UKASH (Cheshire Police) virus help needed

nukeboy · Feb 27, 2013

Any help out there would be greatly appreciated. Reading back at other's experiences, this virus seems to be getting more and more sophisticated and now blocks at least half a dozen paths of defeating it.

I can't add a scan as the pc is blocked completely. Yours nukeboy.

Fiery · Feb 27, 2013

Hi and welcome to MalwareTips!

My name is Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For x32 (x86) bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a flash drive.
For x64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <>e:\frst.exe</> (for x64 bit version type <>e:\frst64</>) and press <>Enter</>
<>Note:</> Replace letter <>e</> with the drive letter of your flash drive.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close out this message</li>
<li>Type <>exit</> and reboot the computer normally</li>
<li>Please copy and paste the log from your USB in your reply (FRST.txt )</li></li>
</ol>
</ul>

nukeboy · Feb 28, 2013

Thank you Fiery, I appreciate your help! just about to start the process now.

edit: Cool, that part worked! Well after I figured the PC was 64 bit. Look forward to the next instruction!

nukeboy · Feb 28, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013
Ran by SYSTEM at 28-02-2013 19:46:27
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-03-22] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-09] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [csmsr] "C:\Windows\System32\rundll32.exe" "C:\Users\The Harris PC\AppData\Roaming\csmsr.dll",create_info_struct [300544 2013-02-10] ()
HKLM\...\Run: [dosfp] rundll32.exe "C:\Users\The Harris PC\AppData\Roaming\dosfp.dll",ASetPlayParameters [142336 2013-02-09] (PCMCIA)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\The Harris PC\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)
HKU\The Harris PC\...\Run: [dosfp] rundll32.exe "C:\Users\The Harris PC\AppData\Roaming\dosfp.dll",ASetPlayParameters [142336 2013-02-09] (PCMCIA)
HKU\The Harris PC\...\Run: [HotKeysCmds] C:\Users\THEHAR~1\AppData\Local\Temp\E11B.EXE [x]
HKU\The Harris PC\...\Run: [Windows Update Server] C:\Users\The Harris PC\f89y12auti75-3259.exe [199680 2013-02-20] ()
HKU\The Harris PC\...\Winlogon: [Shell] explorer.exe,C:\Users\The Harris PC\AppData\Roaming\skype.dat [110592 2011-11-16] ()
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\1606203.bat [x ] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\830\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\The Harris PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) ===================

2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [112080 2011-02-09] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
3 RtkBtFilter; C:\Windows\System32\Drivers\RtkBtFilter.sys [21096 2012-01-05] (Realtek Microelectronics)
3 mfeavfk01; [x]
3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
3 Tosrfcom; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-02-28 19:46 - 2013-02-28 19:46 - 00000000 ____D C:\FRST
2013-02-27 13:36 - 2013-02-27 13:36 - 00548864 ____A () C:\Users\The Harris PC\AppData\Roaming\insri.dll
2013-02-27 13:15 - 2013-02-27 13:15 - 00000000 ____D C:\Windows\pss
2013-02-26 11:26 - 2013-02-27 14:25 - 00000004 ____A C:\Users\The Harris PC\AppData\Roaming\skype.ini
2013-02-26 11:26 - 2013-02-26 12:34 - 95023320 ___AT C:\ProgramData\1606203.pad
2013-02-26 11:26 - 2013-02-26 11:26 - 00095232 ____A C:\Users\The Harris PC\3026061.dll
2013-02-26 11:26 - 2013-02-26 11:26 - 00002803 ____A C:\ProgramData\1606203.js
2013-02-26 11:26 - 2013-02-26 11:26 - 00000153 ____A C:\ProgramData\1606203.reg
2013-02-26 11:26 - 2013-02-26 11:26 - 00000063 ____A C:\ProgramData\1606203.bat
2013-02-26 11:25 - 2013-02-26 11:25 - 00000000 ____D C:\Windows\Sun
2013-02-25 08:35 - 2013-02-25 08:46 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi
2013-02-20 08:11 - 2013-02-20 08:11 - 00199680 ___SH C:\Users\The Harris PC\f89y12auti75-3259.exe
2013-02-20 08:09 - 2013-02-20 08:09 - 01480192 ____A (MagicISO, Inc.) C:\Users\The Harris PC\AppData\Roaming\pdoubrhgfjkxeiqndts.exe
2013-02-18 12:18 - 2013-02-18 15:03 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4
2013-02-14 00:05 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 00:05 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 00:05 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 00:05 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 00:05 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 00:05 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 00:05 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 00:05 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 00:05 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 00:05 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 00:05 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 00:05 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 00:05 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 00:05 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 00:05 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 00:05 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 00:05 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-14 00:05 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-14 00:05 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-14 00:05 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-14 00:05 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-14 00:05 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-14 00:05 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-14 00:05 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-14 00:05 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-14 00:05 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-14 00:05 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-14 00:05 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-14 00:05 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-14 00:05 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-14 00:05 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-14 00:05 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-13 17:57 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 17:57 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-13 17:57 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-13 17:56 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 17:56 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 17:56 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 17:56 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 17:56 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 17:56 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 17:56 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-13 17:56 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 17:56 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-11 10:55 - 2013-02-11 11:45 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi
2013-02-10 01:28 - 2013-02-10 01:28 - 00300544 ____A () C:\Users\The Harris PC\AppData\Roaming\csmsr.dll
2013-02-10 01:27 - 2013-02-27 12:47 - 00006526 ____A C:\Users\The Harris PC\AppData\Local\423f1111-bcad-4877-b419-1d536ea5ba9b.crx
2013-02-10 01:27 - 2013-02-10 01:27 - 00542720 ____A C:\Users\The Harris PC\AppData\Roaming\caufy.dll
2013-02-09 09:20 - 2013-02-09 09:47 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi
2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\qsagopfmqosxptapojj.exe
2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
2013-02-09 02:49 - 2013-02-09 02:49 - 00142336 ____A (PCMCIA) C:\Users\The Harris PC\AppData\Roaming\dosfp.dll
2013-02-09 02:49 - 2013-02-09 02:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2013-02-04 07:35 - 2013-02-14 00:09 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-02 04:46 - 2013-02-02 05:14 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4
2013-01-29 11:41 - 2013-01-29 11:41 - 00007597 ____A C:\Users\The Harris PC\AppData\Local\Resmon.ResmonCfg

==================== One Month Modified Files and Folders =======

2013-02-27 14:25 - 2013-02-26 11:26 - 00000004 ____A C:\Users\The Harris PC\AppData\Roaming\skype.ini
2013-02-27 14:24 - 2012-05-11 10:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-27 14:24 - 2009-07-13 21:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-27 14:23 - 2012-08-29 08:46 - 01088617 ____A C:\Windows\WindowsUpdate.log
2013-02-27 14:23 - 2012-05-11 10:58 - 00001839 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk
2013-02-27 14:22 - 2012-05-11 10:47 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-27 14:22 - 2012-05-11 10:47 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-27 14:22 - 2012-05-11 10:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-27 14:19 - 2012-05-11 10:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-27 14:18 - 2012-08-29 08:49 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-02-27 14:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-27 14:18 - 2009-07-13 20:51 - 00045189 ____A C:\Windows\setupact.log
2013-02-27 13:36 - 2013-02-27 13:36 - 00548864 ____A () C:\Users\The Harris PC\AppData\Roaming\insri.dll
2013-02-27 13:15 - 2013-02-27 13:15 - 00000000 ____D C:\Windows\pss
2013-02-27 13:02 - 2010-11-20 19:47 - 00017762 ____A C:\Windows\PFRO.log
2013-02-27 12:47 - 2013-02-10 01:27 - 00006526 ____A C:\Users\The Harris PC\AppData\Local\423f1111-bcad-4877-b419-1d536ea5ba9b.crx
2013-02-26 12:34 - 2013-02-26 11:26 - 95023320 ___AT C:\ProgramData\1606203.pad
2013-02-26 11:51 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-26 11:51 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-26 11:26 - 2013-02-26 11:26 - 00095232 ____A C:\Users\The Harris PC\3026061.dll
2013-02-26 11:26 - 2013-02-26 11:26 - 00002803 ____A C:\ProgramData\1606203.js
2013-02-26 11:26 - 2013-02-26 11:26 - 00000153 ____A C:\ProgramData\1606203.reg
2013-02-26 11:26 - 2013-02-26 11:26 - 00000063 ____A C:\ProgramData\1606203.bat
2013-02-26 11:26 - 2012-11-22 12:52 - 00000000 ____D C:\users\The Harris PC
2013-02-26 11:25 - 2013-02-26 11:25 - 00000000 ____D C:\Windows\Sun
2013-02-26 10:02 - 2012-08-29 08:49 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-02-26 00:06 - 2012-05-11 10:52 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-25 08:46 - 2013-02-25 08:35 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi
2013-02-20 08:11 - 2013-02-20 08:11 - 00199680 ___SH C:\Users\The Harris PC\f89y12auti75-3259.exe
2013-02-20 08:09 - 2013-02-20 08:09 - 01480192 ____A (MagicISO, Inc.) C:\Users\The Harris PC\AppData\Roaming\pdoubrhgfjkxeiqndts.exe
2013-02-18 15:03 - 2013-02-18 12:18 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4
2013-02-17 16:33 - 2012-12-11 03:56 - 00000000 ____D C:\Users\The Harris PC\AppData\Roaming\SoftGrid Client
2013-02-14 00:43 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 00:09 - 2013-02-04 07:35 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-11 11:45 - 2013-02-11 10:55 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi
2013-02-10 01:28 - 2013-02-10 01:28 - 00300544 ____A () C:\Users\The Harris PC\AppData\Roaming\csmsr.dll
2013-02-10 01:27 - 2013-02-10 01:27 - 00542720 ____A C:\Users\The Harris PC\AppData\Roaming\caufy.dll
2013-02-09 09:47 - 2013-02-09 09:20 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi
2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\qsagopfmqosxptapojj.exe
2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
2013-02-09 02:49 - 2013-02-09 02:49 - 00142336 ____A (PCMCIA) C:\Users\The Harris PC\AppData\Roaming\dosfp.dll
2013-02-09 02:49 - 2013-02-09 02:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2013-02-09 02:49 - 2012-11-22 12:55 - 00000000 ____D C:\Users\The Harris PC\AppData\Local\VirtualStore
2013-02-02 05:14 - 2013-02-02 04:46 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4
2013-01-29 15:57 - 2013-01-07 14:39 - 00025088 ____A C:\Users\The Harris PC\Documents\pattern.xls
2013-01-29 11:41 - 2013-01-29 11:41 - 00007597 ____A C:\Users\The Harris PC\AppData\Local\Resmon.ResmonCfg

