Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis log


  • This topic is locked This topic is locked
18 replies to this topic

#1 rfsuper

rfsuper

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 01 June 2012 - 09:41 AM

When I run Hijackthis, I get a message saying that it cannot access my "Hosts" file and gives instructions but I do not understand them. I am also concerned about the system.ini item. What should I delete?

BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:04 AM

Posted 01 June 2012 - 10:23 AM

Hi rfsuper,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#3 rfsuper

rfsuper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 01 June 2012 - 09:19 PM

Thank you. I am running Windows 7 on a Toshiba Satellite C655. In case it makes a difference, I am in the United Arab Emirates and I have to use a program like Hotspot Shield in order to connect to the US, especially to watch Slingbox.

#4 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:04 AM

Posted 02 June 2012 - 04:08 AM

Hi rfsuper,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





When I run Hijackthis, I get a message saying that it cannot access my "Hosts" file and gives instructions but I do not understand them. I am also concerned about the system.ini item. What should I delete?

Before starting a fix, we need to get a little impression what's going on your computer. I would like you to follow the steps below. Thank you! :)





Step 1
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE





Step 2
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Step 3
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.





Step 4
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Close to close the tool.
    Note: We don't want to fix anything here, but just get an overview of your computer!
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.07.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.





What you should post with your next answer:
  • both logfiles from DDS,
  • the logfile from aswMBR,
  • the logfile from TDSS Killer,
  • any further information that seems to be important in your eyes.

Regards,
M-K-D-B

#5 rfsuper

rfsuper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 04 June 2012 - 12:11 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Debbie at 1:05:03 on 2012-06-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2288 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\splwow64.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Artisan 810(Network)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\windows\TEMP\E_S6B21.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 610 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\windows\TEMP\E_S5052.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Debbie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 10.153.5.5 10.153.5.6 10.154.5.5 10.154.5.6 10.154.5.29
TCP: Interfaces\{10511F7D-4F27-4AB7-8FBC-3B5BC87FC039} : DhcpNameServer = 10.153.5.5 10.153.5.6 10.154.5.5 10.154.5.6 10.154.5.29
TCP: Interfaces\{10511F7D-4F27-4AB7-8FBC-3B5BC87FC039}\745756374704742716E646D496C6C6D21475 : DhcpNameServer = 213.42.20.20 195.229.241.222
TCP: Interfaces\{10511F7D-4F27-4AB7-8FBC-3B5BC87FC039}\84F6C69646169794E6E6 : DhcpNameServer = 10.255.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\0lzb1tlk.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Debbie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Debbie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Debbie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-26 2320920]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-2-26 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-3 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 PuranDefrag;PuranDefrag;"C:\windows\system32\PuranDefragS.exe" --> C:\windows\system32\PuranDefragS.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-04 04:56:37 -------- d-----w- C:\ProgramData\hsswpr
2012-06-03 14:08:44 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F421A6C5-7A7B-477E-AB51-A70A6298E9F1}\mpengine.dll
2012-06-01 14:54:10 290816 ----a-w- C:\windows\System32\PuranDefragS.exe
2012-06-01 14:54:10 275968 ----a-w- C:\windows\System32\PuranDC.exe
2012-06-01 14:54:10 270336 ----a-w- C:\windows\System32\PuranDefrag.dll
2012-06-01 14:54:10 1417216 ----a-w- C:\windows\System32\PuranFD.exe
2012-06-01 14:54:10 130048 ----a-w- C:\windows\System32\PuranDefragBT.exe
2012-06-01 14:54:09 -------- d-----w- C:\Program Files\Puran Defrag
2012-06-01 14:30:44 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 12:25:29 388096 ----a-r- C:\Users\Debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-01 12:25:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-01 12:01:32 -------- d-----w- C:\Users\Debbie\AppData\Roaming\Malwarebytes
2012-06-01 12:01:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-01 12:01:20 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-01 12:01:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-29 18:41:57 -------- d-----w- C:\Users\Debbie\AppData\Roaming\GlarySoft
2012-05-29 18:41:21 -------- d-----w- C:\Program Files (x86)\Glarysoft
2012-05-27 19:36:38 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-26 14:14:36 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8241FBEA-5D12-47AD-B3AE-42E112866D59}\gapaengine.dll
2012-05-26 13:36:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-26 13:36:14 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-26 08:19:04 -------- d-----w- C:\Users\Debbie\AppData\Local\{F7A1FAA9-9025-4712-844F-3749366785CA}
2012-05-26 08:18:35 -------- d-----w- C:\Users\Debbie\AppData\Local\{5E11C250-BB85-4999-A49E-83EA2240BE74}
2012-05-26 07:23:08 -------- d-----w- C:\windows\Options
2012-05-26 05:54:06 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-05-26 05:54:06 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-05-26 05:54:06 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-05-26 05:54:06 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-05-26 05:54:05 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-05-26 05:54:05 5120 ----a-w- C:\windows\System32\wmi.dll
2012-05-26 05:54:05 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-05-26 05:54:01 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F9A1D4B-8E85-4451-B0CE-D888620785B6}\mpengine.dll
2012-05-26 05:48:33 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-26 05:48:32 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-26 05:48:31 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-26 05:48:31 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-26 05:48:27 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-26 05:48:27 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-26 05:46:52 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-26 05:46:33 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-26 05:46:31 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-26 05:46:31 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-26 05:46:31 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-26 05:46:30 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-26 05:46:30 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-25 21:14:41 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-05-25 21:14:28 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-05-25 21:14:28 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
.
==================== Find3M ====================
.
2012-04-06 18:15:10 38632 ----a-w- C:\windows\System32\drivers\taphss.sys
2012-03-21 00:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
.
============= FINISH: 1:06:00.01 ===============

