Sweet Treats.lnk
2012-06-06 19:41 - 2011-09-22 18:07 - 00105832 ____A (Microsoft Corporation) C:\Windows\System32\SQSRVRES.DLL
2012-06-06 19:41 - 2011-09-22 18:06 - 00109416 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-06 19:41 - 2011-09-22 14:18 - 00073064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-06 18:54 - 2012-06-06 19:07 - 90406336 ____A C:\Users\Brian\Desktop\vgsmpfwe.exe
2012-06-06 18:02 - 2012-06-06 18:02 - 00001121 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Malwarebytes
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 18:02 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-06 17:54 - 2012-06-06 18:01 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-06 17:49 - 2012-06-06 18:02 - 12621696 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\mseinstall(1).exe
2012-06-05 18:28 - 2012-06-05 18:28 - 00739856 ____A (Google Inc.) C:\Users\Brian\Downloads\ChromeSetup.exe
2012-06-05 17:29 - 2012-06-05 17:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-04 13:52 - 2012-06-04 13:52 - 03346549 ____A C:\Users\Brian\Downloads\Augusto_TimeBombDress.rar
2012-06-04 13:48 - 2012-06-04 13:48 - 01909650 ____A C:\Users\Brian\Downloads\sclub-ts3-special-necklace-n2.7z
2012-06-04 13:48 - 2012-06-04 13:48 - 01661578 ____A C:\Users\Brian\Downloads\sclub-ts3-special-earring-n4.7z
2012-06-03 19:02 - 2012-06-03 19:02 - 00690856 ____A () C:\Users\Brian\Downloads\setup-mlbbluejayspersona.exe
2012-06-03 15:59 - 2012-06-03 16:00 - 02094492 ____A C:\Users\Brian\Downloads\13218099196b1ba9c4d08a2d30061577.zip
2012-06-03 08:21 - 2012-06-03 08:59 - 00000000 ____D C:\Users\Brian\Downloads\The Sims 3 Showtime
2012-06-03 05:47 - 2012-06-03 05:47 - 00000000 ____D C:\Users\Brian\AppData\Local\Frameworkx.com
2012-06-03 05:36 - 2012-06-07 02:11 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-06-03 05:34 - 2012-06-03 05:34 - 00003101 ____A C:\Users\Brian\Desktop\Vista Shortcut Manager.lnk
2012-06-03 05:34 - 2012-06-03 05:34 - 00000000 ____D C:\Program Files\Frameworkx
2012-06-03 05:33 - 2012-06-03 05:34 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2012-06-03 05:33 - 2012-06-03 05:33 - 01352435 ____A C:\Users\Brian\Downloads\setup_magicdisc.exe
2012-06-03 05:33 - 2009-02-24 15:35 - 00255552 ____A (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2012-06-03 05:33 - 2009-02-24 15:35 - 00255552 ____A (MagicISO, Inc.) C:\Windows\System32\Drivers\mcdbus.sys
2012-06-03 05:28 - 2012-06-03 05:28 - 01733632 ____A C:\Users\Brian\Downloads\FxVisor64.msi
2012-06-03 04:38 - 2012-06-03 04:38 - 00000000 ____D C:\Program Files (x86)\MagicISO
2012-06-03 04:35 - 2012-06-03 04:36 - 03067400 ____A C:\Users\Brian\Downloads\Setup_MagicISO.exe
2012-06-02 19:15 - 2012-06-07 02:05 - 00000000 ____D C:\Users\Brian\Downloads\The.Sims.3.Showtime.Katy.Perry.Collectors.Edition-ALI213
2012-06-02 19:03 - 2012-06-02 19:03 - 00000000 ____D C:\Users\Brian\Downloads\The_Sims_3_Showtime-FLT
2012-06-02 18:04 - 2012-06-02 18:04 - 00000000 ____D C:\Users\Brian\Downloads\The Sims 3 Collection
2012-06-02 18:03 - 2012-06-02 18:03 - 00000000 ____D C:\Users\Brian\Downloads\The Sims 3 Outdoor Living Stuff
2012-05-30 15:27 - 2012-05-30 15:29 - 00000000 ____D C:\Users\Brian\Documents\My Barnes & Noble eBooks
2012-05-30 15:27 - 2012-05-30 15:27 - 00001220 ____A C:\Users\Public\Desktop\NOOK for PC.lnk
2012-05-30 15:27 - 2012-05-30 15:27 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Barnes & Noble
2012-05-30 15:27 - 2012-05-30 15:27 - 00000000 ____D C:\Program Files (x86)\Barnes & Noble
2012-05-30 15:25 - 2012-05-30 15:25 - 17557408 ____A (Barnes & Noble, Inc.) C:\Users\Brian\Downloads\bndr2_setup_latest.exe
2012-05-30 15:11 - 2012-05-30 15:40 - 00000000 ____D C:\Users\Brian\Documents\Calibre Library
2012-05-30 15:11 - 2012-05-30 15:12 - 00000000 ____D C:\Users\Brian\AppData\Roaming\calibre
2012-05-30 15:11 - 2012-05-30 15:11 - 00000972 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-05-30 15:11 - 2012-05-30 15:11 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-05-30 15:11 - 2012-05-30 14:04 - 01561038 ____A C:\Users\Brian\Desktop\Protocol Analysis.pdf
2012-05-30 15:03 - 2012-05-30 15:03 - 47406512 ____A C:\Users\Brian\Downloads\calibre-0.8.53.msi
2012-05-28 08:29 - 2012-05-28 08:32 - 09953989 ____A C:\Users\Brian\Downloads\showtime.rar
2012-05-26 10:58 - 2012-05-26 10:58 - 00002149 ____A C:\Users\Brian\.recently-used.xbel
2012-05-26 10:39 - 2012-05-26 10:40 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-25 18:42 - 2012-05-25 18:44 - 00000000 ____D C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651 (1)
2012-05-25 18:41 - 2012-05-25 18:41 - 05345919 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651.7z
2012-05-25 18:41 - 2012-05-25 18:41 - 05345919 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651 (1).7z
2012-05-14 00:01 - 2012-05-14 00:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 00:01 - 2012-05-14 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 13:08 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 13:08 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 13:08 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 13:08 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 13:08 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 13:08 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 13:08 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 13:07 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 08:23 - 2012-05-12 08:24 - 00000000 ____D C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634 (1)
2012-05-12 08:17 - 2012-05-12 08:17 - 05342136 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634 (1).7z
2012-05-12 08:14 - 2012-05-12 08:14 - 05342136 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634.7z