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-08 11:51:37
Restore point made on: 2013-02-14 00:05:03
Restore point made on: 2013-02-21 17:07:49
Restore point made on: 2013-02-27 14:23:16

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3985.8 MB
Available physical RAM: 3360.12 MB
Total Pagefile: 3984 MB
Available Pagefile: 3350.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (TI30875400C) (Fixed) (Total:448.57 GB) (Free:378.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (JENS FLASH) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Disk ID: B0DE4F87

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 448 GB 1501 MB
Partition 3 Primary 15 GB 450 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI30875400C NTFS Partition 448 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 2:
===============

Disk ID: ABF5C5D3

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7640 MB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G JENS FLASH FAT32 Removable 7640 MB Healthy

=========================================================

Last Boot: 2013-02-22 17:39

==================== End Of Log =============================

Fiery · Feb 28, 2013

Hi,

Your computer is severely infected. Do the fix below and try to boot to normal mode after. If you are successful, then proceed to backing up your important data to an external drive as we need to delete a partition created by the malware on your system.

Open notepad and copy & paste the following:

start
HKLM\...\Run: [csmsr] "C:\Windows\System32\rundll32.exe" "C:\Users\The Harris PC\AppData\Roaming\csmsr.dll",create_info_struct [300544 2013-02-10] ()
HKLM\...\Run: [dosfp] rundll32.exe "C:\Users\The Harris PC\AppData\Roaming\dosfp.dll",ASetPlayParameters [142336 2013-02-09] (PCMCIA)
HKU\The Harris PC\...\Run: [dosfp] rundll32.exe "C:\Users\The Harris PC\AppData\Roaming\dosfp.dll",ASetPlayParameters [142336 2013-02-09] (PCMCIA)
HKU\The Harris PC\...\Run: [HotKeysCmds] C:\Users\THEHAR~1\AppData\Local\Temp\E11B.EXE [x]
HKU\The Harris PC\...\Run: [Windows Update Server] C:\Users\The Harris PC\f89y12auti75-3259.exe [199680 2013-02-20] ()
HKU\The Harris PC\...\Winlogon: [Shell] explorer.exe,C:\Users\The Harris PC\AppData\Roaming\skype.dat [110592 2011-11-16] ()
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\1606203.bat [x ] ()
2013-02-27 13:36 - 2013-02-27 13:36 - 00548864 ____A () C:\Users\The Harris PC\AppData\Roaming\insri.dll
2013-02-26 11:26 - 2013-02-27 14:25 - 00000004 ____A C:\Users\The Harris PC\AppData\Roaming\skype.ini
2013-02-26 11:26 - 2013-02-26 12:34 - 95023320 ___AT C:\ProgramData\1606203.pad
2013-02-26 11:26 - 2013-02-26 11:26 - 00095232 ____A C:\Users\The Harris PC\3026061.dll
2013-02-26 11:26 - 2013-02-26 11:26 - 00002803 ____A C:\ProgramData\1606203.js
2013-02-26 11:26 - 2013-02-26 11:26 - 00000153 ____A C:\ProgramData\1606203.reg
2013-02-26 11:26 - 2013-02-26 11:26 - 00000063 ____A C:\ProgramData\1606203.bat
2013-02-20 08:11 - 2013-02-20 08:11 - 00199680 ___SH C:\Users\The Harris PC\f89y12auti75-3259.exe
2013-02-20 08:09 - 2013-02-20 08:09 - 01480192 ____A (MagicISO, Inc.) C:\Users\The Harris PC\AppData\Roaming\pdoubrhgfjkxeiqndts.exe
2013-02-10 01:28 - 2013-02-10 01:28 - 00300544 ____A () C:\Users\The Harris PC\AppData\Roaming\csmsr.dll
2013-02-10 01:27 - 2013-02-27 12:47 - 00006526 ____A C:\Users\The Harris PC\AppData\Local\423f1111-bcad-4877-b419-1d536ea5ba9b.crx
2013-02-10 01:27 - 2013-02-10 01:27 - 00542720 ____A C:\Users\The Harris PC\AppData\Roaming\caufy.dll
2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\qsagopfmqosxptapojj.exe
2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe
C:\Users\The Harris PC\3026061.dll
end

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

After running FRST and you can boot to normal or safe mode, back up your files and

Download OTL by Old Timer from here and save it to your Desktop.

Double click on OTL.exe to run it.
Click the Scan All Users checkbox.
Check the boxes beside LOP Check and Purity Check
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please attach the contents of these 2 Notepad files in your next reply.

nukeboy · Feb 28, 2013

OK so far so good... and growing in confidence!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-02-2013
Ran by SYSTEM at 2013-02-28 21:19:40 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\csmsr Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dosfp Value deleted successfully.
HKEY_USERS\The Harris PC\Software\Microsoft\Windows\CurrentVersion\Run\\dosfp Value deleted successfully.
HKEY_USERS\The Harris PC\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds Value deleted successfully.
HKEY_USERS\The Harris PC\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Update Server Value deleted successfully.
HKEY_USERS\The Harris PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .
C:\Users\The Harris PC\AppData\Roaming\insri.dll moved successfully.
C:\Users\The Harris PC\AppData\Roaming\skype.ini moved successfully.
C:\ProgramData\1606203.pad moved successfully.
C:\Users\The Harris PC\3026061.dll moved successfully.
C:\ProgramData\1606203.js moved successfully.
C:\ProgramData\1606203.reg moved successfully.
C:\ProgramData\1606203.bat moved successfully.
C:\Users\The Harris PC\f89y12auti75-3259.exe moved successfully.
C:\Users\The Harris PC\AppData\Roaming\pdoubrhgfjkxeiqndts.exe moved successfully.
C:\Users\The Harris PC\AppData\Roaming\csmsr.dll moved successfully.
C:\Users\The Harris PC\AppData\Local\423f1111-bcad-4877-b419-1d536ea5ba9b.crx moved successfully.
C:\Users\The Harris PC\AppData\Roaming\caufy.dll moved successfully.
C:\Users\The Harris PC\AppData\Roaming\qsagopfmqosxptapojj.exe moved successfully.
C:\Users\The Harris PC\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe moved successfully.
C:\Users\The Harris PC\3026061.dll not found.

==== End of Fixlog ====

Fiery · Feb 28, 2013

Are you able to boot to normal mode? If not, do another FRST scan

If you are able to boot normally, proceed to OTL

nukeboy · Feb 28, 2013

OTL logfile created on: 28/02/2013 21:33:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Harris PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.89 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 64.85% Memory free
7.78 Gb Paging File | 6.12 Gb Available in Paging File | 78.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.57 Gb Total Space | 378.28 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: THEHARRISPC | User Name: The Harris PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/28 21:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Harris PC\Desktop\OTL.exe
PRC - [2013/02/15 09:19:10 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/29 00:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/02/29 00:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/02/21 19:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/21 19:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/01/05 10:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/04 12:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/07/17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/02/03 05:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011/12/16 06:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/12/14 22:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/11/26 01:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 20:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/01/28 10:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2010/10/20 21:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/10 00:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2013/02/27 22:22:48 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/24 20:53:21 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\830\g2aservice.exe -- (GoToAssist)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/05 00:21:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/29 00:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/29 00:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/21 19:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/21 19:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2011/11/04 12:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/12 00:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/02 00:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/02/10 07:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/17 14:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/17 14:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/17 14:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/30 21:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012/01/17 00:20:38 | 001,082,472 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTL8192Ce)
DRV:64bit: - [2012/01/05 20:42:32 | 000,021,096 | ---- | M] (Realtek Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtkBtfilter.sys -- (RtkBtFilter)
DRV:64bit: - [2012/01/05 10:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 10:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 10:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/19 19:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/17 00:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/12/06 11:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/01 09:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 09:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/11/30 02:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 08:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/24 04:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/17 21:27:06 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 02:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/30 17:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/18 23:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/31 03:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 23:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 22:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/20 02:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3AA83B39-367A-4EC8-A7FF-A6B6E13AB159}
IE:64bit: - HKLM\..\SearchScopes\{3AA83B39-367A-4EC8-A7FF-A6B6E13AB159}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3AA83B39-367A-4EC8-A7FF-A6B6E13AB159}
IE - HKLM\..\SearchScopes\{3AA83B39-367A-4EC8-A7FF-A6B6E13AB159}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3404221819-1042420303-1083371019-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-3404221819-1042420303-1083371019-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-3404221819-1042420303-1083371019-1000\..\SearchScopes,DefaultScope = {3AA83B39-367A-4EC8-A7FF-A6B6E13AB159}
IE - HKU\S-1-5-21-3404221819-1042420303-1083371019-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.spaceweather.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/11/25 10:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/17 19:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/11/25 10:57:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/17 19:06:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/23 20:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Harris PC\AppData\Roaming\Mozilla\Extensions
[2013/02/10 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Harris PC\AppData\Roaming\Mozilla\Firefox\Profiles\du7ogiuo.default\extensions
[2012/12/19 21:27:35 | 000,000,000 | ---D | M] (Zoom Downloader) -- C:\Users\The Harris PC\AppData\Roaming\Mozilla\Firefox\Profiles\du7ogiuo.default\extensions\downloadmanager@zoomdownloader.com
[2013/02/27 20:41:11 | 000,004,021 | ---- | M] () (No name found) -- C:\Users\The Harris PC\AppData\Roaming\Mozilla\Firefox\Profiles\du7ogiuo.default\extensions\{423f1111-bcad-4877-b419-1d536ea5ba9b}.xpi
[2013/01/11 00:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 00:21:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 06:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 06:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