#6 rfsuper

rfsuper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 04 June 2012 - 12:53 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-04 01:27:53
-----------------------------
01:27:53.498 OS Version: Windows x64 6.1.7601 Service Pack 1
01:27:53.498 Number of processors: 4 586 0x2505
01:27:53.498 ComputerName: DEBBIE-PC UserName: Debbie
01:27:56.197 Initialize success
01:33:33.571 AVAST engine defs: 12060301
01:37:12.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:37:12.314 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
01:37:12.329 Disk 0 MBR read successfully
01:37:12.345 Disk 0 MBR scan
01:37:12.345 Disk 0 Windows VISTA default MBR code
01:37:12.361 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
01:37:12.423 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464879 MB offset 3074048
01:37:12.501 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10560 MB offset 955146240
01:37:12.688 Disk 0 scanning C:\windows\system32\drivers
01:37:30.129 Service scanning
01:38:08.989 Modules scanning
01:38:09.004 Disk 0 trace - called modules:
01:38:09.067 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
01:38:09.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c24060]
01:38:09.098 3 CLASSPNP.SYS[fffff88001d9f43f] -> nt!IofCallDriver -> [0xfffffa8003b7ae40]
01:38:09.098 5 ACPI.sys[fffff88000f617a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004996050]
01:38:11.391 AVAST engine scan C:\windows
01:38:15.213 AVAST engine scan C:\windows\system32
01:43:18.337 AVAST engine scan C:\windows\system32\drivers
01:43:40.052 AVAST engine scan C:\Users\Debbie
01:49:23.378 AVAST engine scan C:\ProgramData
01:52:01.500 Scan finished successfully
01:52:54.415 Disk 0 MBR has been saved successfully to "C:\Users\Debbie\Documents\MBR.dat"
01:52:54.415 The log file has been saved successfully to "C:\Users\Debbie\Documents\aswMBR.txt"

#7 rfsuper

rfsuper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 04 June 2012 - 12:58 AM