============ 3 Months Modified Files and Folders =============

2012-06-10 07:55 - 2012-06-09 10:26 - 00000000 ____D C:\FRST
2012-06-10 04:45 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-10 04:45 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-10 04:44 - 2011-09-14 07:28 - 00000000 ____D C:\Users\Brian\AppData\Roaming\uTorrent
2012-06-10 04:43 - 2011-06-13 11:11 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-10 04:42 - 2012-06-10 04:41 - 00050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lytxhqqm.sys
2012-06-10 04:42 - 2011-09-07 12:45 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Dropbox
2012-06-10 04:40 - 2012-03-26 09:47 - 00000000 ____D C:\Users\All Users\VMware
2012-06-10 04:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-10 04:40 - 2009-07-13 20:51 - 00001061 ____A C:\Windows\setupact.log
2012-06-10 04:39 - 2011-06-13 10:34 - 02062277 ____A C:\Windows\WindowsUpdate.log
2012-06-10 04:24 - 2011-09-09 10:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1785430191-539180829-411235372-1000UA.job
2012-06-10 04:24 - 2011-06-13 11:11 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-10 04:23 - 2012-04-21 15:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 09:31 - 2011-09-09 10:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1785430191-539180829-411235372-1000Core.job
2012-06-09 07:45 - 2009-10-23 12:46 - 2729239552 ____A C:\Users\Brian\Documents\Outlook.pst
2012-06-09 07:14 - 2012-06-09 07:11 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 07:14 - 2009-07-13 21:08 - 00020648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 07:12 - 2012-06-09 07:12 - 00000000 ____D C:\Qoobox
2012-06-09 07:11 - 2012-06-09 07:10 - 04539936 ____R (Swearware) C:\Users\Brian\Desktop\ComboFix.exe
2012-06-09 07:08 - 2012-06-09 07:08 - 00000497 ____A C:\Users\Brian\Desktop\CFscript.txt
2012-06-09 07:02 - 2011-09-07 12:47 - 00000000 ___RD C:\Users\Brian\Dropbox
2012-06-09 06:54 - 2012-06-09 06:54 - 00007586 ____A C:\Users\Brian\Downloads\WinDefend.reg
2012-06-09 06:53 - 2012-06-09 06:53 - 00005256 ____A C:\Users\Brian\Downloads\wscsvc.reg
2012-06-09 06:39 - 2012-06-09 06:39 - 00105612 ____A C:\Users\Brian\Desktop\ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee.htm
2012-06-09 06:39 - 2012-06-09 06:39 - 00000000 ____D C:\Users\Brian\Desktop\ec3fc3b8-69ec-4b4b-a703-4b745fe6e8ee_files
2012-06-09 06:38 - 2012-06-09 06:38 - 00176940 ____A C:\Users\Brian\Downloads\BFE.reg
2012-06-09 06:38 - 2012-06-09 06:38 - 00006396 ____A C:\Users\Brian\Downloads\MpsSvc.reg
2012-06-09 06:21 - 2012-06-09 06:21 - 00002975 ____A C:\Users\Brian\Desktop\HiJackThis.lnk
2012-06-09 06:21 - 2012-06-09 06:21 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-09 06:20 - 2012-06-09 06:20 - 01402880 ____A C:\Users\Brian\Downloads\HiJackThis.msi
2012-06-09 06:15 - 2012-06-09 06:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 06:15 - 2012-06-09 06:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-09 06:15 - 2011-09-26 12:21 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 06:15 - 2011-09-07 19:12 - 00894400 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-08 19:26 - 2012-06-08 19:19 - 01071954 ____A C:\Users\Brian\Downloads\I Make My Own Sunshine - Alyssa Bonagura (Lowes Commercial).mp3
2012-06-08 19:18 - 2012-06-08 19:15 - 06944896 ____A C:\Users\Brian\Downloads\Rihanna - Please Don't Stop The Music.mp3
2012-06-08 19:10 - 2012-06-08 18:49 - 00000000 ____D C:\Users\Brian\Downloads\Kool and The Gang - The Very Best Of.2011[www.lokotorrents.com][mp3]
2012-06-08 18:50 - 2012-06-08 18:48 - 00000000 ____D C:\Users\Brian\Downloads\Len - You Can't Stop the Bum Rush
2012-06-08 18:48 - 2012-06-08 18:43 - 00000000 ____D C:\Users\Brian\Downloads\2001 - Anthology
2012-06-08 18:46 - 2012-06-08 18:46 - 00000000 ____D C:\Users\Brian\Downloads\Kool & the Gang-Collection [Polygram International]
2012-06-08 18:46 - 2012-06-08 18:42 - 00000000 ____D C:\Users\Brian\Downloads\1963 - Play
2012-06-08 18:43 - 2012-06-08 18:43 - 00019721 ____A C:\Users\Brian\Downloads\Commodores_-_Anthology_[2001]___Art.7186093.TPB.torrent
2012-06-08 18:42 - 2012-06-08 18:42 - 00014853 ____A C:\Users\Brian\Downloads\Kool___the_Gang-Collection_[Polygram_International]..4845700.TPB.torrent
2012-06-08 18:41 - 2012-06-08 18:41 - 00017037 ____A C:\Users\Brian\Downloads\Beach_Boys_-_Digitally_remastered_-_320_kbps.5512434.TPB.torrent
2012-06-08 18:41 - 2012-06-08 18:41 - 00011833 ____A C:\Users\Brian\Downloads\The_Surfaris_-_1963_-_Play.3766399.TPB.torrent
2012-06-08 18:36 - 2012-06-08 18:31 - 00000000 ____D C:\Users\Brian\Downloads\Jimmy_Buffet-Boats_Beaches_Bars_And_Ballads-4CD-(Retail)-1992-HHI
2012-06-08 18:26 - 2012-06-08 18:26 - 00014492 ____A C:\Users\Brian\Downloads\The_Best_of_the_Lovin___Spoonful__Vol._1.3823631.TPB.torrent
2012-06-08 17:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-08 16:43 - 2010-11-20 19:47 - 00441920 ____A C:\Windows\PFRO.log
2012-06-07 12:18 - 2012-06-07 02:40 - 00000000 ____D C:\Users\Brian\Doctor Web
2012-06-07 02:40 - 2011-09-05 14:06 - 00000000 ____D C:\users\Brian
2012-06-07 02:15 - 2011-10-29 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-06-07 02:14 - 2012-06-07 02:14 - 00000000 ____D C:\Users\All Users\VS
2012-06-07 02:11 - 2012-06-07 02:11 - 00002346 ____A C:\Users\Public\Desktop\The Sims™ 3 Katy Perry's Sweet Treats.lnk
2012-06-07 02:11 - 2012-06-03 05:36 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2012-06-07 02:11 - 2011-04-14 19:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-07 02:05 - 2012-06-02 19:15 - 00000000 ____D C:\Users\Brian\Downloads\The.Sims.3.Showtime.Katy.Perry.Collectors.Edition-ALI213
2012-06-06 19:41 - 2009-07-13 21:13 - 00807174 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-06 19:35 - 2011-10-29 18:53 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2012-06-06 19:35 - 2011-10-29 18:53 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-06-06 19:07 - 2012-06-06 18:54 - 90406336 ____A C:\Users\Brian\Desktop\vgsmpfwe.exe
2012-06-06 18:53 - 2011-09-07 05:21 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Apple Computer
2012-06-06 18:53 - 2011-09-05 14:51 - 00000000 ____D C:\Users\Brian\AppData\Local\Apple Computer
2012-06-06 18:39 - 2011-09-07 05:17 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-06 18:02 - 2012-06-06 18:02 - 00001121 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Malwarebytes
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-06 18:02 - 2012-06-06 18:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-06 18:02 - 2012-06-06 17:49 - 12621696 ____A (Microsoft Corporation) C:\Users\Brian\Downloads\mseinstall(1).exe
2012-06-06 18:01 - 2012-06-06 17:54 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Brian\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-05 18:28 - 2012-06-05 18:28 - 00739856 ____A (Google Inc.) C:\Users\Brian\Downloads\ChromeSetup.exe
2012-06-05 17:29 - 2012-06-05 17:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-05 17:16 - 2012-04-21 15:43 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-05 17:16 - 2011-10-30 13:30 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-04 13:52 - 2012-06-04 13:52 - 03346549 ____A C:\Users\Brian\Downloads\Augusto_TimeBombDress.rar
2012-06-04 13:48 - 2012-06-04 13:48 - 01909650 ____A C:\Users\Brian\Downloads\sclub-ts3-special-necklace-n2.7z
2012-06-04 13:48 - 2012-06-04 13:48 - 01661578 ____A C:\Users\Brian\Downloads\sclub-ts3-special-earring-n4.7z
2012-06-03 19:02 - 2012-06-03 19:02 - 00690856 ____A () C:\Users\Brian\Downloads\setup-mlbbluejayspersona.exe
2012-06-03 16:00 - 2012-06-03 15:59 - 02094492 ____A C:\Users\Brian\Downloads\13218099196b1ba9c4d08a2d30061577.zip
2012-06-03 15:15 - 2011-09-07 12:47 - 00001029 ____A C:\Users\Brian\Desktop\Dropbox.lnk
2012-06-03 08:59 - 2012-06-03 08:21 - 00000000 ____D C:\Users\Brian\Downloads\The Sims 3 Showtime
2012-06-03 08:08 - 2011-09-08 16:52 - 00000000 ____D C:\Users\Brian\AppData\Local\WinZip
2012-06-03 05:47 - 2012-06-03 05:47 - 00000000 ____D C:\Users\Brian\AppData\Local\Frameworkx.com
2012-06-03 05:34 - 2012-06-03 05:34 - 00003101 ____A C:\Users\Brian\Desktop\Vista Shortcut Manager.lnk
2012-06-03 05:34 - 2012-06-03 05:34 - 00000000 ____D C:\Program Files\Frameworkx
2012-06-03 05:34 - 2012-06-03 05:33 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2012-06-03 05:33 - 2012-06-03 05:33 - 01352435 ____A C:\Users\Brian\Downloads\setup_magicdisc.exe
2012-06-03 05:28 - 2012-06-03 05:28 - 01733632 ____A C:\Users\Brian\Downloads\FxVisor64.msi
2012-06-03 04:38 - 2012-06-03 04:38 - 00000000 ____D C:\Program Files (x86)\MagicISO
2012-06-03 04:36 - 2012-06-03 04:35 - 03067400 ____A C:\Users\Brian\Downloads\Setup_MagicISO.exe
2012-06-02 19:03 - 2012-06-02 19:03 - 00000000 ____D C:\Users\Brian\Downloads\The_Sims_3_Showtime-FLT
2012-06-02 18:04 - 2012-06-02 18:04 - 00000000 ____D C:\Users\Brian\Downloads\The Sims 3 Collection
2012-06-02 18:03 - 2012-06-02 18:03 - 00000000 ____D C:\Users\Brian\Downloads\The Sims 3 Outdoor Living Stuff
2012-06-02 14:19 - 2012-06-08 13:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 13:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 13:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 13:28 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 13:28 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 13:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 13:28 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-08 13:28 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-08 13:28 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 15:40 - 2012-05-30 15:11 - 00000000 ____D C:\Users\Brian\Documents\Calibre Library
2012-05-30 15:29 - 2012-05-30 15:27 - 00000000 ____D C:\Users\Brian\Documents\My Barnes & Noble eBooks
2012-05-30 15:27 - 2012-05-30 15:27 - 00001220 ____A C:\Users\Public\Desktop\NOOK for PC.lnk
2012-05-30 15:27 - 2012-05-30 15:27 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Barnes & Noble
2012-05-30 15:27 - 2012-05-30 15:27 - 00000000 ____D C:\Program Files (x86)\Barnes & Noble
2012-05-30 15:25 - 2012-05-30 15:25 - 17557408 ____A (Barnes & Noble, Inc.) C:\Users\Brian\Downloads\bndr2_setup_latest.exe
2012-05-30 15:16 - 2012-01-10 15:59 - 00000000 ____D C:\Users\Brian\Documents\My Kindle Content
2012-05-30 15:12 - 2012-05-30 15:11 - 00000000 ____D C:\Users\Brian\AppData\Roaming\calibre
2012-05-30 15:11 - 2012-05-30 15:11 - 00000972 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-05-30 15:11 - 2012-05-30 15:11 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-05-30 15:03 - 2012-05-30 15:03 - 47406512 ____A C:\Users\Brian\Downloads\calibre-0.8.53.msi
2012-05-30 14:50 - 2011-09-08 04:35 - 00000000 ____D C:\Users\Brian\Documents\Electronic Arts
2012-05-30 14:43 - 2011-09-08 04:13 - 00447752 ____A (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2012-05-30 14:04 - 2012-05-30 15:11 - 01561038 ____A C:\Users\Brian\Desktop\Protocol Analysis.pdf
2012-05-28 08:32 - 2012-05-28 08:29 - 09953989 ____A C:\Users\Brian\Downloads\showtime.rar
2012-05-28 08:07 - 2011-09-07 03:12 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-05-28 07:42 - 2011-09-07 03:11 - 00000000 ____D C:\Program Files (x86)\Origin
2012-05-26 11:01 - 2010-08-19 14:25 - 00000000 ____D C:\Users\Brian\.gimp-2.6
2012-05-26 10:58 - 2012-05-26 10:58 - 00002149 ____A C:\Users\Brian\.recently-used.xbel
2012-05-26 10:58 - 2011-09-27 16:12 - 00000000 ____D C:\Users\Brian\AppData\Roaming\gtk-2.0
2012-05-26 10:40 - 2012-05-26 10:39 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-25 18:44 - 2012-05-25 18:42 - 00000000 ____D C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651 (1)
2012-05-25 18:41 - 2012-05-25 18:41 - 05345919 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651.7z
2012-05-25 18:41 - 2012-05-25 18:41 - 05345919 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-651 (1).7z
2012-05-25 13:21 - 2011-09-14 07:29 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-14 00:01 - 2012-05-14 00:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 00:01 - 2012-05-14 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 00:34 - 2009-07-13 20:45 - 00434376 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 00:12 - 2011-09-09 05:01 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-13 00:12 - 2011-09-06 15:01 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-13 00:00 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-12 11:51 - 2011-10-13 10:01 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-12 11:51 - 2011-10-13 10:01 - 00000000 ____D C:\Program Files (x86)\Safari
2012-05-12 11:35 - 2012-04-21 16:32 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-12 08:24 - 2012-05-12 08:23 - 00000000 ____D C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634 (1)
2012-05-12 08:17 - 2012-05-12 08:17 - 05342136 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634 (1).7z
2012-05-12 08:14 - 2012-05-12 08:14 - 05342136 ____A C:\Users\Brian\Downloads\Dolphin-win-x64-v3.0-634.7z
2012-05-03 09:50 - 2011-09-08 15:38 - 00000000 ____D C:\Users\Brian\AppData\Local\CrashDumps
2012-04-30 07:23 - 2012-04-30 07:23 - 00360009 ____A C:\Users\Brian\Downloads\LorandiaSims3_Accessories_51.rar
2012-04-30 05:23 - 2012-04-30 05:23 - 03060860 ____A C:\Users\Brian\Downloads\wvf_corset_uk.rar
2012-04-30 05:21 - 2012-04-30 05:21 - 03163697 ____A C:\Users\Brian\Downloads\alltheskits.rar
2012-04-30 05:07 - 2012-04-30 05:07 - 01669971 ____A C:\Users\Brian\Downloads\NyGirl_Showtime Dress Edited.zip
2012-04-30 05:06 - 2012-04-30 05:06 - 02718392 ____A C:\Users\Brian\Downloads\NyGirl_Loungin_Around Outfit.zip
2012-04-30 05:05 - 2012-04-30 05:05 - 01229128 ____A C:\Users\Brian\Downloads\NyGirl_Ribbed Tank_AF.zip
2012-04-30 05:04 - 2012-04-30 05:04 - 01337776 ____A C:\Users\Brian\Downloads\NyGirl_Belted Rocker Dress.zip
2012-04-28 17:09 - 2012-04-28 17:09 - 00047444 ____A C:\Users\Brian\Downloads\MTS_velocitygrass_1278845_velocitygrass_unlocked_simport_rewards.zip
2012-04-26 08:03 - 2012-04-26 08:03 - 00319960 ____A C:\Users\Brian\Downloads\MTS_annyon_1244654_Dogmeat_Fallout3.rar
2012-04-26 08:03 - 2012-04-26 08:03 - 00198895 ____A C:\Users\Brian\Downloads\MTS_annyon_1245757_Dogmeat_Puppy.rar
2012-04-26 07:41 - 2012-04-26 07:41 - 00014768 ____A C:\Users\Brian\Downloads\MTS_XTS_1280179_AllSkills50LessTimeHiddenVisible_xts.rar
2012-04-26 07:40 - 2012-04-26 07:40 - 00013821 ____A C:\Users\Brian\Downloads\MTS_XTS_1279793_AllSkillsInstantHiddenVisible_xts.rar
2012-04-26 07:39 - 2012-04-26 07:39 - 00014800 ____A C:\Users\Brian\Downloads\MTS_XTS_1280181_AllSkills25LessTimeHiddenVisible_xts.rar