O1 HOSTS File: ([2013/02/09 10:49:57 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 95.211.0.120 www.google-analytics.com.
O1 - Hosts: 95.211.0.120 ad-emea.doubleclick.net.
O1 - Hosts: 95.211.0.120 www.statcounter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121123203403.dll (McAfee, Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121124234802.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3404221819-1042420303-1083371019-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3404221819-1042420303-1083371019-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\The Harris PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B4FF67-EC0F-46E6-94A9-75B38569E0A2}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B886C3-149E-4A59-A3C1-4639F099CD15}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\830\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\830\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/01 03:46:19 | 000,000,000 | ---D | C] -- C:\FRST
[2013/02/28 21:32:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Harris PC\Desktop\OTL.exe
[2013/02/28 21:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/02/27 21:15:46 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/02/26 19:25:48 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013/02/14 08:05:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/02/14 08:05:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/02/14 08:05:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/02/14 08:05:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/02/14 08:05:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/02/14 08:05:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/02/14 08:05:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/02/14 08:05:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/02/14 08:05:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/02/14 08:05:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/02/14 08:05:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/02/14 08:05:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/02/14 08:05:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/02/14 08:05:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/02/14 08:05:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/02/14 01:57:02 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/02/14 01:57:01 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/02/14 01:57:01 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/02/14 01:56:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/02/14 01:56:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/02/14 01:56:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/02/14 01:56:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/02/14 01:56:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/02/14 01:56:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/02/14 01:56:32 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/09 10:49:24 | 000,142,336 | ---- | C] (PCMCIA) -- C:\Users\The Harris PC\AppData\Roaming\dosfp.dll

========== Files - Modified Within 30 Days ==========

[2013/02/28 21:34:44 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/28 21:34:44 | 000,628,904 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/28 21:34:44 | 000,110,798 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/28 21:32:35 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 21:32:35 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 21:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Harris PC\Desktop\OTL.exe
[2013/02/28 21:29:41 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013/02/28 21:25:43 | 000,002,050 | ---- | M] () -- C:\Users\The Harris PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2013/02/28 21:25:30 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/02/28 21:25:29 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/28 21:25:16 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/28 21:24:28 | 3134,562,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 22:24:09 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 22:22:46 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 22:22:46 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/26 18:02:15 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/02/26 08:06:48 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/14 08:43:15 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/09 10:49:57 | 000,001,392 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/02/09 10:49:24 | 000,142,336 | ---- | M] (PCMCIA) -- C:\Users\The Harris PC\AppData\Roaming\dosfp.dll

========== Files Created - No Company Name ==========

[2013/01/29 19:41:05 | 000,007,597 | ---- | C] () -- C:\Users\The Harris PC\AppData\Local\Resmon.ResmonCfg
[2013/01/24 20:53:06 | 000,103,272 | ---- | C] () -- C:\Users\The Harris PC\GoToAssistDownloadHelper.exe
[2013/01/12 14:58:57 | 000,000,052 | ---- | C] () -- C:\Users\The Harris PC\jagex_cl_runescape_LIVE.dat
[2013/01/12 14:58:57 | 000,000,024 | ---- | C] () -- C:\Users\The Harris PC\random.dat
[2012/12/11 11:56:11 | 003,083,328 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/29 17:07:21 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/08/29 17:03:42 | 000,028,528 | ---- | C] () -- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
[2012/08/29 17:00:48 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/05/11 18:08:01 | 000,110,592 | ---- | C] () -- C:\Users\The Harris PC\AppData\Roaming\skype.dat
[2012/05/10 15:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/05/10 14:24:08 | 013,214,720 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/03/27 02:08:42 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/03/27 02:08:42 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/03/27 02:08:42 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/03 05:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/21 03:24:28 | 000,000,000 | -HSD | M] -- C:\Users\The Harris PC\AppData\Roaming\6C3EB9
[2012/12/19 21:35:34 | 000,000,000 | ---D | M] -- C:\Users\The Harris PC\AppData\Roaming\Boilsoft
[2013/02/18 00:33:34 | 000,000,000 | ---D | M] -- C:\Users\The Harris PC\AppData\Roaming\SoftGrid Client
[2012/11/22 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\The Harris PC\AppData\Roaming\Toshiba
[2013/01/15 23:46:57 | 000,000,000 | ---D | M] -- C:\Users\The Harris PC\AppData\Roaming\TOSHIBA Online Product Information
[2012/12/11 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\The Harris PC\AppData\Roaming\TP
[2012/11/22 20:54:36 | 000,000,000 | ---D | M] -- C:\Users\The Harris PC\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 28/02/2013 21:33:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Harris PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.89 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 64.85% Memory free
7.78 Gb Paging File | 6.12 Gb Available in Paging File | 78.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.57 Gb Total Space | 378.28 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: THEHARRISPC | User Name: The Harris PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3404221819-1042420303-1083371019-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}" = Premium Sound HD
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"EA90D42054890B3938D0BEF1E8A316D20C6D6003" = Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (12/02/2011 2.3.8.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07EA4E9F-BD35-4F38-9809-D825B772B833}" = Image Optimizer 3.0
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216DF734-6004-42C7-AFC9-A81DFD344BA8}" = Nero BurnRights 11
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1" = Boilsoft Video Splitter 6.33
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D2122D0-66F7-4A53-96FC-079C900B1CAF}" = Nero BurnRights 11 Help (CHM)
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{8220FCF2-A57F-4236-BFCC-C6C2268E851E}" = RtkClassFilter
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}" = Nero 11 Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger

nukeboy · Feb 28, 2013

OTL kept sticking at bootstat hence delay in posting
pc working in normal mode now but havent started anything but otl and internet is off awaiting your next instruction. Cheers

Fiery · Feb 28, 2013

There are some left-over we need to remove. Don't connect to the internet for now.

Download TDSSkiller from here

Double-Click on TDSSKiller.exe to run the application
When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
click Start scan .
If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Attach the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
[2012/12/19 21:27:35 | 000,000,000 | ---D | M] (Zoom Downloader) -- C:\Users\The Harris PC\AppData\Roaming\Mozilla\Firefox\Profiles\du7ogiuo.default\extensions\downloadmanager@zoomdownloader.com
O3 - HKU\S-1-5-21-3404221819-1042420303-1083371019-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Files
C:\Users\The Harris PC\AppData\Roaming\dosfp.dll
C:\Users\The Harris PC\random.dat
C:\Users\The Harris PC\AppData\Roaming\skype.dat
C:\Users\The Harris PC\AppData\Roaming\6C3EB9
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Upload a File to Virustotal - Enable your internet for this brief step and disable it after.
Please visit Virustotal.com

Click the Browse... button
Navigate to the file C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
Click the Open button
Click the Send button
Copy and paste the results back here.

nukeboy · Mar 1, 2013

No txt file gnerated by tdss but this is the report turned ito a txt file:

17:48:31.0135 3444 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:48:31.0401 3444 ============================================================
17:48:31.0401 3444 Current date / time: 2013/03/01 17:48:31.0401
17:48:31.0401 3444 SystemInfo:
17:48:31.0401 3444
17:48:31.0401 3444 OS Version: 6.1.7601 ServicePack: 1.0
17:48:31.0401 3444 Product type: Workstation
17:48:31.0401 3444 ComputerName: THEHARRISPC
17:48:31.0401 3444 UserName: The Harris PC
17:48:31.0401 3444 Windows directory: C:\windows
17:48:31.0401 3444 System windows directory: C:\windows
17:48:31.0401 3444 Running under WOW64
17:48:31.0401 3444 Processor architecture: Intel x64
17:48:31.0401 3444 Number of processors: 2
17:48:31.0401 3444 Page size: 0x1000
17:48:31.0401 3444 Boot type: Normal boot
17:48:31.0401 3444 ============================================================
17:48:32.0321 3444 BG loaded
17:48:32.0680 3444 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:48:32.0680 3444 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:48:32.0680 3444 ============================================================
17:48:32.0680 3444 \Device\Harddisk0\DR0:
17:48:32.0680 3444 MBR partitions:
17:48:32.0680 3444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38122000
17:48:32.0680 3444 \Device\Harddisk1\DR1:
17:48:32.0680 3444 MBR partitions:
17:48:32.0680 3444 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEC24E
17:48:32.0680 3444 ============================================================
17:48:32.0727 3444 C: <-> \Device\Harddisk0\DR0\Partition1
17:48:32.0727 3444 ============================================================
17:48:32.0727 3444 Initialize success
17:48:32.0727 3444 ============================================================
17:58:49.0168 3000 ============================================================
17:58:49.0168 3000 Scan started
17:58:49.0168 3000 Mode: Manual; SigCheck; TDLFS;
17:58:49.0168 3000 ============================================================
17:58:49.0371 3000 ================ Scan system memory ========================
17:58:49.0371 3000 System memory - ok
17:58:49.0371 3000 ================ Scan services =============================
17:58:49.0589 3000 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:58:49.0683 3000 1394ohci - ok
17:58:49.0745 3000 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:58:49.0776 3000 ACPI - ok
17:58:49.0823 3000 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:58:49.0901 3000 AcpiPmi - ok
17:58:49.0995 3000 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:58:50.0010 3000 AdobeARMservice - ok
17:58:50.0151 3000 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:58:50.0166 3000 AdobeFlashPlayerUpdateSvc - ok
17:58:50.0213 3000 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:58:50.0244 3000 adp94xx - ok
17:58:50.0244 3000 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
17:58:50.0260 3000 adpahci - ok
17:58:50.0275 3000 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:58:50.0291 3000 adpu320 - ok
17:58:50.0307 3000 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:58:50.0463 3000 AeLookupSvc - ok
17:58:50.0509 3000 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:58:50.0556 3000 AFD - ok
17:58:50.0603 3000 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:58:50.0619 3000 agp440 - ok
17:58:50.0665 3000 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:58:50.0712 3000 ALG - ok
17:58:50.0743 3000 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:58:50.0759 3000 aliide - ok
17:58:50.0775 3000 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:58:50.0790 3000 amdide - ok
17:58:50.0821 3000 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:58:50.0853 3000 AmdK8 - ok
17:58:50.0868 3000 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:58:50.0899 3000 AmdPPM - ok
17:58:50.0899 3000 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:58:50.0915 3000 amdsata - ok
17:58:50.0915 3000 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:58:50.0931 3000 amdsbs - ok
17:58:50.0977 3000 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:58:51.0009 3000 amdxata - ok
17:58:51.0009 3000 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:58:51.0149 3000 AppID - ok
17:58:51.0196 3000 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:58:51.0274 3000 AppIDSvc - ok
17:58:51.0289 3000 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:58:51.0352 3000 Appinfo - ok
17:58:51.0399 3000 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
17:58:51.0430 3000 arc - ok
17:58:51.0430 3000 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
17:58:51.0445 3000 arcsas - ok
17:58:51.0461 3000 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:58:51.0539 3000 AsyncMac - ok
17:58:51.0586 3000 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:58:51.0601 3000 atapi - ok
17:58:51.0617 3000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:58:51.0695 3000 AudioEndpointBuilder - ok
17:58:51.0711 3000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:58:51.0742 3000 AudioSrv - ok
17:58:51.0789 3000 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:58:51.0867 3000 AxInstSV - ok
17:58:51.0898 3000 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:58:51.0945 3000 b06bdrv - ok
17:58:51.0976 3000 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:58:52.0023 3000 b57nd60a - ok
17:58:52.0054 3000 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:58:52.0085 3000 BDESVC - ok
17:58:52.0116 3000 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:58:52.0179 3000 Beep - ok
17:58:52.0225 3000 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
17:58:52.0288 3000 BITS - ok
17:58:52.0319 3000 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:58:52.0350 3000 blbdrive - ok
17:58:52.0397 3000 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:58:52.0428 3000 bowser - ok
17:58:52.0459 3000 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:58:52.0491 3000 BrFiltLo - ok
17:58:52.0491 3000 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:58:52.0522 3000 BrFiltUp - ok
17:58:52.0569 3000 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
17:58:52.0615 3000 Browser - ok
17:58:52.0647 3000 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:58:52.0740 3000 Brserid - ok
17:58:52.0740 3000 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:58:52.0771 3000 BrSerWdm - ok
17:58:52.0803 3000 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:58:52.0834 3000 BrUsbMdm - ok
17:58:52.0849 3000 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:58:52.0881 3000 BrUsbSer - ok
17:58:52.0943 3000 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:58:52.0990 3000 BthEnum - ok
17:58:52.0990 3000 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
17:58:53.0037 3000 BTHMODEM - ok
17:58:53.0052 3000 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:58:53.0068 3000 BthPan - ok
17:58:53.0099 3000 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:58:53.0146 3000 BTHPORT - ok
17:58:53.0161 3000 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:58:53.0193 3000 bthserv - ok
17:58:53.0224 3000 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:58:53.0239 3000 BTHUSB - ok
17:58:53.0255 3000 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:58:53.0333 3000 cdfs - ok
17:58:53.0364 3000 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:58:53.0380 3000 cdrom - ok
17:58:53.0411 3000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:58:53.0458 3000 CertPropSvc - ok
17:58:53.0489 3000 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\windows\system32\drivers\cfwids.sys
17:58:53.0520 3000 cfwids - ok
17:58:53.0520 3000 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
17:58:53.0551 3000 circlass - ok
17:58:53.0598 3000 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:58:53.0645 3000 CLFS - ok
17:58:53.0707 3000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:58:53.0739 3000 clr_optimization_v2.0.50727_32 - ok
17:58:53.0785 3000 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:58:53.0801 3000 clr_optimization_v2.0.50727_64 - ok
17:58:53.0863 3000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:58:53.0895 3000 clr_optimization_v4.0.30319_32 - ok
17:58:53.0926 3000 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:58:53.0957 3000 clr_optimization_v4.0.30319_64 - ok
17:58:53.0973 3000 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:58:54.0004 3000 CmBatt - ok
17:58:54.0035 3000 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:58:54.0051 3000 cmdide - ok
17:58:54.0097 3000 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
17:58:54.0144 3000 CNG - ok
17:58:54.0175 3000 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:58:54.0175 3000 Compbatt - ok
17:58:54.0191 3000 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:58:54.0253 3000 CompositeBus - ok
17:58:54.0253 3000 COMSysApp - ok
17:58:54.0300 3000 [ 723E3512D6D1FF75E5398981B38FCEF7 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
17:58:54.0316 3000 cphs - ok
17:58:54.0331 3000 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:58:54.0331 3000 crcdisk - ok
17:58:54.0378 3000 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
17:58:54.0425 3000 CryptSvc - ok
17:58:54.0550 3000 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:58:54.0581 3000 cvhsvc - ok
17:58:54.0628 3000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:58:54.0690 3000 DcomLaunch - ok
17:58:54.0706 3000 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:58:54.0768 3000 defragsvc - ok
17:58:54.0799 3000 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:58:54.0846 3000 DfsC - ok
17:58:54.0877 3000 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:58:54.0971 3000 Dhcp - ok
17:58:54.0987 3000 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:58:55.0033 3000 discache - ok
17:58:55.0049 3000 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
17:58:55.0065 3000 Disk - ok
17:58:55.0096 3000 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:58:55.0127 3000 Dnscache - ok
17:58:55.0158 3000 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:58:55.0205 3000 dot3svc - ok
17:58:55.0221 3000 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:58:55.0283 3000 DPS - ok
17:58:55.0314 3000 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:58:55.0345 3000 drmkaud - ok
17:58:55.0392 3000 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:58:55.0423 3000 DXGKrnl - ok
17:58:55.0455 3000 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:58:55.0517 3000 EapHost - ok
17:58:55.0595 3000 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
17:58:55.0689 3000 ebdrv - ok
17:58:55.0704 3000 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:58:55.0751 3000 EFS - ok
17:58:55.0829 3000 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:58:55.0923 3000 ehRecvr - ok
17:58:55.0938 3000 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:58:55.0969 3000 ehSched - ok
17:58:56.0001 3000 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:58:56.0032 3000 elxstor - ok
17:58:56.0047 3000 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:58:56.0079 3000 ErrDev - ok
17:58:56.0125 3000 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:58:56.0172 3000 EventSystem - ok
17:58:56.0188 3000 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:58:56.0235 3000 exfat - ok
17:58:56.0281 3000 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:58:56.0375 3000 fastfat - ok
17:58:56.0422 3000 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:58:56.0469 3000 Fax - ok
17:58:56.0484 3000 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
17:58:56.0515 3000 fdc - ok
17:58:56.0531 3000 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:58:56.0609 3000 fdPHost - ok
17:58:56.0640 3000 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:58:56.0718 3000 FDResPub - ok
17:58:56.0765 3000 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:58:56.0781 3000 FileInfo - ok
17:58:56.0796 3000 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:58:56.0843 3000 Filetrace - ok
17:58:56.0890 3000 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:58:56.0905 3000 flpydisk - ok
17:58:56.0937 3000 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:58:56.0952 3000 FltMgr - ok
17:58:56.0999 3000 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
17:58:57.0046 3000 FontCache - ok
17:58:57.0124 3000 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:58:57.0124 3000 FontCache3.0.0.0 - ok
17:58:57.0139 3000 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:58:57.0155 3000 FsDepends - ok
17:58:57.0202 3000 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:58:57.0202 3000 Fs_Rec - ok
17:58:57.0249 3000 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:58:57.0264 3000 fvevol - ok
17:58:57.0295 3000 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:58:57.0311 3000 gagp30kx - ok
17:58:57.0358 3000 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:58:57.0373 3000 GamesAppService - ok
17:58:57.0420 3000 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
17:58:57.0436 3000 GFNEXSrv - ok
17:58:57.0498 3000 [ 3EC75EA47770674767EC486393B411DC ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\830\g2aservice.exe
17:58:57.0498 3000 GoToAssist - ok
17:58:57.0545 3000 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:58:57.0592 3000 gpsvc - ok
17:58:57.0670 3000 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:58:57.0670 3000 gupdate - ok
17:58:57.0701 3000 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:58:57.0717 3000 gupdatem - ok
17:58:57.0748 3000 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:58:57.0779 3000 hcw85cir - ok
17:58:57.0810 3000 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:58:57.0841 3000 HdAudAddService - ok
17:58:57.0888 3000 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:58:57.0919 3000 HDAudBus - ok
17:58:57.0935 3000 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:58:57.0982 3000 HidBatt - ok
17:58:58.0013 3000 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:58:58.0044 3000 HidBth - ok
17:58:58.0044 3000 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
17:58:58.0075 3000 HidIr - ok
17:58:58.0091 3000 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:58:58.0169 3000 hidserv - ok
17:58:58.0216 3000 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
17:58:58.0231 3000 HidUsb - ok
17:58:58.0247 3000 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
17:58:58.0263 3000 HipShieldK - ok
17:58:58.0294 3000 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:58:58.0372 3000 hkmsvc - ok
17:58:58.0387 3000 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:58:58.0465 3000 HomeGroupListener - ok
17:58:58.0512 3000 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:58:58.0559 3000 HomeGroupProvider - ok
17:58:58.0575 3000 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:58:58.0590 3000 HpSAMD - ok
17:58:58.0653 3000 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:58:58.0731 3000 HTTP - ok
17:58:58.0731 3000 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:58:58.0746 3000 hwpolicy - ok
17:58:58.0762 3000 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
17:58:58.0777 3000 i8042prt - ok
17:58:58.0824 3000 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:58:58.0840 3000 iaStor - ok
17:58:58.0887 3000 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:58:58.0902 3000 iaStorV - ok
17:58:58.0965 3000 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:58:58.0980 3000 idsvc - ok
17:58:59.0308 3000 [ 9AA61DC7AA32C1D1260C4267FF07E0C1 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:58:59.0557 3000 igfx - ok