01:56:08.0225 2076 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
01:56:10.0253 2076 ============================================================
01:56:10.0253 2076 Current date / time: 2012/06/04 01:56:10.0253
01:56:10.0253 2076 SystemInfo:
01:56:10.0253 2076
01:56:10.0253 2076 OS Version: 6.1.7601 ServicePack: 1.0
01:56:10.0253 2076 Product type: Workstation
01:56:10.0253 2076 ComputerName: DEBBIE-PC
01:56:10.0253 2076 UserName: Debbie
01:56:10.0253 2076 Windows directory: C:\windows
01:56:10.0253 2076 System windows directory: C:\windows
01:56:10.0253 2076 Running under WOW64
01:56:10.0253 2076 Processor architecture: Intel x64
01:56:10.0253 2076 Number of processors: 4
01:56:10.0253 2076 Page size: 0x1000
01:56:10.0253 2076 Boot type: Normal boot
01:56:10.0253 2076 ============================================================
01:56:10.0799 2076 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:56:10.0799 2076 ============================================================
01:56:10.0799 2076 \Device\Harddisk0\DR0:
01:56:10.0799 2076 MBR partitions:
01:56:10.0799 2076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38BF7800
01:56:10.0799 2076 ============================================================
01:56:10.0861 2076 C: <-> \Device\Harddisk0\DR0\Partition0
01:56:10.0861 2076 ============================================================
01:56:10.0861 2076 Initialize success
01:56:10.0861 2076 ============================================================
01:56:17.0351 4644 ============================================================
01:56:17.0351 4644 Scan started
01:56:17.0351 4644 Mode: Manual;
01:56:17.0351 4644 ============================================================
01:56:17.0913 4644 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
01:56:17.0913 4644 1394ohci - ok
01:56:17.0975 4644 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
01:56:17.0991 4644 ACPI - ok
01:56:18.0022 4644 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
01:56:18.0022 4644 AcpiPmi - ok
01:56:18.0084 4644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
01:56:18.0115 4644 adp94xx - ok
01:56:18.0178 4644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
01:56:18.0193 4644 adpahci - ok
01:56:18.0209 4644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
01:56:18.0225 4644 adpu320 - ok
01:56:18.0271 4644 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
01:56:18.0271 4644 AeLookupSvc - ok
01:56:18.0349 4644 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
01:56:18.0381 4644 AFD - ok
01:56:18.0427 4644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
01:56:18.0443 4644 agp440 - ok
01:56:18.0459 4644 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
01:56:18.0459 4644 ALG - ok
01:56:18.0505 4644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
01:56:18.0505 4644 aliide - ok
01:56:18.0521 4644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
01:56:18.0521 4644 amdide - ok
01:56:18.0568 4644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
01:56:18.0568 4644 AmdK8 - ok
01:56:18.0599 4644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
01:56:18.0599 4644 AmdPPM - ok
01:56:18.0661 4644 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
01:56:18.0661 4644 amdsata - ok
01:56:18.0708 4644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
01:56:18.0708 4644 amdsbs - ok
01:56:18.0724 4644 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
01:56:18.0724 4644 amdxata - ok
01:56:18.0786 4644 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
01:56:18.0786 4644 AppID - ok
01:56:18.0817 4644 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
01:56:18.0833 4644 AppIDSvc - ok
01:56:18.0864 4644 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
01:56:18.0864 4644 Appinfo - ok
01:56:18.0989 4644 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:56:18.0989 4644 Apple Mobile Device - ok
01:56:19.0036 4644 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
01:56:19.0036 4644 arc - ok
01:56:19.0051 4644 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
01:56:19.0051 4644 arcsas - ok
01:56:19.0067 4644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
01:56:19.0067 4644 AsyncMac - ok
01:56:19.0114 4644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
01:56:19.0114 4644 atapi - ok
01:56:19.0239 4644 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
01:56:19.0317 4644 athr - ok
01:56:19.0488 4644 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
01:56:19.0519 4644 AudioEndpointBuilder - ok
01:56:19.0535 4644 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
01:56:19.0535 4644 AudioSrv - ok
01:56:19.0597 4644 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
01:56:19.0597 4644 AxInstSV - ok
01:56:19.0691 4644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
01:56:19.0722 4644 b06bdrv - ok
01:56:19.0753 4644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
01:56:19.0769 4644 b57nd60a - ok
01:56:19.0831 4644 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
01:56:19.0831 4644 BDESVC - ok
01:56:19.0863 4644 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
01:56:19.0863 4644 Beep - ok
01:56:19.0956 4644 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
01:56:20.0003 4644 BFE - ok
01:56:20.0081 4644 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
01:56:20.0112 4644 BITS - ok
01:56:20.0190 4644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
01:56:20.0190 4644 blbdrive - ok
01:56:20.0299 4644 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
01:56:20.0299 4644 Bonjour Service - ok
01:56:20.0362 4644 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
01:56:20.0362 4644 bowser - ok
01:56:20.0393 4644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
01:56:20.0393 4644 BrFiltLo - ok
01:56:20.0409 4644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
01:56:20.0409 4644 BrFiltUp - ok
01:56:20.0440 4644 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
01:56:20.0440 4644 Browser - ok
01:56:20.0471 4644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
01:56:20.0487 4644 Brserid - ok
01:56:20.0502 4644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
01:56:20.0502 4644 BrSerWdm - ok
01:56:20.0502 4644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
01:56:20.0502 4644 BrUsbMdm - ok
01:56:20.0518 4644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
01:56:20.0518 4644 BrUsbSer - ok
01:56:20.0533 4644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
01:56:20.0533 4644 BTHMODEM - ok
01:56:20.0580 4644 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
01:56:20.0580 4644 bthserv - ok
01:56:20.0596 4644 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
01:56:20.0596 4644 cdfs - ok
01:56:20.0658 4644 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
01:56:20.0658 4644 cdrom - ok
01:56:20.0705 4644 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
01:56:20.0705 4644 CertPropSvc - ok
01:56:20.0752 4644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
01:56:20.0752 4644 circlass - ok
01:56:20.0799 4644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
01:56:20.0814 4644 CLFS - ok
01:56:20.0892 4644 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:56:20.0892 4644 clr_optimization_v2.0.50727_32 - ok
01:56:20.0939 4644 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:56:20.0939 4644 clr_optimization_v2.0.50727_64 - ok
01:56:21.0048 4644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:56:21.0048 4644 clr_optimization_v4.0.30319_32 - ok
01:56:21.0095 4644 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:56:21.0095 4644 clr_optimization_v4.0.30319_64 - ok
01:56:21.0126 4644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
01:56:21.0126 4644 CmBatt - ok
01:56:21.0157 4644 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
01:56:21.0157 4644 cmdide - ok
01:56:21.0220 4644 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
01:56:21.0235 4644 CNG - ok
01:56:21.0313 4644 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
01:56:21.0329 4644 CnxtHdAudService - ok
01:56:21.0360 4644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
01:56:21.0360 4644 Compbatt - ok
01:56:21.0407 4644 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
01:56:21.0407 4644 CompositeBus - ok
01:56:21.0423 4644 COMSysApp - ok
01:56:21.0454 4644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
01:56:21.0454 4644 crcdisk - ok
01:56:21.0501 4644 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
01:56:21.0501 4644 CryptSvc - ok
01:56:21.0657 4644 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:56:21.0657 4644 cvhsvc - ok
01:56:21.0750 4644 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
01:56:21.0797 4644 DcomLaunch - ok
01:56:21.0828 4644 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
01:56:21.0859 4644 defragsvc - ok
01:56:21.0937 4644 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
01:56:21.0937 4644 DfsC - ok
01:56:21.0984 4644 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
01:56:22.0000 4644 Dhcp - ok
01:56:22.0031 4644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
01:56:22.0031 4644 discache - ok
01:56:22.0093 4644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
01:56:22.0093 4644 Disk - ok