2012-04-25 18:17 - 2012-04-25 18:17 - 00271136 ____A C:\Users\Brian\Downloads\MTS_MarkyBoy_1268010_MarkyBoy_MacBookPro_v1-11.7z
2012-04-25 18:05 - 2012-04-25 18:05 - 00005702 ____A C:\Users\Brian\Downloads\MTS_dim4sim_1284433_dim4sim.ElectroDanceSphere.HigherLampChance.rar
2012-04-25 18:05 - 2012-04-25 18:05 - 00002691 ____A C:\Users\Brian\Downloads\MTS_dim4sim_1284440_dim4sim.Mausoleum.HigherLampChance.MoreEvents.rar
2012-04-24 18:50 - 2012-04-24 18:50 - 00000183 ____A C:\Users\Brian\Downloads\100079778001.sdx
2012-04-24 18:50 - 2012-02-01 13:56 - 00000000 ____A C:\Users\Brian\Downloads\SecureDownloadManager.log
2012-04-23 09:11 - 2012-04-23 09:10 - 03764224 ____A C:\Users\Brian\Downloads\Guerrero_frances_proj.doc
2012-04-22 15:46 - 2012-04-22 13:48 - 00000000 ____D C:\Users\Brian\Downloads\That 70's (2009) 5CD 320KB 2Lions-Team
2012-04-22 12:11 - 2012-04-22 12:09 - 01267162 ____A C:\Users\Brian\Downloads\Big Star - In the Street.mp3
2012-04-22 11:24 - 2012-04-22 10:40 - 00000000 ____D C:\Users\Brian\Downloads\White Zombie + Rob Zombie Discography (Kingdom-music by KloWn)
2012-04-21 17:21 - 2012-04-21 17:17 - 00000000 ____D C:\Users\Brian\Downloads\The Flamingo Trigger
2012-04-21 17:20 - 2012-03-26 09:50 - 00000000 ____D C:\Users\Brian\AppData\Local\VMware
2012-04-21 17:18 - 2012-04-21 17:17 - 00000000 ____D C:\Users\Brian\Downloads\Foxy_Shazam-Introducing-(Advance)-2008-FNT
2012-04-21 17:18 - 2012-04-21 17:16 - 00000000 ____D C:\Users\Brian\Downloads\Foxy Shazam - The Church of Rock and Roll (2012)
2012-04-21 17:18 - 2012-04-21 17:16 - 00000000 ____D C:\Users\Brian\Downloads\Foxy Shazam
2012-04-21 17:15 - 2012-04-21 17:15 - 00000000 ____D C:\Users\Brian\Downloads\Cage The Elephant
2012-04-21 16:35 - 2012-04-21 15:36 - 00000000 ____D C:\Users\Brian\Documents\Virtual Machines
2012-04-21 16:35 - 2012-03-26 09:50 - 00000000 ____D C:\Users\Brian\AppData\Roaming\VMware
2012-04-21 16:23 - 2012-04-21 16:23 - 00000000 ____D C:\Users\Public\TOSHIBA
2012-04-21 15:56 - 2012-04-21 15:56 - 00002144 ____A C:\Users\Public\Desktop\VMware Player.lnk
2012-04-21 15:55 - 2012-04-21 15:55 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-04-21 15:42 - 2012-04-21 15:42 - 00000000 ____D C:\Windows\System32\Macromed
2012-04-20 18:55 - 2012-04-20 18:55 - 00017174 ____A C:\Users\Brian\Documents\irl.xlsx
2012-04-19 19:45 - 2012-04-19 19:41 - 01534234 ____A C:\Users\Brian\Downloads\Shanna Crooks - Wakin Up To Love.mp3
2012-04-19 19:25 - 2012-04-19 19:18 - 00000000 ____D C:\Users\Brian\Downloads\Cheap.Trick-Authorized.Greatest.Hits
2012-04-19 13:11 - 2012-04-19 11:49 - 00000000 ____D C:\Users\Brian\Downloads\Cheap Trick
2012-04-18 17:56 - 2012-04-18 17:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 17:56 - 2012-04-18 17:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-18 11:59 - 2012-04-18 11:48 - 00001908 ____A C:\Windows\diagwrn.xml
2012-04-18 11:59 - 2012-04-18 11:48 - 00001908 ____A C:\Windows\diagerr.xml
2012-04-18 11:53 - 2012-04-18 11:53 - 00000029 ____A C:\Users\Brian\Documents\Windows 8 Licence Key.txt
2012-04-18 11:48 - 2012-04-18 11:48 - 00000000 ___HD C:\$WINDOWS.~BT
2012-04-18 11:48 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log
2012-04-17 14:06 - 2012-04-17 14:05 - 00841728 ____A C:\Users\Brian\Downloads\SDM_EN (2).msi
2012-04-17 14:05 - 2012-04-17 14:05 - 00000183 ____A C:\Users\Brian\Downloads\100078261517.sdx
2012-04-15 13:06 - 2012-02-10 17:24 - 00001656 ____A C:\Users\Brian\Documents\584109eb_eick74.sav
2012-04-12 20:10 - 2012-04-12 20:09 - 16610892 ____A C:\Users\Brian\Downloads\QRflct 1.4.apk
2012-04-12 19:34 - 2012-04-12 18:54 - 16969485 ____A C:\Users\Brian\Downloads\quell_1.41.apk
2012-04-12 06:09 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-04-12 06:07 - 2012-04-12 06:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-12 06:07 - 2012-04-12 06:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-11 12:42 - 2012-04-11 12:42 - 01169000 ____A C:\Users\Brian\Downloads\NFL_2012_Elite51Uniform_original.pdf
2012-04-11 12:42 - 2012-04-11 12:42 - 00039936 ____A C:\Users\Brian\Downloads\Nike_NFL_PR_Uniforms_Unveiled_05APR2012_original.doc
2012-04-08 04:59 - 2012-04-08 04:59 - 00856178 ____A C:\Users\Brian\Downloads\Object Oriented Modelling Presentation.pdf
2012-04-08 00:02 - 2012-04-06 15:08 - 00000039 ____A C:\Windows\vbaddin.ini
2012-04-06 15:15 - 2012-04-06 15:15 - 01786727 ____A C:\Users\Brian\Downloads\770-97-3a.pdf
2012-04-06 15:14 - 2012-04-06 15:13 - 00541672 ____A C:\Users\Brian\Downloads\274269 (1).pdf
2012-04-06 15:12 - 2012-04-06 15:12 - 00888021 ____A C:\Users\Brian\Downloads\274787.pdf
2012-04-06 15:12 - 2012-04-06 15:12 - 00541672 ____A C:\Users\Brian\Downloads\274269.pdf
2012-04-06 15:03 - 2012-04-06 15:02 - 00000000 ____D C:\Users\Brian\Downloads\Microsoft Visio 2010
2012-04-06 14:44 - 2012-04-06 14:44 - 00000000 ____D C:\Users\Brian\Downloads\Visio 2010 with Service Pack 1 (x86 and x64) - DVD (English)
2012-04-06 13:43 - 2012-04-06 13:43 - 00841728 ____A C:\Users\Brian\Downloads\SDM_EN (1).msi
2012-04-06 13:43 - 2012-04-06 13:43 - 00000183 ____A C:\Users\Brian\Downloads\100075944513.sdx
2012-04-06 06:53 - 2012-04-06 06:53 - 00082580 ____A C:\Users\Brian\Documents\SOFTWARE REQUIREMENTS SPECIFICATION.docx
2012-04-04 12:56 - 2012-06-06 18:02 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 14:41 - 2011-10-27 14:17 - 00000000 ____D C:\Users\Brian\AppData\Roaming\codeblocks
2012-04-03 12:58 - 2012-04-03 12:58 - 01508573 ____A C:\Users\Brian\Downloads\Visual_Voicemail (1).zip
2012-04-03 12:08 - 2011-12-22 10:50 - 00080357 ____A C:\Users\Brian\Documents\afmbe.xlsx
2012-04-02 19:00 - 2012-04-02 19:00 - 00011130 ____A C:\Users\Brian\Downloads\Dr Van Helsing Use Case.docx
2012-04-02 07:18 - 2012-04-02 07:12 - 00000000 ____D C:\Users\Brian\Downloads\GOOD CHARLOTTE - DISCOGRAPHY [CHANNEL NEO]
2012-04-02 07:07 - 2012-04-02 07:02 - 00000000 ____D C:\Users\Brian\Downloads\Blink 182
2012-03-31 11:07 - 2011-09-06 15:01 - 00000000 ____D C:\Users\Brian\AppData\Local\Microsoft Help
2012-03-31 10:44 - 2012-03-31 10:44 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-31 10:43 - 2012-03-31 10:42 - 00000000 ____D C:\Program Files\iTunes
2012-03-31 10:43 - 2011-11-20 15:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-03-31 10:42 - 2012-03-31 10:42 - 00000000 ____D C:\Program Files\iPod
2012-03-31 05:35 - 2012-03-31 05:29 - 131315268 ____A C:\Users\Brian\Downloads\DROID3-CM9-03-31-UNOFFICIAL.zip
2012-03-30 22:05 - 2012-05-12 13:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-12 13:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-12 13:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-12 13:08 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-12 13:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 18:55 - 2012-03-27 18:44 - 00000000 ____D C:\Users\Brian\Downloads\Danger Danger
2012-03-27 14:40 - 2012-03-27 14:40 - 04422394 ____A C:\Users\Brian\Documents\Athens State 2012 Summer Schedule.pdf
2012-03-27 12:53 - 2012-03-27 12:53 - 22138797 ____A (Organize Music, Inc. ) C:\Users\Brian\Downloads\organize_music_setup.exe
2012-03-27 09:08 - 2012-03-27 09:02 - 00000000 ____D C:\Users\Brian\Downloads\Trixter
2012-03-27 09:02 - 2012-03-27 09:01 - 00000000 ____D C:\Users\Brian\Downloads\1990 Passion And Warfare
2012-03-27 09:00 - 2012-03-27 08:57 - 00000000 ____D C:\Users\Brian\Downloads\Britny Fox - 3 Albums - 320kbps
2012-03-27 07:37 - 2012-03-27 07:37 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Unity
2012-03-27 07:35 - 2012-03-27 07:35 - 00595056 ____A (Unity Technologies ApS) C:\Users\Brian\Downloads\UnityWebPlayer.exe
2012-03-27 07:35 - 2012-03-27 07:35 - 00000000 ____D C:\Users\Brian\AppData\Local\Unity
2012-03-27 07:35 - 2011-09-05 14:07 - 00000000 ____D C:\Users\Brian\AppData\LocalLow
2012-03-26 14:32 - 2012-03-26 09:33 - 227772461 ____A C:\Users\Brian\Downloads\ICS-B4.zip
2012-03-26 11:34 - 2012-03-26 11:33 - 00000000 ____D C:\Users\Brian\Downloads\2002 Let Go
2012-03-26 09:48 - 2012-03-26 09:48 - 00001024 ____A C:\.rnd
2012-03-26 09:47 - 2012-03-26 09:47 - 00000000 ____D C:\Program Files (x86)\VMware
2012-03-26 09:39 - 2012-03-26 09:35 - 19333671 ____A C:\Users\Brian\Downloads\Pocket Girlfriend (1.1).apk
2012-03-26 09:33 - 2012-03-26 09:32 - 01775964 ____A C:\Users\Brian\Downloads\Plants vs. Zombies v1.2.0 HD Final Android.apk
2012-03-26 09:30 - 2012-03-26 09:30 - 00000000 ____D C:\Users\Brian\Downloads\Sexy Girls Wallpaper Changer for Android
2012-03-26 09:30 - 2012-03-26 09:30 - 00000000 ____D C:\Users\Brian\Downloads\Playboy Application For (ANDROID)
2012-03-26 08:30 - 2012-03-25 16:17 - 00000000 ____D C:\Users\Brian\Downloads\Avril Lavigne
2012-03-25 15:59 - 2012-03-25 15:59 - 00001176 ____A C:\Users\Public\Desktop\Duplicate File Detective 2.lnk
2012-03-25 15:59 - 2012-03-25 15:59 - 00000000 ___HD C:\Users\All Users\{069BCE30-6EC3-40CD-8DBA-EFECA88F79CC}
2012-03-25 15:59 - 2012-03-19 13:42 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Key Metric Software
2012-03-25 15:59 - 2012-03-18 10:45 - 00000000 ____D C:\Program Files (x86)\Key Metric Software
2012-03-24 12:13 - 2012-03-21 05:59 - 00000000 ____D C:\Users\Brian\Downloads\Droid 3 Startup
2012-03-22 12:21 - 2012-03-22 12:21 - 00000000 ____D C:\Users\Brian\Downloads\Bad Company
2012-03-22 12:17 - 2012-03-21 12:12 - 00000000 ____D C:\Users\Brian\Downloads\Five Finger Death Punch
2012-03-22 07:46 - 2012-03-22 07:46 - 00221882 ____A C:\Users\Brian\Downloads\stl.zip
2012-03-21 06:00 - 2012-03-21 06:00 - 01508573 ____A C:\Users\Brian\Downloads\Visual_Voicemail.zip
2012-03-21 05:54 - 2012-03-21 05:54 - 00443474 ____A C:\Users\Brian\Downloads\Winamp_Pro_1.0.0.30.apk
2012-03-20 19:23 - 2012-03-20 19:23 - 08554432 ____A C:\Users\Brian\Downloads\GB_S100.3HC.zip
2012-03-20 19:18 - 2012-03-20 19:18 - 00269211 ____A C:\Users\Brian\Downloads\Root Explorer-Appstap.net.rar
2012-03-20 19:15 - 2012-03-20 19:15 - 00592665 ____A C:\Users\Brian\Downloads\vvm.apk
2012-03-20 17:44 - 2012-03-20 17:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 17:44 - 2012-03-20 17:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 12:40 - 2012-03-20 12:40 - 00039936 ____A C:\Users\Brian\Downloads\VectorWorkOut Pgm.doc
2012-03-20 11:19 - 2012-03-20 08:12 - 00000000 ____D C:\Users\Brian\.android
2012-03-20 11:03 - 2011-09-05 14:20 - 00000000 ____D C:\Users\Brian\AppData\Local\Google
2012-03-20 09:01 - 2012-03-20 09:01 - 00000000 ____D C:\Users\Brian\Documents\PDB DRM Removal
2012-03-20 09:01 - 2012-03-20 09:01 - 00000000 ____D C:\Users\Brian\AppData\Roaming\eBookConverter
2012-03-20 09:01 - 2012-03-20 09:01 - 00000000 ____D C:\Program Files (x86)\eBookConverter
2012-03-20 08:58 - 2009-09-24 09:01 - 00000000 ____D C:\Users\Brian\Documents\My eBooks
2012-03-20 08:57 - 2012-03-20 08:57 - 08505253 ____A C:\Users\Brian\Downloads\pdbdrm.zip
2012-03-20 08:34 - 2012-03-20 08:33 - 07990275 ____A C:\Users\Brian\Downloads\eReader Win Pro 3.0.3 (1).zip
2012-03-20 08:08 - 2012-03-20 08:08 - 00000000 ____D C:\Program Files (x86)\Android
2012-03-20 08:08 - 2012-03-20 08:07 - 00000000 ____D C:\Program Files\Oracle
2012-03-20 08:05 - 2012-03-20 08:05 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-20 08:05 - 2012-03-20 08:05 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-20 08:05 - 2012-03-20 08:03 - 00000000 ____D C:\Program Files\Java
2012-03-20 08:00 - 2012-03-20 07:55 - 91662296 ____A (Oracle Corporation) C:\Users\Brian\Downloads\jdk-7u3-windows-x64.exe
2012-03-20 06:13 - 2012-03-20 06:11 - 29561554 ____A (Google Inc.) C:\Users\Brian\Downloads\installer_r16-windows (1).exe
2012-03-19 11:34 - 2009-10-26 16:32 - 00019120 ____A C:\Users\Brian\Documents\cover letter.docx
2012-03-18 16:27 - 2012-03-18 15:52 - 00000000 ____D C:\Users\Brian\Downloads\Quiet Riot [Discography]
2012-03-18 16:08 - 2012-03-18 15:50 - 00000000 ____D C:\Users\Brian\Downloads\Kik Tracee
2012-03-18 15:59 - 2012-03-18 15:50 - 00000000 ____D C:\Users\Brian\Downloads\Ratt [Discography]
2012-03-18 15:43 - 2012-03-18 15:42 - 00000000 ____D C:\Users\Brian\Downloads\Enya - The Very Best of Enya [mp3-vbr-2009]
2012-03-18 10:45 - 2012-03-18 10:45 - 00001137 ____A C:\Users\Public\Desktop\FolderSizes 4.lnk
2012-03-18 10:45 - 2012-03-18 10:45 - 00000000 __HDC C:\Users\All Users\{C7BD2D7C-2F1C-4583-8CF0-FC304745CBCE}
2012-03-18 10:38 - 2012-03-18 10:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motoandroid_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2012-03-18 10:37 - 2012-03-18 10:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2012-03-18 10:36 - 2012-03-18 10:36 - 00000000 ____D C:\Program Files\Motorola Inc
2012-03-18 10:36 - 2012-03-18 10:36 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-03-18 10:34 - 2012-03-18 10:34 - 02443264 ____A C:\Users\Brian\Downloads\Motorola_End_User_Driver_Installation_5.2.0_64bit.msi
2012-03-18 10:33 - 2012-03-15 06:33 - 00000000 ____D C:\Users\Brian\Downloads\Android Ice Cream Sandwich
2012-03-18 10:32 - 2012-03-18 10:31 - 01747541 ____A C:\Users\Brian\Downloads\PetesMotorolaRootTools_v1.07.zip
2012-03-18 08:28 - 2012-03-18 07:59 - 00000000 ____D C:\Users\Brian\Downloads\Slaughter - Complete Discography
2012-03-18 08:07 - 2012-03-18 07:57 - 00000000 ____D C:\Users\Brian\Downloads\Winger [Discography]
2012-03-18 07:59 - 2012-03-18 07:57 - 00000000 ____D C:\Users\Brian\Downloads\Save Ferris-Album Discography
2012-03-18 07:58 - 2012-03-18 07:42 - 00000000 ____D C:\Users\Brian\Downloads\Skid Row - Discography
2012-03-18 07:33 - 2011-12-15 16:18 - 00016323 ____A C:\Users\Brian\Documents\AFMBE.docx
2012-03-17 19:31 - 2012-03-17 19:31 - 04107517 ____A C:\Users\Brian\Downloads\Droid3Safestrap-1.0.apk
2012-03-17 08:08 - 2012-03-17 07:54 - 00208468 ____A C:\Windows\hpoins41.dat
2012-03-17 08:08 - 2011-10-08 20:05 - 00002119 ____A C:\Users\All Users\hpzinstall.log
2012-03-17 07:58 - 2011-10-08 20:05 - 00000000 ____D C:\Users\All Users\HP
2012-03-17 07:54 - 2012-03-17 07:54 - 00000000 ____D C:\Program Files\HP
2012-03-17 07:50 - 2012-03-17 07:48 - 174044000 ____A C:\Users\Brian\Downloads\PS_AIO_06_C309g-m_USW_Full_Win_enu_140_175.exe
2012-03-17 04:42 - 2012-03-16 19:18 - 00000000 ____D C:\Users\Brian\Downloads\Nintendo DS Emulator
2012-03-16 23:58 - 2012-05-12 13:08 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 19:30 - 2012-03-16 19:26 - 78659092 ____A C:\Users\Brian\Downloads\4726 - WWE SmackDown vs Raw 2010 featuring ECW (U)(M3).rar
2012-03-16 19:18 - 2012-03-16 19:17 - 02196552 ____A C:\Users\Brian\Downloads\desmume-0.9.7-win32.zip