17:58:59.0573 3000 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:58:59.0589 3000 iirsp - ok
17:58:59.0635 3000 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:58:59.0698 3000 IKEEXT - ok
17:58:59.0854 3000 [ 7C49C45A86CC0CD59C36701FB2A91E77 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
17:58:59.0932 3000 IntcAzAudAddService - ok
17:58:59.0979 3000 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:59:00.0057 3000 IntcDAud - ok
17:59:00.0150 3000 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:59:00.0181 3000 Intel(R) Capability Licensing Service Interface - ok
17:59:00.0213 3000 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
17:59:00.0228 3000 Intel(R) ME Service - ok
17:59:00.0259 3000 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:59:00.0275 3000 intelide - ok
17:59:00.0306 3000 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:59:00.0337 3000 intelppm - ok
17:59:00.0353 3000 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:59:00.0415 3000 IPBusEnum - ok
17:59:00.0431 3000 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:59:00.0478 3000 IpFilterDriver - ok
17:59:00.0478 3000 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:59:00.0493 3000 IPMIDRV - ok
17:59:00.0509 3000 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:59:00.0540 3000 IPNAT - ok
17:59:00.0571 3000 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:59:00.0603 3000 IRENUM - ok
17:59:00.0618 3000 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:59:00.0634 3000 isapnp - ok
17:59:00.0665 3000 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:59:00.0681 3000 iScsiPrt - ok
17:59:00.0712 3000 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
17:59:00.0743 3000 iusb3hcs - ok
17:59:00.0759 3000 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
17:59:00.0774 3000 iusb3hub - ok
17:59:00.0805 3000 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
17:59:00.0821 3000 iusb3xhc - ok
17:59:00.0852 3000 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:59:00.0868 3000 jhi_service - ok
17:59:00.0915 3000 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:59:00.0946 3000 kbdclass - ok
17:59:00.0961 3000 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:59:00.0993 3000 kbdhid - ok
17:59:01.0008 3000 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:59:01.0039 3000 KeyIso - ok
17:59:01.0055 3000 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:59:01.0071 3000 KSecDD - ok
17:59:01.0086 3000 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:59:01.0102 3000 KSecPkg - ok
17:59:01.0133 3000 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:59:01.0180 3000 ksthunk - ok
17:59:01.0211 3000 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:59:01.0258 3000 KtmRm - ok
17:59:01.0305 3000 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
17:59:01.0383 3000 LanmanServer - ok
17:59:01.0398 3000 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:59:01.0461 3000 LanmanWorkstation - ok
17:59:01.0476 3000 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:59:01.0523 3000 lltdio - ok
17:59:01.0539 3000 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:59:01.0585 3000 lltdsvc - ok
17:59:01.0617 3000 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:59:01.0648 3000 lmhosts - ok
17:59:01.0695 3000 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:59:01.0695 3000 LMS - ok
17:59:01.0741 3000 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:59:01.0757 3000 LSI_FC - ok
17:59:01.0757 3000 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:59:01.0773 3000 LSI_SAS - ok
17:59:01.0788 3000 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:59:01.0788 3000 LSI_SAS2 - ok
17:59:01.0804 3000 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:59:01.0819 3000 LSI_SCSI - ok
17:59:01.0851 3000 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:59:01.0897 3000 luafv - ok
17:59:01.0975 3000 [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
17:59:02.0022 3000 McAWFwk - ok
17:59:02.0085 3000 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:59:02.0116 3000 McMPFSvc - ok
17:59:02.0131 3000 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:59:02.0163 3000 mcmscsvc - ok
17:59:02.0178 3000 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:59:02.0194 3000 McNaiAnn - ok
17:59:02.0194 3000 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:59:02.0209 3000 McNASvc - ok
17:59:02.0256 3000 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
17:59:02.0287 3000 McODS - ok
17:59:02.0303 3000 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:59:02.0319 3000 McOobeSv - ok
17:59:02.0334 3000 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:59:02.0350 3000 McProxy - ok
17:59:02.0412 3000 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:59:02.0443 3000 McShield - ok
17:59:02.0475 3000 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:59:02.0521 3000 Mcx2Svc - ok
17:59:02.0553 3000 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
17:59:02.0584 3000 megasas - ok
17:59:02.0584 3000 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:59:02.0615 3000 MegaSR - ok
17:59:02.0631 3000 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:59:02.0631 3000 MEIx64 - ok
17:59:02.0693 3000 [ C73B93FED17829F11273459DA05E1976 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
17:59:02.0724 3000 mfeapfk - ok
17:59:02.0771 3000 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
17:59:02.0802 3000 mfeavfk - ok
17:59:02.0833 3000 mfeavfk01 - ok
17:59:02.0865 3000 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:59:02.0880 3000 mfefire - ok
17:59:02.0927 3000 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\windows\system32\drivers\mfefirek.sys
17:59:02.0943 3000 mfefirek - ok
17:59:02.0989 3000 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
17:59:03.0021 3000 mfehidk - ok
17:59:03.0083 3000 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\windows\system32\drivers\mferkdet.sys
17:59:03.0099 3000 mferkdet - ok
17:59:03.0130 3000 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
17:59:03.0145 3000 mfevtp - ok
17:59:03.0192 3000 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
17:59:03.0208 3000 mfewfpk - ok
17:59:03.0239 3000 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:59:03.0301 3000 MMCSS - ok
17:59:03.0317 3000 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:59:03.0348 3000 Modem - ok
17:59:03.0379 3000 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:59:03.0426 3000 monitor - ok
17:59:03.0442 3000 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:59:03.0473 3000 mouclass - ok
17:59:03.0489 3000 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
17:59:03.0520 3000 mouhid - ok
17:59:03.0551 3000 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:59:03.0582 3000 mountmgr - ok
17:59:03.0660 3000 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:59:03.0691 3000 MozillaMaintenance - ok
17:59:03.0738 3000 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:59:03.0754 3000 mpio - ok
17:59:03.0769 3000 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:59:03.0816 3000 mpsdrv - ok
17:59:03.0816 3000 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:59:03.0863 3000 MRxDAV - ok
17:59:03.0910 3000 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:59:03.0988 3000 mrxsmb - ok
17:59:04.0019 3000 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:59:04.0066 3000 mrxsmb10 - ok
17:59:04.0113 3000 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:59:04.0159 3000 mrxsmb20 - ok
17:59:04.0191 3000 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
17:59:04.0206 3000 msahci - ok
17:59:04.0237 3000 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:59:04.0253 3000 msdsm - ok
17:59:04.0284 3000 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:59:04.0300 3000 MSDTC - ok
17:59:04.0347 3000 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:59:04.0378 3000 Msfs - ok
17:59:04.0393 3000 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:59:04.0456 3000 mshidkmdf - ok
17:59:04.0471 3000 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:59:04.0487 3000 msisadrv - ok
17:59:04.0518 3000 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:59:04.0565 3000 MSiSCSI - ok
17:59:04.0565 3000 msiserver - ok
17:59:04.0612 3000 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:59:04.0627 3000 MSK80Service - ok
17:59:04.0643 3000 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:59:04.0690 3000 MSKSSRV - ok
17:59:04.0721 3000 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:59:04.0768 3000 MSPCLOCK - ok
17:59:04.0783 3000 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:59:04.0846 3000 MSPQM - ok
17:59:04.0877 3000 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:59:04.0924 3000 MsRPC - ok
17:59:04.0939 3000 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
17:59:04.0955 3000 mssmbios - ok
17:59:04.0955 3000 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:59:05.0017 3000 MSTEE - ok
17:59:05.0033 3000 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:59:05.0033 3000 MTConfig - ok
17:59:05.0064 3000 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:59:05.0080 3000 Mup - ok
17:59:05.0111 3000 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:59:05.0158 3000 napagent - ok
17:59:05.0205 3000 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:59:05.0283 3000 NativeWifiP - ok
17:59:05.0361 3000 [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
17:59:05.0392 3000 NAUpdate - ok
17:59:05.0407 3000 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\windows\system32\DRIVERS\NBVol.sys
17:59:05.0423 3000 NBVol - ok
17:59:05.0454 3000 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\windows\system32\DRIVERS\NBVolUp.sys
17:59:05.0454 3000 NBVolUp - ok
17:59:05.0501 3000 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
17:59:05.0548 3000 NDIS - ok
17:59:05.0563 3000 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:59:05.0610 3000 NdisCap - ok
17:59:05.0626 3000 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:59:05.0657 3000 NdisTapi - ok
17:59:05.0673 3000 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:59:05.0719 3000 Ndisuio - ok
17:59:05.0751 3000 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:59:05.0797 3000 NdisWan - ok
17:59:05.0829 3000 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:59:05.0875 3000 NDProxy - ok
17:59:05.0907 3000 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:59:05.0969 3000 NetBIOS - ok
17:59:05.0985 3000 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:59:06.0031 3000 NetBT - ok
17:59:06.0063 3000 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:59:06.0078 3000 Netlogon - ok
17:59:06.0109 3000 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:59:06.0172 3000 Netman - ok
17:59:06.0203 3000 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:59:06.0234 3000 netprofm - ok
17:59:06.0265 3000 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:59:06.0265 3000 NetTcpPortSharing - ok
17:59:06.0297 3000 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:59:06.0312 3000 nfrd960 - ok
17:59:06.0359 3000 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
17:59:06.0437 3000 NlaSvc - ok
17:59:06.0468 3000 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:59:06.0515 3000 Npfs - ok
17:59:06.0515 3000 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:59:06.0562 3000 nsi - ok
17:59:06.0593 3000 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:59:06.0671 3000 nsiproxy - ok
17:59:06.0749 3000 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:59:06.0780 3000 Ntfs - ok
17:59:06.0811 3000 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:59:06.0858 3000 Null - ok
17:59:06.0874 3000 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:59:06.0889 3000 nvraid - ok
17:59:06.0889 3000 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:59:06.0905 3000 nvstor - ok
17:59:06.0905 3000 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:59:06.0921 3000 nv_agp - ok
17:59:06.0936 3000 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:59:06.0967 3000 ohci1394 - ok
17:59:07.0030 3000 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:59:07.0061 3000 ose - ok
17:59:07.0186 3000 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:59:07.0311 3000 osppsvc - ok
17:59:07.0342 3000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:59:07.0373 3000 p2pimsvc - ok
17:59:07.0404 3000 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:59:07.0435 3000 p2psvc - ok
17:59:07.0451 3000 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
17:59:07.0482 3000 Parport - ok
17:59:07.0513 3000 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:59:07.0529 3000 partmgr - ok
17:59:07.0560 3000 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:59:07.0607 3000 PcaSvc - ok
17:59:07.0638 3000 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:59:07.0654 3000 pci - ok
17:59:07.0685 3000 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
17:59:07.0701 3000 pciide - ok
17:59:07.0732 3000 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:59:07.0747 3000 pcmcia - ok
17:59:07.0763 3000 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:59:07.0763 3000 pcw - ok
17:59:07.0794 3000 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:59:07.0841 3000 PEAUTH - ok
17:59:07.0919 3000 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:59:07.0966 3000 PerfHost - ok
17:59:08.0028 3000 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
17:59:08.0028 3000 PGEffect - ok
17:59:08.0091 3000 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:59:08.0169 3000 pla - ok
17:59:08.0200 3000 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:59:08.0247 3000 PlugPlay - ok
17:59:08.0278 3000 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:59:08.0309 3000 PNRPAutoReg - ok
17:59:08.0340 3000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:59:08.0356 3000 PNRPsvc - ok
17:59:08.0387 3000 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:59:08.0449 3000 PolicyAgent - ok
17:59:08.0481 3000 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
17:59:08.0527 3000 Power - ok
17:59:08.0543 3000 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:59:08.0605 3000 PptpMiniport - ok
17:59:08.0605 3000 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
17:59:08.0637 3000 Processor - ok
17:59:08.0668 3000 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:59:08.0730 3000 ProfSvc - ok
17:59:08.0746 3000 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:59:08.0761 3000 ProtectedStorage - ok
17:59:08.0793 3000 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:59:08.0824 3000 Psched - ok
17:59:08.0855 3000 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:59:08.0902 3000 ql2300 - ok
17:59:08.0917 3000 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:59:08.0933 3000 ql40xx - ok
17:59:08.0964 3000 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:59:08.0980 3000 QWAVE - ok
17:59:08.0995 3000 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:59:09.0027 3000 QWAVEdrv - ok
17:59:09.0042 3000 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:59:09.0073 3000 RasAcd - ok
17:59:09.0105 3000 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:59:09.0151 3000 RasAgileVpn - ok
17:59:09.0167 3000 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:59:09.0214 3000 RasAuto - ok
17:59:09.0245 3000 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:59:09.0339 3000 Rasl2tp - ok
17:59:09.0354 3000 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:59:09.0401 3000 RasMan - ok