01:56:22.0140 4644 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
01:56:22.0140 4644 Dnscache - ok
01:56:22.0187 4644 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
01:56:22.0203 4644 dot3svc - ok
01:56:22.0234 4644 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
01:56:22.0234 4644 DPS - ok
01:56:22.0265 4644 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
01:56:22.0265 4644 drmkaud - ok
01:56:22.0359 4644 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
01:56:22.0374 4644 DXGKrnl - ok
01:56:22.0421 4644 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
01:56:22.0421 4644 EapHost - ok
01:56:22.0717 4644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
01:56:22.0795 4644 ebdrv - ok
01:56:22.0936 4644 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
01:56:22.0936 4644 EFS - ok
01:56:23.0029 4644 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
01:56:23.0061 4644 ehRecvr - ok
01:56:23.0092 4644 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
01:56:23.0092 4644 ehSched - ok
01:56:23.0217 4644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
01:56:23.0248 4644 elxstor - ok
01:56:23.0341 4644 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
01:56:23.0341 4644 EpsonBidirectionalService - ok
01:56:23.0435 4644 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
01:56:23.0435 4644 EPSON_EB_RPCV4_01 - ok
01:56:23.0482 4644 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
01:56:23.0482 4644 EPSON_PM_RPCV4_01 - ok
01:56:23.0513 4644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
01:56:23.0513 4644 ErrDev - ok
01:56:23.0575 4644 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
01:56:23.0591 4644 EventSystem - ok
01:56:23.0622 4644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
01:56:23.0638 4644 exfat - ok
01:56:23.0669 4644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
01:56:23.0669 4644 fastfat - ok
01:56:23.0747 4644 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
01:56:23.0809 4644 Fax - ok
01:56:23.0825 4644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
01:56:23.0825 4644 fdc - ok
01:56:23.0872 4644 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
01:56:23.0872 4644 fdPHost - ok
01:56:23.0887 4644 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
01:56:23.0887 4644 FDResPub - ok
01:56:23.0919 4644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
01:56:23.0919 4644 FileInfo - ok
01:56:23.0950 4644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
01:56:23.0950 4644 Filetrace - ok
01:56:23.0965 4644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
01:56:23.0965 4644 flpydisk - ok
01:56:24.0012 4644 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
01:56:24.0028 4644 FltMgr - ok
01:56:24.0153 4644 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
01:56:24.0199 4644 FontCache - ok
01:56:24.0262 4644 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:56:24.0277 4644 FontCache3.0.0.0 - ok
01:56:24.0309 4644 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
01:56:24.0309 4644 FsDepends - ok
01:56:24.0340 4644 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
01:56:24.0340 4644 Fs_Rec - ok
01:56:24.0402 4644 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
01:56:24.0402 4644 fvevol - ok
01:56:24.0449 4644 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
01:56:24.0449 4644 FwLnk - ok
01:56:24.0480 4644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
01:56:24.0480 4644 gagp30kx - ok
01:56:24.0527 4644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
01:56:24.0527 4644 GEARAspiWDM - ok
01:56:24.0605 4644 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
01:56:24.0636 4644 gpsvc - ok
01:56:24.0667 4644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
01:56:24.0667 4644 hcw85cir - ok
01:56:24.0730 4644 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
01:56:24.0745 4644 HdAudAddService - ok
01:56:24.0792 4644 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
01:56:24.0808 4644 HDAudBus - ok
01:56:24.0839 4644 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
01:56:24.0855 4644 HECIx64 - ok
01:56:24.0870 4644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
01:56:24.0886 4644 HidBatt - ok
01:56:24.0886 4644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
01:56:24.0886 4644 HidBth - ok
01:56:24.0917 4644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
01:56:24.0917 4644 HidIr - ok
01:56:24.0948 4644 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
01:56:24.0948 4644 hidserv - ok
01:56:24.0979 4644 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
01:56:24.0979 4644 HidUsb - ok
01:56:25.0011 4644 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
01:56:25.0011 4644 hkmsvc - ok
01:56:25.0057 4644 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
01:56:25.0073 4644 HomeGroupListener - ok
01:56:25.0089 4644 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
01:56:25.0104 4644 HomeGroupProvider - ok
01:56:25.0167 4644 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
01:56:25.0167 4644 HpSAMD - ok
01:56:25.0245 4644 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
01:56:25.0291 4644 HTTP - ok
01:56:25.0323 4644 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
01:56:25.0323 4644 hwpolicy - ok
01:56:25.0369 4644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
01:56:25.0369 4644 i8042prt - ok
01:56:25.0447 4644 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
01:56:25.0447 4644 iaStor - ok
01:56:25.0510 4644 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
01:56:25.0525 4644 iaStorV - ok
01:56:25.0650 4644 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:56:25.0713 4644 idsvc - ok
01:56:26.0415 4644 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
01:56:26.0664 4644 igfx - ok
01:56:26.0805 4644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
01:56:26.0805 4644 iirsp - ok
01:56:26.0883 4644 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
01:56:26.0914 4644 IKEEXT - ok
01:56:26.0961 4644 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
01:56:26.0961 4644 Impcd - ok
01:56:26.0992 4644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
01:56:27.0007 4644 intelide - ok
01:56:27.0039 4644 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
01:56:27.0039 4644 intelppm - ok
01:56:27.0070 4644 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
01:56:27.0070 4644 IPBusEnum - ok
01:56:27.0101 4644 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
01:56:27.0101 4644 IpFilterDriver - ok
01:56:27.0163 4644 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
01:56:27.0195 4644 iphlpsvc - ok
01:56:27.0210 4644 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
01:56:27.0210 4644 IPMIDRV - ok
01:56:27.0257 4644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
01:56:27.0257 4644 IPNAT - ok
01:56:27.0397 4644 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
01:56:27.0429 4644 iPod Service - ok
01:56:27.0460 4644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
01:56:27.0460 4644 IRENUM - ok
01:56:27.0491 4644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
01:56:27.0491 4644 isapnp - ok
01:56:27.0522 4644 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
01:56:27.0538 4644 iScsiPrt - ok
01:56:27.0569 4644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
01:56:27.0569 4644 kbdclass - ok
01:56:27.0616 4644 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
01:56:27.0616 4644 kbdhid - ok
01:56:27.0631 4644 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:56:27.0647 4644 KeyIso - ok
01:56:27.0663 4644 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
01:56:27.0663 4644 KSecDD - ok
01:56:27.0694 4644 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
01:56:27.0694 4644 KSecPkg - ok
01:56:27.0741 4644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
01:56:27.0741 4644 ksthunk - ok
01:56:27.0787 4644 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
01:56:27.0803 4644 KtmRm - ok
01:56:27.0850 4644 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys
01:56:27.0850 4644 L1C - ok
01:56:27.0912 4644 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
01:56:27.0928 4644 LanmanServer - ok
01:56:27.0975 4644 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
01:56:27.0975 4644 LanmanWorkstation - ok
01:56:28.0021 4644 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
01:56:28.0021 4644 lltdio - ok
01:56:28.0068 4644 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
01:56:28.0084 4644 lltdsvc - ok
01:56:28.0115 4644 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
01:56:28.0115 4644 lmhosts - ok
01:56:28.0240 4644 LMS (259e9d38f7cabb068530101f87b6c202) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
01:56:28.0240 4644 LMS - ok
01:56:28.0287 4644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
01:56:28.0287 4644 LSI_FC - ok
01:56:28.0318 4644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
01:56:28.0318 4644 LSI_SAS - ok
01:56:28.0349 4644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
01:56:28.0349 4644 LSI_SAS2 - ok
01:56:28.0365 4644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
01:56:28.0365 4644 LSI_SCSI - ok
01:56:28.0396 4644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