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-04-14 19:17] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-04-14 19:17] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-04-14 19:17] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8095.43 MB
Available physical RAM: 7318.97 MB
Total Pagefile: 8093.63 MB
Available Pagefile: 7309.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (TI106163W0C ) (Fixed) (Total:450.51 GB) (Free:131.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (16G) (Removable) (Total:14.92 GB) (Free:14.3 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 450 GB 1501 MB
Partition 3 Primary 13 GB 451 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106163W0C NTFS Partition 450 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1112 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F 16G FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 17:38

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 10 June 2012 - 10:44 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 eick

eick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 June 2012 - 04:22 PM

Did not notice any problems with combo fix running but upon restart, Win32/Sirefef.AB and Win64/Sirefef.P are still detected.


ComboFix Log:

ComboFix 12-06-09.02 - Brian 06/10/2012 14:59:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8095.5728 [GMT -5:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\{54C42AE7-0C90-4A44-9341-1AF8AEE21481}.xps
c:\users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D49005BE-8A68-49B3-8C2C-33D4CB598807}.xps
c:\users\Brian\Documents\~WRL0003.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-09 18:26 . 2012-06-10 15:56 -------- d-----w- C:\FRST
2012-06-09 15:16 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BEF5EC2-0F78-46F3-B1C0-2390337EE2B4}\mpengine.dll
2012-06-09 14:23 . 2012-06-09 14:23 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDF62F4C-97BB-4A61-AC9F-81900307E527}\gapaengine.dll
2012-06-09 14:21 . 2012-06-09 14:21 388096 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-09 14:21 . 2012-06-09 14:21 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-09 14:15 . 2012-06-09 14:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-09 14:15 . 2012-06-09 14:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-08 21:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 21:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 21:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 21:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 21:28 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-08 21:28 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 21:28 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 21:28 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 21:28 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-07 10:40 . 2012-06-07 20:18 -------- d-----w- c:\users\Brian\Doctor Web
2012-06-07 10:14 . 2012-06-07 10:14 -------- d-----w- c:\programdata\VS
2012-06-07 03:48 . 2012-06-07 03:48 -------- d-----w- c:\program files (x86)\Microsoft
2012-06-07 03:41 . 2011-09-23 02:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-07 03:41 . 2011-09-22 22:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-06-07 03:41 . 2011-09-23 02:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-06-07 03:38 . 2012-06-07 03:38 -------- d-----w- c:\program files\Microsoft.NET
2012-06-07 02:02 . 2012-06-07 02:02 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2012-06-07 02:02 . 2012-06-07 02:02 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 02:02 . 2012-06-07 02:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-07 02:02 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 01:29 . 2012-06-06 01:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-03 13:47 . 2012-06-03 13:47 -------- d-----w- c:\users\Brian\AppData\Local\Frameworkx.com
2012-06-03 13:36 . 2012-06-07 10:11 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-06-03 13:34 . 2012-06-03 13:34 -------- d-----w- c:\program files\Frameworkx
2012-06-03 13:33 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-06-03 13:33 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-06-03 13:33 . 2012-06-03 13:34 -------- d-----w- c:\program files (x86)\MagicDisc
2012-06-03 12:38 . 2012-06-03 12:38 -------- d-----w- c:\program files (x86)\MagicISO
2012-05-30 23:27 . 2012-05-30 23:27 -------- d-----w- c:\users\Brian\AppData\Roaming\Barnes & Noble
2012-05-30 23:27 . 2012-05-30 23:27 -------- d-----w- c:\program files (x86)\Barnes & Noble
2012-05-30 23:11 . 2012-05-30 23:12 -------- d-----w- c:\users\Brian\AppData\Roaming\calibre
2012-05-30 23:11 . 2012-05-30 23:11 -------- d-----w- c:\program files (x86)\Calibre2
2012-05-26 18:40 . 2012-05-26 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-26 18:40 . 2012-05-26 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-26 18:40 . 2012-05-26 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-26 18:40 . 2012-05-26 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-26 18:40 . 2012-05-26 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-26 18:40 . 2012-05-26 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-26 18:40 . 2012-05-26 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-26 18:39 . 2012-05-26 18:40 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-14 08:01 . 2012-05-14 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-14 08:01 . 2012-05-14 08:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-12 21:08 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 21:08 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 21:08 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 21:08 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 21:08 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 21:08 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 21:08 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 21:07 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 21:07 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 21:07 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 21:07 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 21:07 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 21:07 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 16:25 . 2011-10-30 02:48 2379904 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-06 01:16 . 2012-04-21 23:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 01:16 . 2011-10-30 21:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 22:43 . 2011-09-08 12:13 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2012-05-12 19:35 . 2012-04-22 00:32 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-13 39408]
"MusicManager"="c:\users\Brian\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-14 13806080]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-25 880496]
"chromium"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-05-23 1240088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2011-01-17 2475384]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ThrustTSR"="c:\program files (x86)\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2003-04-10 217088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-6-3 576000]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 01:16]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:11]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:11]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1785430191-539180829-411235372-1000Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 18:05]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1785430191-539180829-411235372-1000UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 18:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-01-21 328048]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\44hr1ian.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1785430191-539180829-411235372-1000\Software\SecuROM\License information*]
"datasecu"=hex:25,79,7e,ac,bf,47,97,5c,65,86,bd,c3,ed,1c,a8,20,6b,2a,57,cb,79,
db,c2,ff,d9,92,65,58,ea,ce,ed,85,5c,2d,7e,19,70,73,68,ab,9c,59,ab,0d,72,23,\
"rkeysecu"=hex:8b,eb,be,20,58,c3,ba,de,46,c6,90,07,14,c4,9b,10
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-06-10 15:37:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 20:37
.
Pre-Run: 140,709,625,856 bytes free
Post-Run: 144,361,766,912 bytes free
.
- - End Of File - - 1C05E13144A9BF935E5FB85D43364A4B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 10 June 2012 - 04:31 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
Services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 eick

eick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 June 2012 - 08:41 PM

Here is the SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 20:31 on 10/06/2012 by Brian
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "Services.exe"
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 10 June 2012 - 09:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 eick

eick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 10 June 2012 - 11:05 PM

Logs from TDSSKiller and aswMBR:

TDSSKiller:

22:00:20.0153 5408 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:00:20.0200 5408 ============================================================
22:00:20.0200 5408 Current date / time: 2012/06/10 22:00:20.0200
22:00:20.0200 5408 SystemInfo:
22:00:20.0200 5408
22:00:20.0200 5408 OS Version: 6.1.7601 ServicePack: 1.0
22:00:20.0200 5408 Product type: Workstation
22:00:20.0200 5408 ComputerName: BRIAN-PC
22:00:20.0200 5408 UserName: Brian
22:00:20.0200 5408 Windows directory: C:\windows
22:00:20.0200 5408 System windows directory: C:\windows
22:00:20.0200 5408 Running under WOW64
22:00:20.0200 5408 Processor architecture: Intel x64
22:00:20.0200 5408 Number of processors: 4
22:00:20.0200 5408 Page size: 0x1000
22:00:20.0200 5408 Boot type: Normal boot
22:00:20.0200 5408 ============================================================
22:00:20.0793 5408 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:20.0809 5408 Drive \Device\Harddisk1\DR2 - Size: 0x3BC000000 (14.94 Gb), SectorSize: 0x200, Cylinders: 0x79D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:00:20.0809 5408 ============================================================
22:00:20.0809 5408 \Device\Harddisk0\DR0:
22:00:20.0809 5408 MBR partitions:
22:00:20.0809 5408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38505000
22:00:20.0809 5408 \Device\Harddisk1\DR2:
22:00:20.0809 5408 MBR partitions:
22:00:20.0809 5408 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x8B0, BlocksNum 0x1DDF750
22:00:20.0809 5408 ============================================================
22:00:20.0855 5408 C: <-> \Device\Harddisk0\DR0\Partition0
22:00:20.0855 5408 ============================================================
22:00:20.0855 5408 Initialize success
22:00:20.0855 5408 ============================================================
22:00:24.0272 6916 ============================================================
22:00:24.0272 6916 Scan started
22:00:24.0272 6916 Mode: Manual;
22:00:24.0272 6916 ============================================================
22:00:25.0052 6916 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:00:25.0052 6916 1394ohci - ok
22:00:25.0130 6916 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:00:25.0145 6916 ACPI - ok
22:00:25.0192 6916 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:00:25.0192 6916 AcpiPmi - ok
22:00:25.0395 6916 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:00:25.0395 6916 AdobeARMservice - ok
22:00:25.0551 6916 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:00:25.0551 6916 AdobeFlashPlayerUpdateSvc - ok
22:00:25.0629 6916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:00:25.0645 6916 adp94xx - ok
22:00:25.0723 6916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:00:25.0723 6916 adpahci - ok
22:00:25.0738 6916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:00:25.0754 6916 adpu320 - ok
22:00:25.0785 6916 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:00:25.0785 6916 AeLookupSvc - ok
22:00:25.0879 6916 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:00:25.0894 6916 AFD - ok
22:00:25.0925 6916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:00:25.0925 6916 agp440 - ok
22:00:25.0972 6916 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:00:25.0972 6916 ALG - ok
22:00:26.0003 6916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:00:26.0003 6916 aliide - ok
22:00:26.0019 6916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:00:26.0019 6916 amdide - ok
22:00:26.0035 6916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:00:26.0035 6916 AmdK8 - ok
22:00:26.0050 6916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
22:00:26.0050 6916 AmdPPM - ok
22:00:26.0097 6916 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:00:26.0097 6916 amdsata - ok
22:00:26.0144 6916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:00:26.0159 6916 amdsbs - ok
22:00:26.0191 6916 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:00:26.0191 6916 amdxata - ok
22:00:26.0253 6916 ApfiltrService (8397fa2aba73e696f574655a24b49d91) C:\windows\system32\DRIVERS\Apfiltr.sys
22:00:26.0269 6916 ApfiltrService - ok
22:00:26.0315 6916 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:00:26.0315 6916 AppID - ok
22:00:26.0347 6916 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:00:26.0347 6916 AppIDSvc - ok
22:00:26.0393 6916 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:00:26.0393 6916 Appinfo - ok
22:00:26.0518 6916 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:00:26.0518 6916 Apple Mobile Device - ok
22:00:26.0627 6916 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:00:26.0627 6916 arc - ok
22:00:26.0783 6916 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:00:26.0783 6916 arcsas - ok
22:00:26.0971 6916 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:00:26.0971 6916 aspnet_state - ok
22:00:27.0017 6916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:00:27.0017 6916 AsyncMac - ok
22:00:27.0064 6916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:00:27.0064 6916 atapi - ok
22:00:27.0158 6916 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:00:27.0173 6916 AudioEndpointBuilder - ok
22:00:27.0173 6916 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:00:27.0189 6916 AudioSrv - ok
22:00:27.0236 6916 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:00:27.0236 6916 AxInstSV - ok
22:00:27.0314 6916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:00:27.0329 6916 b06bdrv - ok
22:00:27.0376 6916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:00:27.0376 6916 b57nd60a - ok
22:00:27.0423 6916 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:00:27.0439 6916 BDESVC - ok
22:00:27.0454 6916 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:00:27.0454 6916 Beep - ok
22:00:27.0563 6916 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:00:27.0579 6916 BFE - ok
22:00:27.0657 6916 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
22:00:27.0673 6916 BingDesktopUpdate - ok
22:00:27.0751 6916 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
22:00:27.0766 6916 BITS - ok
22:00:27.0844 6916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:00:27.0860 6916 blbdrive - ok
22:00:27.0969 6916 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:00:27.0985 6916 Bonjour Service - ok
22:00:28.0047 6916 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:00:28.0047 6916 bowser - ok
22:00:28.0094 6916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:00:28.0094 6916 BrFiltLo - ok
22:00:28.0094 6916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:00:28.0094 6916 BrFiltUp - ok
22:00:28.0156 6916 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
22:00:28.0156 6916 BridgeMP - ok
22:00:28.0219 6916 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:00:28.0219 6916 Browser - ok
22:00:28.0250 6916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:00:28.0265 6916 Brserid - ok
22:00:28.0297 6916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:00:28.0297 6916 BrSerWdm - ok
22:00:28.0328 6916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:00:28.0328 6916 BrUsbMdm - ok
22:00:28.0359 6916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:00:28.0359 6916 BrUsbSer - ok
22:00:28.0437 6916 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\windows\system32\DRIVERS\motfilt.sys
22:00:28.0437 6916 BTCFilterService - ok
22:00:28.0468 6916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:00:28.0468 6916 BTHMODEM - ok
22:00:28.0531 6916 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:00:28.0531 6916 bthserv - ok
22:00:28.0593 6916 catchme - ok
22:00:28.0624 6916 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:00:28.0624 6916 cdfs - ok
22:00:28.0687 6916 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:00:28.0687 6916 cdrom - ok
22:00:28.0718 6916 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:00:28.0733 6916 CertPropSvc - ok
22:00:28.0765 6916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:00:28.0780 6916 circlass - ok
22:00:28.0843 6916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:00:28.0858 6916 CLFS - ok
22:00:28.0921 6916 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:00:28.0936 6916 clr_optimization_v2.0.50727_32 - ok
22:00:28.0952 6916 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:00:28.0952 6916 clr_optimization_v2.0.50727_64 - ok
22:00:29.0077 6916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:00:29.0077 6916 clr_optimization_v4.0.30319_32 - ok
22:00:29.0186 6916 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:00:29.0186 6916 clr_optimization_v4.0.30319_64 - ok
22:00:29.0233 6916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:00:29.0233 6916 CmBatt - ok
22:00:29.0248 6916 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:00:29.0248 6916 cmdide - ok
22:00:29.0342 6916 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
22:00:29.0357 6916 CNG - ok
22:00:29.0389 6916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
22:00:29.0389 6916 Compbatt - ok
22:00:29.0420 6916 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
22:00:29.0420 6916 CompositeBus - ok
22:00:29.0435 6916 COMSysApp - ok
22:00:29.0482 6916 cpuz135 (ccb09eb78e047c931708149992c2e435) C:\windows\system32\drivers\cpuz135_x64.sys
22:00:29.0482 6916 cpuz135 - ok
22:00:29.0513 6916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:00:29.0513 6916 crcdisk - ok
22:00:29.0591 6916 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
22:00:29.0607 6916 CryptSvc - ok
22:00:29.0654 6916 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys
22:00:29.0654 6916 dc3d - ok
22:00:29.0732 6916 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:00:29.0732 6916 DcomLaunch - ok
22:00:29.0779 6916 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:00:29.0794 6916 defragsvc - ok
22:00:29.0825 6916 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:00:29.0825 6916 DfsC - ok
22:00:29.0903 6916 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:00:29.0903 6916 Dhcp - ok
22:00:29.0935 6916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:00:29.0935 6916 discache - ok
22:00:29.0966 6916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:00:29.0981 6916 Disk - ok
22:00:30.0044 6916 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:00:30.0044 6916 Dnscache - ok
22:00:30.0091 6916 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:00:30.0106 6916 dot3svc - ok
22:00:30.0137 6916 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:00:30.0137 6916 DPS - ok
22:00:30.0200 6916 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:00:30.0200 6916 drmkaud - ok
22:00:30.0278 6916 dtpd - ok
22:00:30.0371 6916 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:00:30.0403 6916 DXGKrnl - ok
22:00:30.0481 6916 e1cexpress (03f4c5c12fc1c69f838da723475ef650) C:\windows\system32\DRIVERS\e1c62x64.sys
22:00:30.0481 6916 e1cexpress - ok
22:00:30.0543 6916 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:00:30.0543 6916 EapHost - ok
22:00:30.0777 6916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:00:30.0824 6916 ebdrv - ok
22:00:30.0933 6916 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:00:30.0949 6916 EFS - ok
22:00:31.0027 6916 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:00:31.0042 6916 ehRecvr - ok
22:00:31.0073 6916 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:00:31.0073 6916 ehSched - ok
22:00:31.0183 6916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:00:31.0198 6916 elxstor - ok
22:00:31.0198 6916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:00:31.0198 6916 ErrDev - ok
22:00:31.0276 6916 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:00:31.0276 6916 EventSystem - ok
22:00:31.0463 6916 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:00:31.0495 6916 EvtEng - ok
22:00:31.0666 6916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:00:31.0666 6916 exfat - ok
22:00:31.0697 6916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:00:31.0697 6916 fastfat - ok
22:00:31.0775 6916 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:00:31.0791 6916 Fax - ok
22:00:31.0822 6916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:00:31.0822 6916 fdc - ok
22:00:31.0869 6916 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:00:31.0869 6916 fdPHost - ok
22:00:31.0885 6916 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:00:31.0885 6916 FDResPub - ok
22:00:31.0916 6916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:00:31.0916 6916 FileInfo - ok
22:00:31.0947 6916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:00:31.0947 6916 Filetrace - ok
22:00:31.0963 6916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:00:31.0978 6916 flpydisk - ok
22:00:32.0009 6916 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:00:32.0025 6916 FltMgr - ok
22:00:32.0119 6916 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:00:32.0134 6916 FontCache - ok
22:00:32.0212 6916 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:00:32.0212 6916 FontCache3.0.0.0 - ok
22:00:32.0275 6916 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:00:32.0275 6916 FsDepends - ok
22:00:32.0321 6916 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:00:32.0321 6916 Fs_Rec - ok
22:00:32.0368 6916 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:00:32.0384 6916 fvevol - ok
22:00:32.0399 6916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:00:32.0399 6916 gagp30kx - ok
22:00:32.0493 6916 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:00:32.0509 6916 GamesAppService - ok
22:00:32.0555 6916 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:00:32.0555 6916 GEARAspiWDM - ok
22:00:32.0618 6916 goxnrqco (37de5c89d49d8842c29504a7377c8bdc) C:\windows\system32\drivers\goxnrqco.sys
22:00:32.0633 6916 goxnrqco - ok
22:00:32.0711 6916 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:00:32.0727 6916 gpsvc - ok
22:00:32.0805 6916 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:00:32.0805 6916 gupdate - ok
22:00:32.0821 6916 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:00:32.0821 6916 gupdatem - ok
22:00:32.0883 6916 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:00:32.0883 6916 gusvc - ok
22:00:32.0992 6916 hcmon (adb4348da1345877b04e22203afc8993) C:\windows\system32\drivers\hcmon.sys
22:00:32.0992 6916 hcmon - ok
22:00:33.0023 6916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:00:33.0023 6916 hcw85cir - ok
22:00:33.0070 6916 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:00:33.0086 6916 HdAudAddService - ok
22:00:33.0133 6916 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:00:33.0133 6916 HDAudBus - ok
22:00:33.0164 6916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:00:33.0179 6916 HidBatt - ok
22:00:33.0179 6916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:00:33.0195 6916 HidBth - ok
22:00:33.0211 6916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:00:33.0211 6916 HidIr - ok
22:00:33.0242 6916 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
22:00:33.0242 6916 hidserv - ok
22:00:33.0273 6916 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:00:33.0273 6916 HidUsb - ok
22:00:33.0335 6916 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:00:33.0335 6916 hkmsvc - ok
22:00:33.0367 6916 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:00:33.0382 6916 HomeGroupListener - ok
22:00:33.0413 6916 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:00:33.0429 6916 HomeGroupProvider - ok
22:00:33.0569 6916 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:00:33.0569 6916 hpqcxs08 - ok
22:00:33.0601 6916 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:00:33.0601 6916 hpqddsvc - ok
22:00:33.0647 6916 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:00:33.0647 6916 HpSAMD - ok
22:00:33.0757 6916 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:00:33.0772 6916 HPSLPSVC - ok
22:00:33.0866 6916 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:00:33.0881 6916 HTTP - ok
22:00:33.0897 6916 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:00:33.0897 6916 hwpolicy - ok
22:00:33.0975 6916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:00:33.0975 6916 i8042prt - ok
22:00:34.0053 6916 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
22:00:34.0053 6916 iaStor - ok
22:00:34.0131 6916 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:00:34.0131 6916 iaStorV - ok
22:00:34.0271 6916 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:00:34.0287 6916 idsvc - ok
22:00:35.0067 6916 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys
22:00:35.0301 6916 igfx - ok
22:00:35.0426 6916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:00:35.0426 6916 iirsp - ok
22:00:35.0519 6916 iked - ok
22:00:35.0613 6916 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:00:35.0629 6916 IKEEXT - ok
22:00:35.0847 6916 IntcAzAudAddService (51e8db3618d106a2b2849a00839cc452) C:\windows\system32\drivers\RTKVHD64.sys
22:00:35.0878 6916 IntcAzAudAddService - ok
22:00:36.0034 6916 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
22:00:36.0034 6916 IntcDAud - ok
22:00:36.0081 6916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:00:36.0081 6916 intelide - ok
22:00:36.0128 6916 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:00:36.0128 6916 intelppm - ok
22:00:36.0190 6916 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:00:36.0190 6916 IPBusEnum - ok
22:00:36.0221 6916 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:00:36.0221 6916 IpFilterDriver - ok
22:00:36.0299 6916 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
22:00:36.0315 6916 iphlpsvc - ok
22:00:36.0346 6916 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:00:36.0346 6916 IPMIDRV - ok
22:00:36.0362 6916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:00:36.0362 6916 IPNAT - ok
22:00:36.0518 6916 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:00:36.0533 6916 iPod Service - ok
22:00:36.0580 6916 ipsecd - ok
22:00:36.0611 6916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:00:36.0611 6916 IRENUM - ok
22:00:36.0658 6916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:00:36.0658 6916 isapnp - ok
22:00:36.0705 6916 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:00:36.0705 6916 iScsiPrt - ok
22:00:36.0736 6916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:00:36.0736 6916 kbdclass - ok
22:00:36.0767 6916 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
22:00:36.0767 6916 kbdhid - ok
22:00:36.0799 6916 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:00:36.0799 6916 KeyIso - ok
22:00:36.0814 6916 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
22:00:36.0830 6916 KSecDD - ok
22:00:36.0861 6916 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
22:00:36.0861 6916 KSecPkg - ok
22:00:36.0892 6916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:00:36.0892 6916 ksthunk - ok
22:00:36.0970 6916 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:00:36.0970 6916 KtmRm - ok
22:00:37.0001 6916 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
22:00:37.0017 6916 LanmanServer - ok
22:00:37.0048 6916 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:00:37.0048 6916 LanmanWorkstation - ok
22:00:37.0095 6916 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:00:37.0095 6916 lltdio - ok
22:00:37.0142 6916 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:00:37.0157 6916 lltdsvc - ok
22:00:37.0189 6916 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:00:37.0189 6916 lmhosts - ok
22:00:37.0282 6916 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:00:37.0298 6916 LMS - ok
22:00:37.0329 6916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:00:37.0329 6916 LSI_FC - ok
22:00:37.0345 6916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:00:37.0345 6916 LSI_SAS - ok
22:00:37.0360 6916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:00:37.0360 6916 LSI_SAS2 - ok
22:00:37.0360 6916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:00:37.0376 6916 LSI_SCSI - ok
22:00:37.0407 6916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:00:37.0407 6916 luafv - ok
22:00:37.0423 6916 lxdw_device - ok
22:00:37.0485 6916 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
22:00:37.0485 6916 MBAMProtector - ok
22:00:37.0610 6916 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:00:37.0625 6916 MBAMService - ok
22:00:37.0688 6916 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
22:00:37.0703 6916 mcdbus - ok
22:00:37.0735 6916 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:00:37.0735 6916 Mcx2Svc - ok
22:00:37.0750 6916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:00:37.0766 6916 megasas - ok
22:00:37.0797 6916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:00:37.0797 6916 MegaSR - ok
22:00:37.0844 6916 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
22:00:37.0844 6916 MEIx64 - ok
22:00:37.0875 6916 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:00:37.0891 6916 MMCSS - ok
22:00:37.0906 6916 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:00:37.0922 6916 Modem - ok
22:00:37.0969 6916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:00:37.0969 6916 monitor - ok
22:00:38.0031 6916 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\windows\system32\Drivers\motoandroid.sys
22:00:38.0031 6916 motandroidusb - ok
22:00:38.0093 6916 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\windows\system32\DRIVERS\motccgp.sys
22:00:38.0093 6916 motccgp - ok
22:00:38.0125 6916 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\windows\system32\DRIVERS\motccgpfl.sys
22:00:38.0125 6916 motccgpfl - ok
22:00:38.0187 6916 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\windows\system32\DRIVERS\motmodem.sys
22:00:38.0187 6916 motmodem - ok
22:00:38.0234 6916 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\windows\system32\DRIVERS\motswch.sys
22:00:38.0234 6916 MotoSwitchService - ok
22:00:38.0249 6916 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\windows\system32\DRIVERS\Motousbnet.sys
22:00:38.0265 6916 Motousbnet - ok
22:00:38.0296 6916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:00:38.0312 6916 mouclass - ok
22:00:38.0359 6916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:00:38.0359 6916 mouhid - ok
22:00:38.0390 6916 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:00:38.0390 6916 mountmgr - ok
22:00:38.0468 6916 MouseWithoutBordersSvc (a78c362449b2d00f89af06993fb94a26) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe
22:00:38.0468 6916 MouseWithoutBordersSvc - ok
22:00:38.0546 6916 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
22:00:38.0546 6916 MpFilter - ok
22:00:38.0577 6916 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:00:38.0577 6916 mpio - ok
22:00:38.0608 6916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:00:38.0608 6916 mpsdrv - ok
22:00:38.0717 6916 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
22:00:38.0733 6916 MpsSvc - ok
22:00:38.0764 6916 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:00:38.0780 6916 MRxDAV - ok
22:00:38.0842 6916 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:00:38.0842 6916 mrxsmb - ok
22:00:38.0873 6916 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:00:38.0889 6916 mrxsmb10 - ok
22:00:38.0920 6916 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:00:38.0920 6916 mrxsmb20 - ok
22:00:38.0951 6916 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
22:00:38.0951 6916 msahci - ok
22:00:38.0983 6916 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:00:38.0983 6916 msdsm - ok
22:00:39.0029 6916 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:00:39.0045 6916 MSDTC - ok
22:00:39.0076 6916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:00:39.0076 6916 Msfs - ok
22:00:39.0092 6916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:00:39.0107 6916 mshidkmdf - ok
22:00:39.0123 6916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:00:39.0123 6916 msisadrv - ok
22:00:39.0154 6916 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:00:39.0170 6916 MSiSCSI - ok
22:00:39.0170 6916 msiserver - ok
22:00:39.0217 6916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:00:39.0217 6916 MSKSSRV - ok
22:00:39.0326 6916 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:00:39.0326 6916 MsMpSvc - ok
22:00:39.0357 6916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:00:39.0357 6916 MSPCLOCK - ok
22:00:39.0357 6916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:00:39.0357 6916 MSPQM - ok
22:00:39.0404 6916 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:00:39.0419 6916 MsRPC - ok
22:00:39.0435 6916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:00:39.0435 6916 mssmbios - ok
22:00:39.0560 6916 MSSQL$SQLEXPRESS - ok
22:00:39.0669 6916 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:00:39.0669 6916 MSSQLServerADHelper100 - ok
22:00:39.0716 6916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:00:39.0716 6916 MSTEE - ok
22:00:39.0716 6916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:00:39.0716 6916 MTConfig - ok
22:00:39.0731 6916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:00:39.0747 6916 Mup - ok
22:00:39.0841 6916 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:00:39.0841 6916 MyWiFiDHCPDNS - ok
22:00:39.0919 6916 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:00:39.0934 6916 napagent - ok
22:00:39.0997 6916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:00:39.0997 6916 NativeWifiP - ok
22:00:40.0090 6916 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
22:00:40.0106 6916 NDIS - ok
22:00:40.0137 6916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:00:40.0137 6916 NdisCap - ok
22:00:40.0184 6916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:00:40.0184 6916 NdisTapi - ok
22:00:40.0199 6916 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:00:40.0215 6916 Ndisuio - ok
22:00:40.0231 6916 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:00:40.0231 6916 NdisWan - ok
22:00:40.0262 6916 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:00:40.0262 6916 NDProxy - ok
22:00:40.0340 6916 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
22:00:40.0340 6916 Net Driver HPZ12 - ok