17:59:09.0432 3000 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:59:09.0479 3000 RasPppoe - ok
17:59:09.0510 3000 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:59:09.0541 3000 RasSstp - ok
17:59:09.0557 3000 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:59:09.0604 3000 rdbss - ok
17:59:09.0619 3000 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:59:09.0635 3000 rdpbus - ok
17:59:09.0697 3000 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:59:09.0744 3000 RDPCDD - ok
17:59:09.0760 3000 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:59:09.0807 3000 RDPENCDD - ok
17:59:09.0838 3000 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:59:09.0885 3000 RDPREFMP - ok
17:59:09.0931 3000 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:59:09.0994 3000 RDPWD - ok
17:59:10.0025 3000 [ A115F49BEA840A5F049BC6310F35F776 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:59:10.0041 3000 rdyboost - ok
17:59:10.0072 3000 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:59:10.0165 3000 RemoteAccess - ok
17:59:10.0181 3000 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:59:10.0243 3000 RemoteRegistry - ok
17:59:10.0259 3000 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:59:10.0290 3000 RFCOMM - ok
17:59:10.0321 3000 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:59:10.0368 3000 RpcEptMapper - ok
17:59:10.0384 3000 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:59:10.0431 3000 RpcLocator - ok
17:59:10.0462 3000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:59:10.0509 3000 RpcSs - ok
17:59:10.0540 3000 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:59:10.0571 3000 rspndr - ok
17:59:10.0587 3000 [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
17:59:10.0602 3000 RSUSBSTOR - ok
17:59:10.0633 3000 [ B708BBAB80C60EE613DEE52A1A0A8538 ] RtkBtFilter C:\windows\system32\DRIVERS\RtkBtfilter.sys
17:59:10.0633 3000 RtkBtFilter - ok
17:59:10.0680 3000 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:59:10.0711 3000 RTL8167 - ok
17:59:10.0758 3000 [ 8328468053CEDFD7198BEE178C501989 ] RTL8192Ce C:\windows\system32\DRIVERS\rtwlane.sys
17:59:10.0789 3000 RTL8192Ce - ok
17:59:10.0789 3000 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:59:10.0805 3000 SamSs - ok
17:59:10.0836 3000 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:59:10.0836 3000 sbp2port - ok
17:59:10.0867 3000 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:59:10.0945 3000 SCardSvr - ok
17:59:10.0977 3000 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:59:11.0023 3000 scfilter - ok
17:59:11.0055 3000 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:59:11.0101 3000 Schedule - ok
17:59:11.0133 3000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:59:11.0164 3000 SCPolicySvc - ok
17:59:11.0195 3000 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:59:11.0226 3000 SDRSVC - ok
17:59:11.0242 3000 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:59:11.0289 3000 secdrv - ok
17:59:11.0304 3000 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:59:11.0351 3000 seclogon - ok
17:59:11.0382 3000 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:59:11.0429 3000 SENS - ok
17:59:11.0445 3000 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:59:11.0491 3000 SensrSvc - ok
17:59:11.0491 3000 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
17:59:11.0523 3000 Serenum - ok
17:59:11.0554 3000 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
17:59:11.0585 3000 Serial - ok
17:59:11.0601 3000 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
17:59:11.0616 3000 sermouse - ok
17:59:11.0647 3000 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:59:11.0710 3000 SessionEnv - ok
17:59:11.0725 3000 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:59:11.0741 3000 sffdisk - ok
17:59:11.0757 3000 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:59:11.0788 3000 sffp_mmc - ok
17:59:11.0803 3000 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:59:11.0835 3000 sffp_sd - ok
17:59:11.0850 3000 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:59:11.0866 3000 sfloppy - ok
17:59:11.0913 3000 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
17:59:11.0959 3000 Sftfs - ok
17:59:12.0022 3000 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:59:12.0069 3000 sftlist - ok
17:59:12.0100 3000 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
17:59:12.0115 3000 Sftplay - ok
17:59:12.0131 3000 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
17:59:12.0147 3000 Sftredir - ok
17:59:12.0193 3000 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
17:59:12.0193 3000 Sftvol - ok
17:59:12.0240 3000 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:59:12.0256 3000 sftvsa - ok
17:59:12.0303 3000 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:59:12.0349 3000 ShellHWDetection - ok
17:59:12.0365 3000 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:59:12.0381 3000 SiSRaid2 - ok
17:59:12.0381 3000 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:59:12.0396 3000 SiSRaid4 - ok
17:59:12.0443 3000 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:59:12.0443 3000 SkypeUpdate - ok
17:59:12.0459 3000 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:59:12.0505 3000 Smb - ok
17:59:12.0552 3000 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:59:12.0568 3000 SNMPTRAP - ok
17:59:12.0615 3000 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:59:12.0630 3000 spldr - ok
17:59:12.0677 3000 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
17:59:12.0708 3000 Spooler - ok
17:59:12.0786 3000 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:59:12.0864 3000 sppsvc - ok
17:59:12.0911 3000 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:59:12.0958 3000 sppuinotify - ok
17:59:12.0989 3000 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:59:13.0020 3000 srv - ok
17:59:13.0051 3000 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:59:13.0098 3000 srv2 - ok
17:59:13.0145 3000 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:59:13.0161 3000 srvnet - ok
17:59:13.0207 3000 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:59:13.0239 3000 SSDPSRV - ok
17:59:13.0270 3000 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:59:13.0301 3000 SstpSvc - ok
17:59:13.0348 3000 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
17:59:13.0363 3000 stexstor - ok
17:59:13.0410 3000 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:59:13.0441 3000 stisvc - ok
17:59:13.0473 3000 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
17:59:13.0488 3000 swenum - ok
17:59:13.0519 3000 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:59:13.0582 3000 swprv - ok
17:59:13.0597 3000 [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:59:13.0613 3000 SynTP - ok
17:59:13.0691 3000 [ 7BE4CDEA6BC7832BFE3112A350D8B9EA ] SysMain C:\windows\system32\sysmain.dll
17:59:13.0769 3000 SysMain - ok
17:59:13.0800 3000 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:59:13.0816 3000 TabletInputService - ok
17:59:13.0831 3000 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:59:13.0894 3000 TapiSrv - ok
17:59:13.0941 3000 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:59:13.0972 3000 TBS - ok
17:59:14.0019 3000 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:59:14.0065 3000 Tcpip - ok
17:59:14.0081 3000 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:59:14.0128 3000 TCPIP6 - ok
17:59:14.0190 3000 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:59:14.0221 3000 tcpipreg - ok
17:59:14.0221 3000 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
17:59:14.0237 3000 tdcmdpst - ok
17:59:14.0268 3000 TDEIO - ok
17:59:14.0284 3000 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:59:14.0331 3000 TDPIPE - ok
17:59:14.0362 3000 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:59:14.0393 3000 TDTCP - ok
17:59:14.0409 3000 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:59:14.0455 3000 tdx - ok
17:59:14.0502 3000 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
17:59:14.0518 3000 TemproMonitoringService - ok
17:59:14.0533 3000 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
17:59:14.0549 3000 TermDD - ok
17:59:14.0580 3000 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:59:14.0643 3000 TermService - ok
17:59:14.0658 3000 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:59:14.0689 3000 Themes - ok
17:59:14.0705 3000 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:59:14.0736 3000 THREADORDER - ok
17:59:14.0830 3000 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:59:14.0861 3000 TMachInfo - ok
17:59:14.0892 3000 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
17:59:14.0908 3000 TODDSrv - ok
17:59:15.0017 3000 [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:59:15.0048 3000 TosCoSrv - ok
17:59:15.0111 3000 [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:59:15.0142 3000 TOSHIBA Bluetooth Service - ok
17:59:15.0204 3000 [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
17:59:15.0220 3000 TOSHIBA eco Utility Service - ok
17:59:15.0282 3000 [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:59:15.0313 3000 TOSHIBA HDD SSD Alert Service - ok
17:59:15.0329 3000 [ B9FA0498F6CC596FFA5CF47A04CD1785 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
17:59:15.0345 3000 tosrfbd - ok
17:59:15.0360 3000 Tosrfcom - ok
17:59:15.0376 3000 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
17:59:15.0391 3000 tosrfec - ok
17:59:15.0407 3000 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
17:59:15.0407 3000 Tosrfhid - ok
17:59:15.0423 3000 [ AF8A0D2E2A41043A77CA77CCBDB8D9C2 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
17:59:15.0438 3000 Tosrfusb - ok
17:59:15.0469 3000 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
17:59:15.0501 3000 tos_sps64 - ok
17:59:15.0547 3000 [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
17:59:15.0594 3000 TPCHSrv - ok
17:59:15.0610 3000 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:59:15.0657 3000 TrkWks - ok
17:59:15.0719 3000 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:59:15.0813 3000 TrustedInstaller - ok
17:59:15.0859 3000 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:59:15.0937 3000 tssecsrv - ok
17:59:15.0953 3000 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:59:16.0015 3000 TsUsbFlt - ok
17:59:16.0047 3000 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:59:16.0062 3000 TsUsbGD - ok
17:59:16.0093 3000 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:59:16.0171 3000 tunnel - ok
17:59:16.0203 3000 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:59:16.0234 3000 TVALZ - ok
17:59:16.0249 3000 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
17:59:16.0265 3000 TVALZFL - ok
17:59:16.0312 3000 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:59:16.0327 3000 uagp35 - ok
17:59:16.0343 3000 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:59:16.0421 3000 udfs - ok
17:59:16.0452 3000 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:59:16.0499 3000 UI0Detect - ok
17:59:16.0499 3000 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:59:16.0515 3000 uliagpkx - ok
17:59:16.0530 3000 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:59:16.0577 3000 umbus - ok
17:59:16.0624 3000 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
17:59:16.0655 3000 UmPass - ok
17:59:16.0749 3000 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:59:16.0780 3000 UNS - ok
17:59:16.0795 3000 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:59:16.0858 3000 upnphost - ok
17:59:16.0873 3000 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:59:16.0889 3000 usbccgp - ok
17:59:16.0920 3000 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:59:16.0936 3000 usbcir - ok
17:59:16.0967 3000 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:59:16.0998 3000 usbehci - ok
17:59:17.0029 3000 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:59:17.0061 3000 usbhub - ok
17:59:17.0076 3000 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:59:17.0107 3000 usbohci - ok
17:59:17.0139 3000 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
17:59:17.0170 3000 usbprint - ok
17:59:17.0185 3000 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:59:17.0232 3000 USBSTOR - ok
17:59:17.0248 3000 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:59:17.0279 3000 usbuhci - ok
17:59:17.0310 3000 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:59:17.0341 3000 usbvideo - ok
17:59:17.0357 3000 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:59:17.0419 3000 UxSms - ok
17:59:17.0435 3000 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:59:17.0451 3000 VaultSvc - ok
17:59:17.0466 3000 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:59:17.0482 3000 vdrvroot - ok
17:59:17.0513 3000 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:59:17.0607 3000 vds - ok
17:59:17.0638 3000 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:59:17.0653 3000 vga - ok
17:59:17.0685 3000 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:59:17.0716 3000 VgaSave - ok
17:59:17.0747 3000 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:59:17.0747 3000 vhdmp - ok
17:59:17.0763 3000 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:59:17.0778 3000 viaide - ok
17:59:17.0809 3000 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:59:17.0825 3000 volmgr - ok
17:59:17.0841 3000 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:59:17.0856 3000 volmgrx - ok
17:59:17.0887 3000 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
17:59:17.0903 3000 volsnap - ok
17:59:17.0919 3000 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:59:17.0934 3000 vsmraid - ok
17:59:17.0997 3000 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:59:18.0106 3000 VSS - ok
17:59:18.0137 3000 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:59:18.0184 3000 vwifibus - ok
17:59:18.0215 3000 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:59:18.0246 3000 vwififlt - ok
17:59:18.0262 3000 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:59:18.0324 3000 W32Time - ok
17:59:18.0371 3000 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
17:59:18.0402 3000 WacomPen - ok
17:59:18.0418 3000 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:59:18.0465 3000 WANARP - ok
17:59:18.0465 3000 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:59:18.0496 3000 Wanarpv6 - ok
17:59:18.0574 3000 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:59:18.0636 3000 WatAdminSvc - ok
17:59:18.0699 3000 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:59:18.0761 3000 wbengine - ok
17:59:18.0777 3000 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:59:18.0808 3000 WbioSrvc - ok
17:59:18.0824 3000 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:59:18.0855 3000 wcncsvc - ok
17:59:18.0855 3000 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:59:18.0902 3000 WcsPlugInService - ok
17:59:18.0917 3000 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
17:59:18.0933 3000 Wd - ok
17:59:18.0980 3000 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:59:19.0011 3000 Wdf01000 - ok
17:59:19.0042 3000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:59:19.0120 3000 WdiServiceHost - ok
17:59:19.0136 3000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:59:19.0167 3000 WdiSystemHost - ok
17:59:19.0182 3000 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:59:19.0214 3000 WebClient - ok
17:59:19.0245 3000 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:59:19.0292 3000 Wecsvc - ok
17:59:19.0323 3000 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsuppor

Fiery · Mar 1, 2013

Can you attach the log instead of posting it? it's too long to fit it in one reply.

Or you just copy the last bits of the log

nukeboy · Mar 1, 2013

All processes killed
========== OTL ==========
Folder C:\Users\The Harris PC\AppData\Roaming\Mozilla\Firefox\Profiles\du7ogiuo.default\extensions\download??manager@zoomdownloader.com\ not found.
Registry value HKEY_USERS\S-1-5-21-3404221819-1042420303-1083371019-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== FILES ==========
C:\Users\The Harris PC\AppData\Roaming\dosfp.dll moved successfully.
C:\Users\The Harris PC\random.dat moved successfully.
C:\Users\The Harris PC\AppData\Roaming\skype.dat moved successfully.
C:\Users\The Harris PC\AppData\Roaming\6C3EB9 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\The Harris PC\Desktop\cmd.bat deleted successfully.
C:\Users\The Harris PC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: The Harris PC
->Temp folder emptied: 1305083158 bytes
->Temporary Internet Files folder emptied: 114367206 bytes
->Java cache emptied: 3665787 bytes
->FireFox cache emptied: 648112361 bytes
->Google Chrome cache emptied: 35748792 bytes
->Flash cache emptied: 65602 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 303221521 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53172 bytes
RecycleBin emptied: 10441348228 bytes

Total Files Cleaned = 12,256.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03012013_181246

Files\Folders moved on Reboot...
C:\Users\The Harris PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

nukeboy · Mar 1, 2013

SHA256: 43e1dee72e4b73f99cda69b74bfa60e1940634b2c23e7bc5dae170cbd5226c08
SHA1: a5b25734e0bc27794bec2c7e71641afb42a60c97
MD5: ad76646d2087325c728fcf698e03e591
File size: 27.9 KB ( 28528 bytes )
File name: rlt8723a_chip_bt40_fw_asic_rom_patch.dll
File type: unknown
Detection ratio: 0 / 46
Analysis date: 2013-03-01 18:52:55 UTC ( 0 minutes ago )

Fiery · Mar 1, 2013

Can you attach the log instead of posting it? it's too long to fit it in one post/reply.

Or you just copy the last bits of the log.

nukeboy · Mar 1, 2013

Apologies. Here is the TDDS scan report attached.

Fiery · Mar 1, 2013

Looking good

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
Click delete
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select Run as Administrator to start
Wait until Prescan has finished, then click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click delete and wait until it saids deleting finished
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

Then do a new FRST scan and post the results.

nukeboy · Mar 2, 2013

Good morning Fiery! Let us continue...