01:56:28.0396 4644 luafv - ok
01:56:28.0427 4644 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
01:56:28.0427 4644 Mcx2Svc - ok
01:56:28.0443 4644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
01:56:28.0443 4644 megasas - ok
01:56:28.0474 4644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
01:56:28.0474 4644 MegaSR - ok
01:56:28.0521 4644 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
01:56:28.0521 4644 MMCSS - ok
01:56:28.0552 4644 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
01:56:28.0552 4644 Modem - ok
01:56:28.0583 4644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
01:56:28.0583 4644 monitor - ok
01:56:28.0630 4644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
01:56:28.0630 4644 mouclass - ok
01:56:28.0645 4644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
01:56:28.0645 4644 mouhid - ok
01:56:28.0677 4644 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
01:56:28.0677 4644 mountmgr - ok
01:56:28.0786 4644 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:56:28.0801 4644 MozillaMaintenance - ok
01:56:28.0879 4644 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
01:56:28.0895 4644 MpFilter - ok
01:56:28.0942 4644 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
01:56:28.0942 4644 mpio - ok
01:56:28.0973 4644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
01:56:28.0973 4644 mpsdrv - ok
01:56:29.0051 4644 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
01:56:29.0082 4644 MpsSvc - ok
01:56:29.0113 4644 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
01:56:29.0129 4644 MRxDAV - ok
01:56:29.0160 4644 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
01:56:29.0160 4644 mrxsmb - ok
01:56:29.0207 4644 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
01:56:29.0223 4644 mrxsmb10 - ok
01:56:29.0254 4644 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
01:56:29.0254 4644 mrxsmb20 - ok
01:56:29.0285 4644 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
01:56:29.0285 4644 msahci - ok
01:56:29.0316 4644 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
01:56:29.0332 4644 msdsm - ok
01:56:29.0363 4644 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
01:56:29.0363 4644 MSDTC - ok
01:56:29.0394 4644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
01:56:29.0394 4644 Msfs - ok
01:56:29.0425 4644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
01:56:29.0425 4644 mshidkmdf - ok
01:56:29.0457 4644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
01:56:29.0457 4644 msisadrv - ok
01:56:29.0488 4644 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
01:56:29.0488 4644 MSiSCSI - ok
01:56:29.0503 4644 msiserver - ok
01:56:29.0535 4644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
01:56:29.0535 4644 MSKSSRV - ok
01:56:29.0628 4644 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
01:56:29.0628 4644 MsMpSvc - ok
01:56:29.0644 4644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
01:56:29.0644 4644 MSPCLOCK - ok
01:56:29.0675 4644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
01:56:29.0675 4644 MSPQM - ok
01:56:29.0722 4644 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
01:56:29.0737 4644 MsRPC - ok
01:56:29.0769 4644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
01:56:29.0769 4644 mssmbios - ok
01:56:29.0784 4644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
01:56:29.0784 4644 MSTEE - ok
01:56:29.0800 4644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
01:56:29.0800 4644 MTConfig - ok
01:56:29.0831 4644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
01:56:29.0831 4644 Mup - ok
01:56:29.0893 4644 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
01:56:29.0909 4644 napagent - ok
01:56:29.0971 4644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
01:56:30.0003 4644 NativeWifiP - ok
01:56:30.0096 4644 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
01:56:30.0127 4644 NDIS - ok
01:56:30.0159 4644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
01:56:30.0174 4644 NdisCap - ok
01:56:30.0190 4644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
01:56:30.0190 4644 NdisTapi - ok
01:56:30.0237 4644 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
01:56:30.0237 4644 Ndisuio - ok
01:56:30.0268 4644 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
01:56:30.0283 4644 NdisWan - ok
01:56:30.0283 4644 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
01:56:30.0299 4644 NDProxy - ok
01:56:30.0315 4644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
01:56:30.0315 4644 NetBIOS - ok
01:56:30.0346 4644 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
01:56:30.0361 4644 NetBT - ok
01:56:30.0393 4644 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:56:30.0393 4644 Netlogon - ok
01:56:30.0439 4644 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
01:56:30.0455 4644 Netman - ok
01:56:30.0502 4644 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
01:56:30.0533 4644 netprofm - ok
01:56:30.0595 4644 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:56:30.0595 4644 NetTcpPortSharing - ok
01:56:30.0642 4644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
01:56:30.0642 4644 nfrd960 - ok
01:56:30.0705 4644 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
01:56:30.0705 4644 NisDrv - ok
01:56:30.0814 4644 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
01:56:30.0829 4644 NisSrv - ok
01:56:30.0892 4644 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
01:56:30.0907 4644 NlaSvc - ok
01:56:30.0923 4644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
01:56:30.0939 4644 Npfs - ok
01:56:30.0954 4644 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
01:56:30.0954 4644 nsi - ok
01:56:30.0985 4644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
01:56:30.0985 4644 nsiproxy - ok
01:56:31.0141 4644 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
01:56:31.0204 4644 Ntfs - ok
01:56:31.0329 4644 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
01:56:31.0329 4644 Null - ok
01:56:31.0375 4644 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
01:56:31.0375 4644 nvraid - ok
01:56:31.0407 4644 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
01:56:31.0407 4644 nvstor - ok
01:56:31.0438 4644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
01:56:31.0438 4644 nv_agp - ok
01:56:31.0469 4644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
01:56:31.0469 4644 ohci1394 - ok
01:56:31.0563 4644 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:56:31.0563 4644 ose - ok
01:56:31.0921 4644 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:56:32.0031 4644 osppsvc - ok
01:56:32.0171 4644 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
01:56:32.0187 4644 p2pimsvc - ok
01:56:32.0249 4644 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
01:56:32.0265 4644 p2psvc - ok
01:56:32.0327 4644 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
01:56:32.0327 4644 Parport - ok
01:56:32.0358 4644 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
01:56:32.0374 4644 partmgr - ok
01:56:32.0405 4644 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
01:56:32.0421 4644 PcaSvc - ok
01:56:32.0467 4644 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
01:56:32.0467 4644 pci - ok
01:56:32.0483 4644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
01:56:32.0483 4644 pciide - ok
01:56:32.0514 4644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
01:56:32.0530 4644 pcmcia - ok
01:56:32.0561 4644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
01:56:32.0561 4644 pcw - ok
01:56:32.0608 4644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
01:56:32.0655 4644 PEAUTH - ok
01:56:32.0733 4644 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
01:56:32.0733 4644 PerfHost - ok
01:56:32.0795 4644 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
01:56:32.0795 4644 PGEffect - ok
01:56:32.0904 4644 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
01:56:32.0967 4644 pla - ok
01:56:33.0029 4644 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
01:56:33.0045 4644 PlugPlay - ok
01:56:33.0076 4644 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
01:56:33.0076 4644 PNRPAutoReg - ok
01:56:33.0123 4644 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
01:56:33.0123 4644 PNRPsvc - ok
01:56:33.0169 4644 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
01:56:33.0201 4644 PolicyAgent - ok
01:56:33.0232 4644 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
01:56:33.0247 4644 Power - ok
01:56:33.0325 4644 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
01:56:33.0325 4644 PptpMiniport - ok
01:56:33.0357 4644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
01:56:33.0357 4644 Processor - ok
01:56:33.0403 4644 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
01:56:33.0419 4644 ProfSvc - ok
01:56:33.0450 4644 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:56:33.0450 4644 ProtectedStorage - ok
01:56:33.0497 4644 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
01:56:33.0497 4644 Psched - ok
01:56:33.0544 4644 PuranDefrag (d3438a41e02ba2079ba14125df358bfe) C:\windows\system32\PuranDefragS.exe
01:56:33.0559 4644 PuranDefrag - ok
01:56:33.0700 4644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