22:00:40.0387 6916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:00:40.0387 6916 NetBIOS - ok
22:00:40.0418 6916 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:00:40.0433 6916 NetBT - ok
22:00:40.0480 6916 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:00:40.0480 6916 Netlogon - ok
22:00:40.0543 6916 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:00:40.0558 6916 Netman - ok
22:00:40.0667 6916 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:40.0667 6916 NetMsmqActivator - ok
22:00:40.0683 6916 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:40.0683 6916 NetPipeActivator - ok
22:00:40.0745 6916 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:00:40.0745 6916 netprofm - ok
22:00:40.0761 6916 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:40.0761 6916 NetTcpActivator - ok
22:00:40.0761 6916 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:40.0777 6916 NetTcpPortSharing - ok
22:00:41.0354 6916 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\windows\system32\DRIVERS\NETwNs64.sys
22:00:41.0557 6916 NETwNs64 - ok
22:00:41.0697 6916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:00:41.0697 6916 nfrd960 - ok
22:00:41.0759 6916 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:00:41.0759 6916 NisDrv - ok
22:00:41.0884 6916 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:00:41.0900 6916 NisSrv - ok
22:00:41.0962 6916 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:00:41.0978 6916 NlaSvc - ok
22:00:42.0040 6916 Norton PC Checkup Application Launcher - ok
22:00:42.0071 6916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:00:42.0071 6916 Npfs - ok
22:00:42.0087 6916 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:00:42.0103 6916 nsi - ok
22:00:42.0103 6916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:00:42.0118 6916 nsiproxy - ok
22:00:42.0274 6916 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:00:42.0305 6916 Ntfs - ok
22:00:42.0430 6916 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:00:42.0430 6916 Null - ok
22:00:42.0477 6916 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
22:00:42.0477 6916 nusb3hub - ok
22:00:42.0508 6916 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
22:00:42.0508 6916 nusb3xhc - ok
22:00:42.0555 6916 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:00:42.0571 6916 nvraid - ok
22:00:42.0602 6916 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:00:42.0602 6916 nvstor - ok
22:00:42.0633 6916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:00:42.0633 6916 nv_agp - ok
22:00:42.0649 6916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:00:42.0649 6916 ohci1394 - ok
22:00:42.0758 6916 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:42.0758 6916 ose - ok
22:00:43.0148 6916 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:00:43.0257 6916 osppsvc - ok
22:00:43.0413 6916 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:00:43.0413 6916 p2pimsvc - ok
22:00:43.0475 6916 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:00:43.0491 6916 p2psvc - ok
22:00:43.0569 6916 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:00:43.0569 6916 Parport - ok
22:00:43.0616 6916 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:00:43.0616 6916 partmgr - ok
22:00:43.0663 6916 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:00:43.0663 6916 PcaSvc - ok
22:00:43.0741 6916 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
22:00:43.0756 6916 PCCUJobMgr - ok
22:00:43.0787 6916 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:00:43.0803 6916 pci - ok
22:00:43.0819 6916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:00:43.0819 6916 pciide - ok
22:00:43.0850 6916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:00:43.0850 6916 pcmcia - ok
22:00:43.0865 6916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:00:43.0865 6916 pcw - ok
22:00:43.0928 6916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:00:43.0943 6916 PEAUTH - ok
22:00:44.0021 6916 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:00:44.0021 6916 PerfHost - ok
22:00:44.0146 6916 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
22:00:44.0146 6916 PGEffect - ok
22:00:44.0349 6916 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:00:44.0411 6916 pla - ok
22:00:44.0505 6916 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:00:44.0505 6916 PlugPlay - ok
22:00:44.0583 6916 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
22:00:44.0583 6916 Pml Driver HPZ12 - ok
22:00:44.0614 6916 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:00:44.0630 6916 PNRPAutoReg - ok
22:00:44.0661 6916 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:00:44.0661 6916 PNRPsvc - ok
22:00:44.0723 6916 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
22:00:44.0739 6916 Point64 - ok
22:00:44.0817 6916 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:00:44.0833 6916 PolicyAgent - ok
22:00:44.0879 6916 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:00:44.0879 6916 Power - ok
22:00:44.0926 6916 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:00:44.0926 6916 PptpMiniport - ok
22:00:44.0957 6916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:00:44.0957 6916 Processor - ok
22:00:44.0989 6916 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
22:00:45.0004 6916 ProfSvc - ok
22:00:45.0035 6916 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:00:45.0035 6916 ProtectedStorage - ok
22:00:45.0098 6916 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:00:45.0098 6916 Psched - ok
22:00:45.0191 6916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:00:45.0207 6916 ql2300 - ok
22:00:45.0332 6916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:00:45.0347 6916 ql40xx - ok
22:00:45.0394 6916 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:00:45.0394 6916 QWAVE - ok
22:00:45.0410 6916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:00:45.0410 6916 QWAVEdrv - ok
22:00:45.0425 6916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:00:45.0425 6916 RasAcd - ok
22:00:45.0472 6916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:00:45.0472 6916 RasAgileVpn - ok
22:00:45.0519 6916 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:00:45.0519 6916 RasAuto - ok
22:00:45.0550 6916 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:00:45.0566 6916 Rasl2tp - ok
22:00:45.0613 6916 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:00:45.0613 6916 RasMan - ok
22:00:45.0628 6916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:00:45.0644 6916 RasPppoe - ok
22:00:45.0691 6916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:00:45.0691 6916 RasSstp - ok
22:00:45.0722 6916 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:00:45.0737 6916 rdbss - ok
22:00:45.0753 6916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:00:45.0753 6916 rdpbus - ok
22:00:45.0769 6916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:00:45.0769 6916 RDPCDD - ok
22:00:45.0800 6916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:00:45.0800 6916 RDPENCDD - ok
22:00:45.0815 6916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:00:45.0815 6916 RDPREFMP - ok
22:00:45.0878 6916 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
22:00:45.0878 6916 RDPWD - ok
22:00:45.0925 6916 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:00:45.0925 6916 rdyboost - ok
22:00:46.0049 6916 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:00:46.0065 6916 RegSrvc - ok
22:00:46.0112 6916 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:00:46.0112 6916 RemoteAccess - ok
22:00:46.0159 6916 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:00:46.0174 6916 RemoteRegistry - ok
22:00:46.0237 6916 risdxc (a14df7c3bc519328accb8fa741bad78a) C:\windows\system32\DRIVERS\risdxc64.sys
22:00:46.0237 6916 risdxc - ok
22:00:46.0268 6916 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:00:46.0268 6916 RpcEptMapper - ok
22:00:46.0299 6916 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:00:46.0299 6916 RpcLocator - ok
22:00:46.0361 6916 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:00:46.0377 6916 RpcSs - ok
22:00:46.0439 6916 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\windows\system32\DRIVERS\RsFx0105.sys
22:00:46.0455 6916 RsFx0105 - ok
22:00:46.0502 6916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:00:46.0502 6916 rspndr - ok
22:00:46.0549 6916 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:00:46.0549 6916 SamSs - ok
22:00:46.0580 6916 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:00:46.0580 6916 sbp2port - ok
22:00:46.0642 6916 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:00:46.0642 6916 SCardSvr - ok
22:00:46.0673 6916 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:00:46.0673 6916 scfilter - ok
22:00:46.0767 6916 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:00:46.0783 6916 Schedule - ok
22:00:46.0829 6916 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:00:46.0829 6916 SCPolicySvc - ok
22:00:46.0861 6916 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:00:46.0861 6916 SDRSVC - ok
22:00:46.0923 6916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:00:46.0923 6916 secdrv - ok
22:00:46.0954 6916 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:00:46.0954 6916 seclogon - ok
22:00:46.0985 6916 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
22:00:46.0985 6916 SENS - ok
22:00:47.0017 6916 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:00:47.0032 6916 SensrSvc - ok
22:00:47.0048 6916 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\windows\system32\drivers\ser2pl64.sys
22:00:47.0048 6916 Ser2pl - ok
22:00:47.0079 6916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:00:47.0079 6916 Serenum - ok
22:00:47.0110 6916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:00:47.0110 6916 Serial - ok
22:00:47.0110 6916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:00:47.0126 6916 sermouse - ok
22:00:47.0173 6916 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:00:47.0173 6916 SessionEnv - ok
22:00:47.0188 6916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:00:47.0188 6916 sffdisk - ok
22:00:47.0204 6916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:00:47.0204 6916 sffp_mmc - ok
22:00:47.0204 6916 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:00:47.0204 6916 sffp_sd - ok
22:00:47.0219 6916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:00:47.0219 6916 sfloppy - ok
22:00:47.0282 6916 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:00:47.0297 6916 SharedAccess - ok
22:00:47.0344 6916 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:00:47.0360 6916 ShellHWDetection - ok
22:00:47.0391 6916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:00:47.0391 6916 SiSRaid2 - ok
22:00:47.0438 6916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:00:47.0438 6916 SiSRaid4 - ok
22:00:47.0485 6916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:00:47.0485 6916 Smb - ok
22:00:47.0547 6916 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:00:47.0547 6916 SNMPTRAP - ok
22:00:47.0563 6916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:00:47.0563 6916 spldr - ok
22:00:47.0625 6916 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:00:47.0641 6916 Spooler - ok
22:00:47.0890 6916 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:00:47.0906 6916 sppsvc - ok
22:00:48.0015 6916 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:00:48.0015 6916 sppuinotify - ok
22:00:48.0233 6916 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:00:48.0249 6916 SQLAgent$SQLEXPRESS - ok
22:00:48.0389 6916 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:00:48.0389 6916 SQLBrowser - ok
22:00:48.0436 6916 SQLWriter (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:00:48.0452 6916 SQLWriter - ok
22:00:48.0545 6916 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:00:48.0561 6916 srv - ok
22:00:48.0592 6916 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:00:48.0608 6916 srv2 - ok
22:00:48.0670 6916 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:00:48.0670 6916 srvnet - ok
22:00:48.0733 6916 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:00:48.0733 6916 SSDPSRV - ok
22:00:48.0748 6916 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:00:48.0748 6916 SstpSvc - ok
22:00:48.0826 6916 Steam Client Service - ok
22:00:48.0857 6916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:00:48.0857 6916 stexstor - ok
22:00:48.0920 6916 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
22:00:48.0920 6916 StillCam - ok
22:00:48.0998 6916 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:00:49.0013 6916 stisvc - ok
22:00:49.0045 6916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:00:49.0060 6916 swenum - ok
22:00:49.0123 6916 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:00:49.0138 6916 swprv - ok
22:00:49.0247 6916 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:00:49.0279 6916 SysMain - ok
22:00:49.0388 6916 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:00:49.0403 6916 TabletInputService - ok
22:00:49.0435 6916 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:00:49.0435 6916 TapiSrv - ok
22:00:49.0466 6916 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:00:49.0466 6916 TBS - ok
22:00:49.0653 6916 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:00:49.0669 6916 Tcpip - ok
22:00:49.0949 6916 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:00:49.0981 6916 TCPIP6 - ok
22:00:50.0105 6916 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:00:50.0105 6916 tcpipreg - ok
22:00:50.0168 6916 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:00:50.0168 6916 tdcmdpst - ok
22:00:50.0199 6916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:00:50.0199 6916 TDPIPE - ok
22:00:50.0246 6916 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:00:50.0246 6916 TDTCP - ok
22:00:50.0293 6916 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:00:50.0293 6916 tdx - ok
22:00:50.0324 6916 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
22:00:50.0324 6916 TermDD - ok
22:00:50.0386 6916 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:00:50.0402 6916 TermService - ok
22:00:50.0417 6916 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:00:50.0417 6916 Themes - ok
22:00:50.0449 6916 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
22:00:50.0449 6916 Thpdrv - ok
22:00:50.0480 6916 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
22:00:50.0480 6916 Thpevm - ok
22:00:50.0558 6916 Thpsrv (9b032a63a0553a2d872815c64a0288be) C:\windows\system32\ThpSrv.exe
22:00:50.0573 6916 Thpsrv - ok
22:00:50.0605 6916 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:00:50.0605 6916 THREADORDER - ok
22:00:50.0698 6916 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:00:50.0698 6916 TMachInfo - ok
22:00:50.0729 6916 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
22:00:50.0745 6916 TODDSrv - ok
22:00:50.0854 6916 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:00:50.0854 6916 TosCoSrv - ok
22:00:50.0932 6916 TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:00:50.0932 6916 TOSHIBA eco Utility Service - ok
22:00:50.0979 6916 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:00:50.0979 6916 TOSHIBA HDD SSD Alert Service - ok
22:00:51.0088 6916 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
22:00:51.0104 6916 tos_sps64 - ok
22:00:51.0182 6916 TPCHSrv (9f8410ccc72b3470c96da415be0cf423) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:00:51.0197 6916 TPCHSrv - ok
22:00:51.0322 6916 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
22:00:51.0338 6916 TPM - ok
22:00:51.0369 6916 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:00:51.0369 6916 TrkWks - ok
22:00:51.0431 6916 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:00:51.0431 6916 TrustedInstaller - ok
22:00:51.0447 6916 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:00:51.0447 6916 tssecsrv - ok
22:00:51.0478 6916 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:00:51.0478 6916 TsUsbFlt - ok
22:00:51.0494 6916 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:00:51.0494 6916 TsUsbGD - ok
22:00:51.0525 6916 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:00:51.0525 6916 tunnel - ok
22:00:51.0572 6916 TVALZ (effce6e033ebdd0f3c0f14a413558f65) C:\windows\system32\DRIVERS\TVALZ.SYS
22:00:51.0572 6916 TVALZ - ok
22:00:51.0603 6916 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
22:00:51.0603 6916 TVALZFL - ok
22:00:51.0634 6916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:00:51.0634 6916 uagp35 - ok
22:00:51.0665 6916 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:00:51.0681 6916 udfs - ok
22:00:51.0697 6916 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:00:51.0697 6916 UI0Detect - ok
22:00:51.0728 6916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:00:51.0743 6916 uliagpkx - ok
22:00:51.0775 6916 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:00:51.0775 6916 umbus - ok
22:00:51.0806 6916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:00:51.0806 6916 UmPass - ok
22:00:52.0055 6916 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:00:52.0071 6916 UNS - ok
22:00:52.0211 6916 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:00:52.0227 6916 upnphost - ok
22:00:52.0321 6916 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
22:00:52.0321 6916 USBAAPL64 - ok
22:00:52.0367 6916 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:00:52.0367 6916 usbccgp - ok
22:00:52.0399 6916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:00:52.0399 6916 usbcir - ok
22:00:52.0445 6916 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
22:00:52.0445 6916 usbehci - ok
22:00:52.0508 6916 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:00:52.0508 6916 usbhub - ok
22:00:52.0555 6916 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:00:52.0555 6916 usbohci - ok
22:00:52.0586 6916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
22:00:52.0586 6916 usbprint - ok
22:00:52.0633 6916 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:00:52.0648 6916 USBSTOR - ok
22:00:52.0664 6916 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:00:52.0664 6916 usbuhci - ok
22:00:52.0726 6916 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:00:52.0726 6916 usbvideo - ok
22:00:52.0742 6916 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:00:52.0742 6916 UxSms - ok
22:00:52.0804 6916 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:00:52.0804 6916 VaultSvc - ok
22:00:52.0835 6916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:00:52.0835 6916 vdrvroot - ok
22:00:52.0898 6916 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:00:52.0929 6916 vds - ok
22:00:52.0976 6916 vflt (00c7df4f50962ba218ab60d32869100b) C:\windows\system32\DRIVERS\vfilter.sys
22:00:52.0976 6916 vflt - ok
22:00:53.0007 6916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:00:53.0007 6916 vga - ok
22:00:53.0023 6916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:00:53.0023 6916 VgaSave - ok
22:00:53.0054 6916 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:00:53.0054 6916 vhdmp - ok
22:00:53.0054 6916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:00:53.0054 6916 viaide - ok
22:00:53.0163 6916 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
22:00:53.0179 6916 VMAuthdService - ok
22:00:53.0257 6916 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\windows\system32\DRIVERS\vmci.sys
22:00:53.0257 6916 vmci - ok
22:00:53.0319 6916 vmkbd (ed82d26b5e26542615483b8bed77d826) C:\windows\system32\drivers\VMkbd.sys
22:00:53.0319 6916 vmkbd - ok
22:00:53.0381 6916 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\windows\system32\DRIVERS\vmnetadapter.sys
22:00:53.0381 6916 VMnetAdapter - ok
22:00:53.0444 6916 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\windows\system32\DRIVERS\vmnetbridge.sys
22:00:53.0444 6916 VMnetBridge - ok
22:00:53.0459 6916 VMnetDHCP - ok
22:00:53.0475 6916 VMnetuserif (94dd802da1a3bbf7402246cb48cfea83) C:\windows\system32\drivers\vmnetuserif.sys
22:00:53.0475 6916 VMnetuserif - ok
22:00:53.0662 6916 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
22:00:53.0678 6916 VMUSBArbService - ok
22:00:53.0709 6916 VMware NAT Service - ok
22:00:53.0771 6916 vmx86 (06eb22ea8e451654346ea0f9c56dd795) C:\windows\system32\drivers\vmx86.sys
22:00:53.0771 6916 vmx86 - ok
22:00:53.0803 6916 vnet (a99ca064ad11266fe7067a79bf78bbb5) C:\windows\system32\DRIVERS\virtualnet.sys
22:00:53.0818 6916 vnet - ok
22:00:53.0865 6916 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:00:53.0865 6916 volmgr - ok
22:00:53.0912 6916 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:00:53.0927 6916 volmgrx - ok
22:00:53.0959 6916 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
22:00:53.0959 6916 volsnap - ok
22:00:54.0005 6916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:00:54.0005 6916 vsmraid - ok
22:00:54.0130 6916 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:00:54.0161 6916 VSS - ok
22:00:54.0271 6916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:00:54.0271 6916 vwifibus - ok
22:00:54.0302 6916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:00:54.0317 6916 vwififlt - ok
22:00:54.0333 6916 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
22:00:54.0333 6916 vwifimp - ok
22:00:54.0395 6916 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:00:54.0395 6916 W32Time - ok
22:00:54.0427 6916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:00:54.0427 6916 WacomPen - ok
22:00:54.0473 6916 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:00:54.0473 6916 WANARP - ok
22:00:54.0489 6916 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:00:54.0489 6916 Wanarpv6 - ok
22:00:54.0614 6916 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:00:54.0645 6916 WatAdminSvc - ok
22:00:54.0770 6916 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:00:54.0801 6916 wbengine - ok
22:00:54.0910 6916 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:00:54.0910 6916 WbioSrvc - ok
22:00:54.0957 6916 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:00:54.0957 6916 wcncsvc - ok
22:00:55.0004 6916 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:00:55.0004 6916 WcsPlugInService - ok
22:00:55.0082 6916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:00:55.0082 6916 Wd - ok
22:00:55.0144 6916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:00:55.0144 6916 Wdf01000 - ok
22:00:55.0191 6916 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:00:55.0191 6916 WdiServiceHost - ok
22:00:55.0191 6916 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:00:55.0207 6916 WdiSystemHost - ok
22:00:55.0238 6916 wdkmd (5e1640435dd54d00451156ca5340b109) C:\windows\system32\DRIVERS\WDKMD.sys
22:00:55.0238 6916 wdkmd - ok
22:00:55.0285 6916 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:00:55.0285 6916 WebClient - ok
22:00:55.0331 6916 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:00:55.0331 6916 Wecsvc - ok
22:00:55.0363 6916 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:00:55.0363 6916 wercplsupport - ok
22:00:55.0394 6916 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:00:55.0394 6916 WerSvc - ok
22:00:55.0425 6916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:00:55.0425 6916 WfpLwf - ok
22:00:55.0456 6916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:00:55.0456 6916 WIMMount - ok
22:00:55.0519 6916 WinDefend - ok
22:00:55.0534 6916 WinHttpAutoProxySvc - ok
22:00:55.0612 6916 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:00:55.0612 6916 Winmgmt - ok
22:00:55.0784 6916 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:00:55.0815 6916 WinRM - ok
22:00:55.0987 6916 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:00:55.0987 6916 WinUsb - ok
22:00:56.0065 6916 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:00:56.0096 6916 Wlansvc - ok
22:00:56.0189 6916 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:00:56.0189 6916 wlcrasvc - ok
22:00:56.0408 6916 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:00:56.0423 6916 wlidsvc - ok
22:00:56.0533 6916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
22:00:56.0548 6916 WmiAcpi - ok
22:00:56.0611 6916 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:00:56.0611 6916 wmiApSrv - ok
22:00:56.0673 6916 WMPNetworkSvc - ok
22:00:56.0720 6916 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:00:56.0720 6916 WPCSvc - ok
22:00:56.0735 6916 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:00:56.0751 6916 WPDBusEnum - ok
22:00:56.0782 6916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:00:56.0782 6916 ws2ifsl - ok
22:00:56.0845 6916 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
22:00:56.0845 6916 wscsvc - ok
22:00:56.0891 6916 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
22:00:56.0891 6916 WSDPrintDevice - ok
22:00:56.0907 6916 WSearch - ok
22:00:57.0125 6916 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
22:00:57.0141 6916 wuauserv - ok
22:00:57.0266 6916 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:00:57.0266 6916 WudfPf - ok
22:00:57.0328 6916 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:00:57.0328 6916 WUDFRd - ok
22:00:57.0359 6916 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:00:57.0359 6916 wudfsvc - ok
22:00:57.0391 6916 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:00:57.0391 6916 WwanSvc - ok
22:00:57.0469 6916 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:00:57.0703 6916 \Device\Harddisk0\DR0 - ok
22:00:57.0718 6916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
22:01:00.0058 6916 \Device\Harddisk1\DR2 - ok
22:01:00.0089 6916 Boot (0x1200) (9c8fa8844b08ea863a6701b198c70f25) \Device\Harddisk0\DR0\Partition0
22:01:00.0105 6916 \Device\Harddisk0\DR0\Partition0 - ok
22:01:00.0105 6916 Boot (0x1200) (915e039af3121af07e58e1d2ea8af8a9) \Device\Harddisk1\DR2\Partition0
22:01:00.0105 6916 \Device\Harddisk1\DR2\Partition0 - ok
22:01:00.0105 6916 ============================================================
22:01:00.0105 6916 Scan finished
22:01:00.0105 6916 ============================================================
22:01:00.0121 5148 Detected object count: 0
22:01:00.0121 5148 Actual detected object count: 0