# AdwCleaner v2.113 - Logfile created 03/02/2013 at 09:07:19
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : The Harris PC - THEHARRISPC
# Boot Mode : Normal
# Running from : C:\Users\The Harris PC\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Zoom Downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Downloader
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\The Harris PC\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\The Harris PC\AppData\Roaming\Mozilla\Firefox\Profiles\du7ogiuo.default\extensions\downloadmanager@zoomdownloader.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{250BECD2-5C43-48CF-A3C6-666338526D67}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\The Harris PC\AppData\Roaming\Mozilla\Firefox\Profiles\du7ogiuo.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\The Harris PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2500 octets] - [02/03/2013 09:06:19]
AdwCleaner[S1].txt - [2465 octets] - [02/03/2013 09:07:19]

########## EOF - C:\AdwCleaner[S1].txt - [2525 octets] ##########

nukeboy · Mar 2, 2013

RK report

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : The Harris PC [Admin rights]
Mode : Remove -- Date : 03/02/2013 09:28:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++
--- User ---
[MBR] f586ff4775728fe19ff77ea5708023f6
[BSP] 329d995dfae54d13ed53511da10c466e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 459332 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 943785984 | Size: 16107 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03022013_02d0928.txt >>
RKreport[1]_S_03022013_02d0927.txt ; RKreport[2]_D_03022013_02d0928.txt

nukeboy · Mar 2, 2013

Latest FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013
Ran by The Harris PC at 02-03-2013 09:33:28
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========

2013-03-02 09:28 - 2013-03-02 09:28 - 00001827 ____A C:\Users\The Harris PC\Desktop\RKreport[2]_D_03022013_02d0928.txt
2013-03-02 09:27 - 2013-03-02 09:27 - 00002110 ____A C:\Users\The Harris PC\Desktop\RKreport[1]_S_03022013_02d0927.txt
2013-03-02 09:25 - 2013-03-02 09:27 - 00000000 ____D C:\Users\The Harris PC\Desktop\RK_Quarantine
2013-03-02 09:25 - 2013-03-02 09:15 - 00816640 ____A C:\Users\The Harris PC\Desktop\RogueKiller.exe
2013-03-02 09:07 - 2013-03-02 09:07 - 00002592 ____A C:\AdwCleaner[S1].txt
2013-03-02 09:06 - 2013-03-02 09:07 - 00002500 ____A C:\AdwCleaner[R1].txt
2013-03-02 09:05 - 2013-03-02 09:02 - 00594019 ____A C:\Users\The Harris PC\Desktop\AdwCleaner.exe
2013-03-01 18:12 - 2013-03-01 18:12 - 00000000 ____D C:\_OTL
2013-03-01 17:10 - 2013-03-01 18:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-01 17:05 - 2013-03-01 17:02 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\The Harris PC\Desktop\tdsskiller.exe
2013-03-01 03:46 - 2013-03-02 09:33 - 00000000 ____D C:\FRST
2013-02-28 21:48 - 2013-02-28 21:48 - 00044756 ____A C:\Users\The Harris PC\Desktop\Extras.Txt
2013-02-28 21:47 - 2013-02-28 21:47 - 00096366 ____A C:\Users\The Harris PC\Desktop\OTL.Txt
2013-02-28 21:32 - 2013-02-28 21:30 - 00602112 ____A (OldTimer Tools) C:\Users\The Harris PC\Desktop\OTL.exe
2013-02-27 21:15 - 2013-02-27 21:15 - 00000000 ____D C:\Windows\pss
2013-02-26 19:25 - 2013-02-26 19:25 - 00000000 ____D C:\Windows\Sun
2013-02-25 16:35 - 2013-02-25 16:46 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi
2013-02-18 20:18 - 2013-02-18 23:03 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4
2013-02-14 08:05 - 2013-01-09 01:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 08:05 - 2013-01-09 01:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 08:05 - 2013-01-09 01:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 08:05 - 2013-01-09 01:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 08:05 - 2013-01-09 01:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 08:05 - 2013-01-09 01:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 08:05 - 2013-01-09 01:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 08:05 - 2013-01-09 01:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 08:05 - 2013-01-09 01:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 08:05 - 2013-01-09 01:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 08:05 - 2013-01-09 01:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 08:05 - 2013-01-09 01:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 08:05 - 2013-01-09 01:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 08:05 - 2013-01-09 01:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 08:05 - 2013-01-09 01:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 08:05 - 2013-01-09 01:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 08:05 - 2013-01-08 22:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-14 08:05 - 2013-01-08 22:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-14 08:05 - 2013-01-08 22:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-14 08:05 - 2013-01-08 22:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-14 08:05 - 2013-01-08 22:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-14 08:05 - 2013-01-08 22:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-14 08:05 - 2013-01-08 22:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-14 08:05 - 2013-01-08 22:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-14 08:05 - 2013-01-08 21:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-14 08:05 - 2013-01-08 21:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-14 08:05 - 2013-01-08 21:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-14 08:05 - 2013-01-08 21:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-14 08:05 - 2013-01-08 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-14 08:05 - 2013-01-08 21:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-14 08:05 - 2013-01-08 21:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-14 08:05 - 2013-01-08 21:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-14 01:57 - 2013-01-05 05:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-14 01:57 - 2013-01-05 05:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-14 01:57 - 2013-01-05 05:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-14 01:56 - 2013-01-04 05:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-14 01:56 - 2013-01-04 04:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-14 01:56 - 2013-01-04 03:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-14 01:56 - 2013-01-04 02:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-14 01:56 - 2013-01-04 02:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-14 01:56 - 2013-01-04 02:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-14 01:56 - 2013-01-04 02:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-14 01:56 - 2013-01-03 06:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-14 01:56 - 2013-01-03 06:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-11 18:55 - 2013-02-11 19:45 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi
2013-02-09 17:20 - 2013-02-09 17:47 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi
2013-02-09 10:49 - 2013-02-09 10:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2013-02-04 15:35 - 2013-02-14 08:09 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-02 12:46 - 2013-02-02 13:14 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4

==================== One Month Modified Files and Folders =======

2013-03-02 09:28 - 2013-03-02 09:28 - 00001827 ____A C:\Users\The Harris PC\Desktop\RKreport[2]_D_03022013_02d0928.txt
2013-03-02 09:27 - 2013-03-02 09:27 - 00002110 ____A C:\Users\The Harris PC\Desktop\RKreport[1]_S_03022013_02d0927.txt
2013-03-02 09:27 - 2013-03-02 09:25 - 00000000 ____D C:\Users\The Harris PC\Desktop\RK_Quarantine
2013-03-02 09:24 - 2012-05-11 18:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-02 09:24 - 2012-05-11 18:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-02 09:24 - 2009-07-14 05:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-02 09:22 - 2012-05-11 18:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-02 09:17 - 2009-07-14 04:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-02 09:17 - 2009-07-14 04:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-02 09:15 - 2013-03-02 09:25 - 00816640 ____A C:\Users\The Harris PC\Desktop\RogueKiller.exe
2013-03-02 09:14 - 2012-05-11 18:58 - 00001839 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk
2013-03-02 09:10 - 2012-08-29 16:49 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-03-02 09:10 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-02 09:10 - 2009-07-14 04:51 - 00045581 ____A C:\Windows\setupact.log
2013-03-02 09:08 - 2012-08-29 16:46 - 01156657 ____A C:\Windows\WindowsUpdate.log
2013-03-02 09:07 - 2013-03-02 09:07 - 00002592 ____A C:\AdwCleaner[S1].txt
2013-03-02 09:07 - 2013-03-02 09:06 - 00002500 ____A C:\AdwCleaner[R1].txt
2013-03-02 09:02 - 2013-03-02 09:05 - 00594019 ____A C:\Users\The Harris PC\Desktop\AdwCleaner.exe
2013-03-01 18:48 - 2010-11-21 03:47 - 00018902 ____A C:\Windows\PFRO.log
2013-03-01 18:12 - 2013-03-01 18:12 - 00000000 ____D C:\_OTL
2013-03-01 18:12 - 2012-11-22 20:52 - 00000000 ____D C:\users\The Harris PC
2013-03-01 18:02 - 2013-03-01 17:10 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-01 17:22 - 2012-05-11 18:47 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-01 17:22 - 2012-05-11 18:47 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-01 17:02 - 2013-03-01 17:05 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\The Harris PC\Desktop\tdsskiller.exe
2013-03-01 16:57 - 2012-08-29 16:49 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-02-28 21:48 - 2013-02-28 21:48 - 00044756 ____A C:\Users\The Harris PC\Desktop\Extras.Txt
2013-02-28 21:47 - 2013-02-28 21:47 - 00096366 ____A C:\Users\The Harris PC\Desktop\OTL.Txt
2013-02-28 21:30 - 2013-02-28 21:32 - 00602112 ____A (OldTimer Tools) C:\Users\The Harris PC\Desktop\OTL.exe
2013-02-27 21:15 - 2013-02-27 21:15 - 00000000 ____D C:\Windows\pss
2013-02-26 19:25 - 2013-02-26 19:25 - 00000000 ____D C:\Windows\Sun
2013-02-26 08:06 - 2012-05-11 18:52 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-25 16:46 - 2013-02-25 16:35 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi
2013-02-18 23:03 - 2013-02-18 20:18 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4
2013-02-18 00:33 - 2012-12-11 11:56 - 00000000 ____D C:\Users\The Harris PC\AppData\Roaming\SoftGrid Client
2013-02-14 08:43 - 2009-07-14 04:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 08:09 - 2013-02-04 15:35 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-11 19:45 - 2013-02-11 18:55 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi
2013-02-09 17:47 - 2013-02-09 17:20 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi
2013-02-09 10:49 - 2013-02-09 10:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2013-02-09 10:49 - 2012-11-22 20:55 - 00000000 ____D C:\Users\The Harris PC\AppData\Local\VirtualStore
2013-02-02 13:14 - 2013-02-02 12:46 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 3985.8 MB
Available physical RAM: 2959.69 MB
Total Pagefile: 7969.8 MB
Available Pagefile: 6327.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (TI30875400C) (Fixed) (Total:448.57 GB) (Free:389.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (JENS FLASH) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Disk ID: B0DE4F87

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 448 GB 1501 MB
Partition 3 Primary 15 GB 450 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI30875400C NTFS Partition 448 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Disk ID: ABF5C5D3

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7640 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E JENS FLASH FAT32 Removable 7640 MB Healthy

=========================================================

Last Boot: 2013-02-23 01:39

==================== End Of Log =============================

UKASH (Cheshire Police) virus help needed

New Member

Level 1

New Member

New Member

Level 1

New Member

Level 1

New Member

New Member

Level 1

New Member

Level 1

New Member

New Member

Level 1

New Member

Attachments

Level 1

New Member

New Member

New Member

Similar threads