01:56:33.0747 4644 ql2300 - ok
01:56:33.0903 4644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
01:56:33.0903 4644 ql40xx - ok
01:56:33.0934 4644 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
01:56:33.0949 4644 QWAVE - ok
01:56:33.0965 4644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
01:56:33.0965 4644 QWAVEdrv - ok
01:56:33.0981 4644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
01:56:33.0981 4644 RasAcd - ok
01:56:34.0012 4644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
01:56:34.0027 4644 RasAgileVpn - ok
01:56:34.0043 4644 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
01:56:34.0059 4644 RasAuto - ok
01:56:34.0090 4644 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
01:56:34.0090 4644 Rasl2tp - ok
01:56:34.0137 4644 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
01:56:34.0152 4644 RasMan - ok
01:56:34.0199 4644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
01:56:34.0199 4644 RasPppoe - ok
01:56:34.0230 4644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
01:56:34.0230 4644 RasSstp - ok
01:56:34.0293 4644 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
01:56:34.0308 4644 rdbss - ok
01:56:34.0324 4644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
01:56:34.0324 4644 rdpbus - ok
01:56:34.0371 4644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
01:56:34.0371 4644 RDPCDD - ok
01:56:34.0386 4644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
01:56:34.0386 4644 RDPENCDD - ok
01:56:34.0402 4644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
01:56:34.0417 4644 RDPREFMP - ok
01:56:34.0464 4644 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
01:56:34.0464 4644 RDPWD - ok
01:56:34.0527 4644 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
01:56:34.0527 4644 rdyboost - ok
01:56:34.0558 4644 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
01:56:34.0558 4644 RemoteAccess - ok
01:56:34.0605 4644 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
01:56:34.0620 4644 RemoteRegistry - ok
01:56:34.0651 4644 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
01:56:34.0651 4644 RpcEptMapper - ok
01:56:34.0683 4644 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
01:56:34.0683 4644 RpcLocator - ok
01:56:34.0745 4644 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
01:56:34.0745 4644 RpcSs - ok
01:56:34.0792 4644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
01:56:34.0792 4644 rspndr - ok
01:56:34.0854 4644 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
01:56:34.0870 4644 RSUSBSTOR - ok
01:56:34.0901 4644 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:56:34.0901 4644 SamSs - ok
01:56:34.0948 4644 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
01:56:34.0948 4644 sbp2port - ok
01:56:34.0979 4644 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
01:56:34.0995 4644 SCardSvr - ok
01:56:35.0026 4644 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
01:56:35.0026 4644 scfilter - ok
01:56:35.0119 4644 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
01:56:35.0166 4644 Schedule - ok
01:56:35.0197 4644 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
01:56:35.0197 4644 SCPolicySvc - ok
01:56:35.0244 4644 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
01:56:35.0244 4644 SDRSVC - ok
01:56:35.0322 4644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
01:56:35.0322 4644 secdrv - ok
01:56:35.0338 4644 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
01:56:35.0338 4644 seclogon - ok
01:56:35.0369 4644 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
01:56:35.0369 4644 SENS - ok
01:56:35.0385 4644 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
01:56:35.0385 4644 SensrSvc - ok
01:56:35.0400 4644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
01:56:35.0400 4644 Serenum - ok
01:56:35.0431 4644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
01:56:35.0431 4644 Serial - ok
01:56:35.0463 4644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
01:56:35.0463 4644 sermouse - ok
01:56:35.0509 4644 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
01:56:35.0509 4644 SessionEnv - ok
01:56:35.0541 4644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
01:56:35.0541 4644 sffdisk - ok
01:56:35.0572 4644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
01:56:35.0572 4644 sffp_mmc - ok
01:56:35.0587 4644 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
01:56:35.0587 4644 sffp_sd - ok
01:56:35.0619 4644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
01:56:35.0619 4644 sfloppy - ok
01:56:35.0712 4644 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
01:56:35.0712 4644 Sftfs - ok
01:56:35.0821 4644 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:56:35.0837 4644 sftlist - ok
01:56:35.0884 4644 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
01:56:35.0884 4644 Sftplay - ok
01:56:35.0899 4644 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
01:56:35.0899 4644 Sftredir - ok
01:56:35.0915 4644 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
01:56:35.0915 4644 Sftvol - ok
01:56:35.0946 4644 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:56:35.0962 4644 sftvsa - ok
01:56:35.0993 4644 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
01:56:36.0024 4644 SharedAccess - ok
01:56:36.0055 4644 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
01:56:36.0071 4644 ShellHWDetection - ok
01:56:36.0133 4644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
01:56:36.0133 4644 SiSRaid2 - ok
01:56:36.0133 4644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
01:56:36.0133 4644 SiSRaid4 - ok
01:56:36.0180 4644 SkypeUpdate (9bac4f095b1e802268b33e4c8ba57256) C:\Program Files (x86)\Skype\Updater\Updater.exe
01:56:36.0180 4644 SkypeUpdate - ok
01:56:36.0211 4644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
01:56:36.0227 4644 Smb - ok
01:56:36.0258 4644 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
01:56:36.0258 4644 SNMPTRAP - ok
01:56:36.0289 4644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
01:56:36.0289 4644 spldr - ok
01:56:36.0352 4644 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
01:56:36.0383 4644 Spooler - ok
01:56:36.0633 4644 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
01:56:36.0742 4644 sppsvc - ok
01:56:36.0851 4644 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
01:56:36.0851 4644 sppuinotify - ok
01:56:36.0929 4644 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
01:56:36.0945 4644 srv - ok
01:56:36.0991 4644 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
01:56:37.0007 4644 srv2 - ok
01:56:37.0023 4644 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
01:56:37.0038 4644 srvnet - ok
01:56:37.0101 4644 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
01:56:37.0101 4644 SSDPSRV - ok
01:56:37.0132 4644 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
01:56:37.0132 4644 SstpSvc - ok
01:56:37.0163 4644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
01:56:37.0163 4644 stexstor - ok
01:56:37.0241 4644 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
01:56:37.0272 4644 stisvc - ok
01:56:37.0288 4644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
01:56:37.0303 4644 swenum - ok
01:56:37.0350 4644 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
01:56:37.0381 4644 swprv - ok
01:56:37.0444 4644 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
01:56:37.0444 4644 SynTP - ok
01:56:37.0584 4644 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
01:56:37.0631 4644 SysMain - ok
01:56:37.0740 4644 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
01:56:37.0740 4644 TabletInputService - ok
01:56:37.0803 4644 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\windows\system32\DRIVERS\tap0901.sys
01:56:37.0803 4644 tap0901 - ok
01:56:37.0834 4644 taphss (b70df208e97536ca9f29289e609f5b16) C:\windows\system32\DRIVERS\taphss.sys
01:56:37.0849 4644 taphss - ok
01:56:37.0896 4644 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
01:56:37.0912 4644 TapiSrv - ok
01:56:37.0943 4644 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
01:56:37.0943 4644 TBS - ok
01:56:38.0115 4644 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
01:56:38.0161 4644 Tcpip - ok
01:56:38.0411 4644 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
01:56:38.0427 4644 TCPIP6 - ok
01:56:38.0536 4644 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
01:56:38.0536 4644 tcpipreg - ok
01:56:38.0614 4644 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
01:56:38.0614 4644 tdcmdpst - ok
01:56:38.0645 4644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
01:56:38.0645 4644 TDPIPE - ok
01:56:38.0676 4644 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
01:56:38.0676 4644 TDTCP - ok
01:56:38.0723 4644 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
01:56:38.0739 4644 tdx - ok
01:56:38.0754 4644 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
01:56:38.0754 4644 TermDD - ok
01:56:38.0832 4644 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
01:56:38.0879 4644 TermService - ok
01:56:38.0910 4644 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
01:56:38.0910 4644 Themes - ok
01:56:38.0941 4644 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