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 22:02:06
-----------------------------
22:02:06.324 OS Version: Windows x64 6.1.7601 Service Pack 1
22:02:06.324 Number of processors: 4 586 0x2A07
22:02:06.324 ComputerName: BRIAN-PC UserName: Brian
22:02:07.759 Initialize success
22:08:06.634 AVAST engine defs: 12061001
22:08:15.200 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:08:15.200 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
22:08:15.216 Disk 0 MBR read successfully
22:08:15.216 Disk 0 MBR scan
22:08:15.231 Disk 0 Windows VISTA default MBR code
22:08:15.231 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:08:15.247 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461322 MB offset 3074048
22:08:15.278 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14117 MB offset 947861504
22:08:15.309 Disk 0 scanning C:\windows\system32\drivers
22:08:27.119 Service scanning
22:09:14.824 Modules scanning
22:09:14.839 Disk 0 trace - called modules:
22:09:14.870 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys hal.dll
22:09:14.870 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099c4060]
22:09:14.870 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80099c3060]
22:09:14.886 5 thpdrv.sys[fffff88001baacc0] -> nt!IofCallDriver -> [0xfffffa8007e6a5f0]
22:09:14.886 7 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e78050]
22:09:16.290 AVAST engine scan C:\windows
22:09:19.800 AVAST engine scan C:\windows\system32
22:11:01.685 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:11:04.602 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:13:26.413 AVAST engine scan C:\windows\system32\drivers
22:13:39.346 AVAST engine scan C:\Users\Brian
22:53:35.899 AVAST engine scan C:\ProgramData
22:55:34.758 Scan finished successfully
23:02:45.486 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
23:02:45.517 The log file has been saved successfully to "F:\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 11 June 2012 - 12:19 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\windows\assembly\GAC_32\Desktop.ini
C:\windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 eick