01:56:38.0941 4644 THREADORDER - ok
01:56:39.0051 4644 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
01:56:39.0051 4644 TMachInfo - ok
01:56:39.0082 4644 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe
01:56:39.0082 4644 TODDSrv - ok
01:56:39.0191 4644 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
01:56:39.0222 4644 TosCoSrv - ok
01:56:39.0300 4644 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
01:56:39.0316 4644 TOSHIBA HDD SSD Alert Service - ok
01:56:39.0363 4644 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
01:56:39.0363 4644 TrkWks - ok
01:56:39.0409 4644 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
01:56:39.0425 4644 TrustedInstaller - ok
01:56:39.0472 4644 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
01:56:39.0472 4644 tssecsrv - ok
01:56:39.0550 4644 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
01:56:39.0550 4644 TsUsbFlt - ok
01:56:39.0581 4644 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
01:56:39.0581 4644 tunnel - ok
01:56:39.0628 4644 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
01:56:39.0628 4644 TVALZ - ok
01:56:39.0643 4644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
01:56:39.0643 4644 uagp35 - ok
01:56:39.0706 4644 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
01:56:39.0721 4644 udfs - ok
01:56:39.0768 4644 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
01:56:39.0768 4644 UI0Detect - ok
01:56:39.0799 4644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
01:56:39.0799 4644 uliagpkx - ok
01:56:39.0846 4644 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
01:56:39.0846 4644 umbus - ok
01:56:39.0893 4644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
01:56:39.0893 4644 UmPass - ok
01:56:40.0127 4644 UNS (48e114762941941d5821eaae29d75e9e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
01:56:40.0189 4644 UNS - ok
01:56:40.0330 4644 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
01:56:40.0361 4644 upnphost - ok
01:56:40.0423 4644 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
01:56:40.0423 4644 USBAAPL64 - ok
01:56:40.0455 4644 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
01:56:40.0455 4644 usbccgp - ok
01:56:40.0517 4644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
01:56:40.0517 4644 usbcir - ok
01:56:40.0533 4644 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
01:56:40.0533 4644 usbehci - ok
01:56:40.0579 4644 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
01:56:40.0595 4644 usbhub - ok
01:56:40.0611 4644 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
01:56:40.0611 4644 usbohci - ok
01:56:40.0657 4644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
01:56:40.0657 4644 usbprint - ok
01:56:40.0704 4644 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
01:56:40.0704 4644 usbscan - ok
01:56:40.0735 4644 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
01:56:40.0735 4644 USBSTOR - ok
01:56:40.0751 4644 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
01:56:40.0751 4644 usbuhci - ok
01:56:40.0813 4644 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
01:56:40.0813 4644 usbvideo - ok
01:56:40.0829 4644 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
01:56:40.0845 4644 UxSms - ok
01:56:40.0891 4644 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:56:40.0891 4644 VaultSvc - ok
01:56:40.0938 4644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
01:56:40.0938 4644 vdrvroot - ok
01:56:41.0001 4644 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
01:56:41.0047 4644 vds - ok
01:56:41.0079 4644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
01:56:41.0079 4644 vga - ok
01:56:41.0079 4644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
01:56:41.0079 4644 VgaSave - ok
01:56:41.0125 4644 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
01:56:41.0125 4644 vhdmp - ok
01:56:41.0141 4644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
01:56:41.0157 4644 viaide - ok
01:56:41.0172 4644 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
01:56:41.0172 4644 volmgr - ok
01:56:41.0219 4644 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
01:56:41.0235 4644 volmgrx - ok
01:56:41.0281 4644 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
01:56:41.0297 4644 volsnap - ok
01:56:41.0344 4644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
01:56:41.0344 4644 vsmraid - ok
01:56:41.0484 4644 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
01:56:41.0547 4644 VSS - ok
01:56:41.0687 4644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
01:56:41.0687 4644 vwifibus - ok
01:56:41.0734 4644 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
01:56:41.0734 4644 vwififlt - ok
01:56:41.0781 4644 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
01:56:41.0796 4644 W32Time - ok
01:56:41.0827 4644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
01:56:41.0827 4644 WacomPen - ok
01:56:41.0874 4644 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
01:56:41.0874 4644 WANARP - ok
01:56:41.0890 4644 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
01:56:41.0890 4644 Wanarpv6 - ok
01:56:42.0015 4644 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
01:56:42.0077 4644 WatAdminSvc - ok
01:56:42.0202 4644 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
01:56:42.0264 4644 wbengine - ok
01:56:42.0405 4644 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
01:56:42.0420 4644 WbioSrvc - ok
01:56:42.0467 4644 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
01:56:42.0483 4644 wcncsvc - ok
01:56:42.0498 4644 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
01:56:42.0514 4644 WcsPlugInService - ok
01:56:42.0561 4644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
01:56:42.0561 4644 Wd - ok
01:56:42.0639 4644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
01:56:42.0670 4644 Wdf01000 - ok
01:56:42.0685 4644 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
01:56:42.0701 4644 WdiServiceHost - ok
01:56:42.0701 4644 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
01:56:42.0701 4644 WdiSystemHost - ok
01:56:42.0763 4644 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
01:56:42.0779 4644 WebClient - ok
01:56:42.0826 4644 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
01:56:42.0841 4644 Wecsvc - ok
01:56:42.0857 4644 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
01:56:42.0873 4644 wercplsupport - ok
01:56:42.0904 4644 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
01:56:42.0904 4644 WerSvc - ok
01:56:42.0982 4644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
01:56:42.0982 4644 WfpLwf - ok
01:56:42.0997 4644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
01:56:42.0997 4644 WIMMount - ok
01:56:43.0044 4644 WinDefend - ok
01:56:43.0044 4644 WinHttpAutoProxySvc - ok
01:56:43.0138 4644 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
01:56:43.0138 4644 Winmgmt - ok
01:56:43.0309 4644 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
01:56:43.0356 4644 WinRM - ok
01:56:43.0497 4644 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
01:56:43.0497 4644 WinUsb - ok
01:56:43.0590 4644 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
01:56:43.0621 4644 Wlansvc - ok
01:56:43.0715 4644 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:56:43.0715 4644 wlcrasvc - ok
01:56:43.0902 4644 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:56:43.0980 4644 wlidsvc - ok
01:56:44.0121 4644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
01:56:44.0121 4644 WmiAcpi - ok
01:56:44.0183 4644 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
01:56:44.0199 4644 wmiApSrv - ok
01:56:44.0261 4644 WMPNetworkSvc - ok
01:56:44.0292 4644 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
01:56:44.0292 4644 WPCSvc - ok
01:56:44.0339 4644 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
01:56:44.0339 4644 WPDBusEnum - ok
01:56:44.0370 4644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
01:56:44.0370 4644 ws2ifsl - ok
01:56:44.0401 4644 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
01:56:44.0401 4644 wscsvc - ok
01:56:44.0401 4644 WSearch - ok
01:56:44.0589 4644 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
01:56:44.0651 4644 wuauserv - ok
01:56:44.0807 4644 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
01:56:44.0807 4644 WudfPf - ok
01:56:44.0838 4644 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
01:56:44.0854 4644 WUDFRd - ok
01:56:44.0885 4644 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
01:56:44.0885 4644 wudfsvc - ok
01:56:44.0916 4644 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
01:56:44.0932 4644 WwanSvc - ok
01:56:44.0979 4644 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
01:56:45.0291 4644 \Device\Harddisk0\DR0 - ok
01:56:45.0306 4644 Boot (0x1200) (98ffe74104032f2ae1c7f47a0e31cc26) \Device\Harddisk0\DR0\Partition0
01:56:45.0306 4644 \Device\Harddisk0\DR0\Partition0 - ok
01:56:45.0306 4644 ============================================================
01:56:45.0306 4644 Scan finished
01:56:45.0306 4644 ============================================================
01:56:45.0337 4492 Detected object count: 0
01:56:45.0337 4492 Actual detected object count: 0
01:56:52.0857 4348 Deinitialize success