eick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 11 June 2012 - 05:57 PM

After running ComboFix and rebooting the computer, the Sirefef trojan has not reared its ugly head. :) I think that finally got it but will update after I have used the computer for a little while.

Due to the size of the log, I am going to have to split it into two parts and attach it.

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 11 June 2012 - 06:09 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 eick

eick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 12 June 2012 - 05:36 PM

Filesize of the combofix log file is larger than I can upload to the forum. So I have put it on my dropbox site and link it. Sorry if that is a problem.

http://dl.dropbox.com/u/23029176/combofix%20log%202.txt

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 12 June 2012 - 08:36 PM

greetings

see post 12 I would like to see a different report that combofix makes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 eick

eick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 13 June 2012 - 09:36 PM

Here is the extra report that combo fix made that you wanted to see:


µTorrent
Adobe AIR
Adobe Reader X (10.1.3)
Amazon Kindle
Amazon Links
Amazon MP3 Downloader 1.0.12
Android SDK Tools
Apple Application Support
Apple Software Update
Baseball Mogul 2013 BETA
Bejeweled 3
Bing Desktop
BufferChm
C309g-m
calibre
Chuzzle Deluxe
CodeBlocks
Coupon Printer for Windows
Crystal Reports for Visual Studio
D110
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Dotfuscator Software Services - Community Edition
Dropbox
Duplicate File Detective 2
eReader
Fallout 2
Fallout: New Vegas
FATE - The Traitor Soul
FolderSizes 4
Football Mogul 2012
GameSpy Comrade
GIMP 2.6.11
GNU CLISP 2.49
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Grand Theft Auto IV
GURPS Character Assistant 4
HiJackThis
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
HP Photo Creations
HP Update
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Wireless Display
Java Auto Updater
Java™ 6 Update 31
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Label@Once 1.0
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Garage Mouse without Borders
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft WSE 3.0 Runtime
Mozilla Firefox 7.0.1 (x86 en-US)
Mp3tag v2.49b
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MusicBrainz Picard
Need for Speed™ Undercover
NOOK for PC
Notepad++
Origin
PDB DRM Removal
Penguins!
PL-2303 USB-to-Serial
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
PS_AIO_06_C309g-m_SW_Min
PS_AIO_07_D110_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
RICOH Media Driver v2.13.17.01
Safari
Saints Row 2
Saints Row: The Third - Initiation Station
Scan
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Skype Launcher
SmartWebPrinting
SolutionCenter
Status
Steam
System Requirements Lab for Intel
The Sims Medieval
The Sims Medieval Pirates and Nobles
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Katy Perry's Sweet Treats
The Sims™ 3 Late Night
The Sims™ 3 Master Suite Stuff
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 Showtime
The Sims™ 3 Town Life Stuff
The Sims™ 3 World Adventures
thriXXX 3DSexVilla2-123.001
Thrustmapper
Thrustmaster Calibration Tool
Tinker
Tom Clancy's Splinter Cell
Toolbox
tools-linux
tools-windows
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
TrayApp
TuneUp Companion 2.2.7
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VMware Player
VoiceOver Kit
WCF RIA Services V1.0 SP1
WebReg
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0
Yahoo! Toolbar
Zuma's Revenge




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users