#8 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:04 AM

Posted 04 June 2012 - 12:50 PM

Hi rfsuper,



Step 1
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.





Step 2
I would like you to answer the following questions as exactly and detailed as you can:
  • How is your compter running at the moment?
  • Do you have any other problems beside not being able to access the hosts file?





What you should post with your next answer:
  • the logfile from ListParts,
  • an answer to my questions.

Regards,
M-K-D-B

#9 rfsuper

rfsuper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 04 June 2012 - 10:53 PM

ListParts by Farbar Version: 03-06-2012
Ran by Debbie (administrator) on 04-06-2012 at 23:47:21
Windows 7 (X64)
Running From: C:\Users\Debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\807DR5UE
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 38%
Total physical RAM: 3893.86 MB
Available physical RAM: 2405.13 MB
Total Pagefile: 7785.92 MB
Available Pagefile: 6178.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106049W0B) (Fixed) (Total:453.98 GB) (Free:374.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 453 GB 1501 MB
Partition 3 Primary 10 GB 455 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106049W0B NTFS Partition 453 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******

The computer is running slow especially when I am on the internet. When I try to open certain folders I get a message saying that they are not accessible(such as My Documents but there is another listing that has the same name that I can access) but that may be a Windows 7 thing because I do not remember this in Windows XP.

#10 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:04 AM

Posted 06 June 2012 - 12:02 PM

Hi rfsuper,



Step 1
Please set your system to hide all hidden files.
Click Start, open My Computer, select the organize menu and click on Folder and Search Options.
Check the Hide protected operating system files box
Select Don't Show hidden files, folders, and drives
Click Yes to confirm.





Step 2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.





Step 3
I would like you to answer the following questions as exactly and detailed as you can:
  • Is your computer still running slow after ComboFix has been run?
  • Can you tell me what "Partition 3 Primary 10 GB" exactly is?





What you should post with your next answer:
  • the logfile from ComboFix,
  • an answer to my questions.

Regards,
M-K-D-B

#11 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:04 AM

Posted 09 June 2012 - 09:11 AM

Hi rfsuper,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#12 rfsuper

rfsuper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 June 2012 - 01:48 AM

I tried to post yesterday but there was an issue. I am at work right now but will post when I get home tonight. The drive has something to do with Microsoft Office Click-to-Run. The computer seems about the same. I will post the log tonight.

#13 rfsuper

rfsuper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 June 2012 - 10:33 AM

ComboFix 12-06-08.02 - Debbie 06/08/2012 13:57:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2599 [GMT -4:00]
Running from: c:\users\Debbie\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Debbie\Documents\~WRL0202.tmp
c:\users\Debbie\Documents\~WRL0273.tmp
c:\users\Debbie\Documents\~WRL0400.tmp
c:\users\Debbie\Documents\~WRL3809.tmp
c:\users\Debbie\Documents\~WRL3880.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 18:01 . 2012-06-08 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 14:56 . 2012-06-06 14:56 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-03 15:38 . 2012-06-03 15:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-01 14:54 . 2011-04-08 20:09 290816 ----a-w- c:\windows\system32\PuranDefragS.exe
2012-06-01 14:54 . 2011-04-08 20:09 275968 ----a-w- c:\windows\system32\PuranDC.exe
2012-06-01 14:54 . 2011-04-08 20:09 1417216 ----a-w- c:\windows\system32\PuranFD.exe
2012-06-01 14:54 . 2011-04-08 20:09 130048 ----a-w- c:\windows\system32\PuranDefragBT.exe
2012-06-01 14:54 . 2010-01-27 17:58 270336 ----a-w- c:\windows\system32\PuranDefrag.dll
2012-06-01 14:54 . 2012-06-01 15:24 -------- d-----w- c:\program files\Puran Defrag
2012-06-01 12:25 . 2012-06-01 12:25 388096 ----a-r- c:\users\Debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-01 12:25 . 2012-06-01 12:25 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-01 12:01 . 2012-06-01 12:01 -------- d-----w- c:\users\Debbie\AppData\Roaming\Malwarebytes
2012-06-01 12:01 . 2012-06-01 12:01 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 18:41 . 2012-05-29 18:41 -------- d-----w- c:\users\Debbie\AppData\Roaming\GlarySoft
2012-05-27 19:36 . 2012-05-27 19:36 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-27 13:25 . 2012-05-27 13:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-26 07:23 . 2012-05-26 07:23 -------- d-----w- c:\windows\Options
2012-05-26 05:54 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-26 05:54 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-26 05:54 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-26 05:54 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-26 05:54 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-26 05:54 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-26 05:54 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-26 05:54 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F9A1D4B-8E85-4451-B0CE-D888620785B6}\mpengine.dll
2012-05-26 05:48 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-26 05:48 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-26 05:48 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-26 05:48 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-26 05:48 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-26 05:48 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-26 05:46 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-26 05:46 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-26 05:46 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-26 05:46 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-26 05:46 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-26 05:46 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-26 05:46 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-26 05:45 . 2012-05-26 05:45 -------- d-----w- c:\programdata\Ulead Systems
2012-05-25 21:14 . 2012-05-25 21:14 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-05-25 21:14 . 2012-05-25 21:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-25 21:14 . 2012-05-25 21:14 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-25 21:14 . 2012-05-25 21:14 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 14:56 . 2011-07-06 11:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 18:15 . 2012-04-06 18:15 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-05-25 296056]
.
c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Debbie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2513771957-3432275252-4209845482-1001Core.job
- c:\users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 06:23]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2513771957-3432275252-4209845482-1001UA.job
- c:\users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 06:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.42.20.20 195.229.241.222
FF - ProfilePath - c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\0lzb1tlk.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-08 14:08:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 18:08
.
Pre-Run: 405,347,020,800 bytes free
Post-Run: 404,825,718,784 bytes free
.
- - End Of File - - C88053F3F761B1A3D1789E613232A20C

#14 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:04 AM

Posted 11 June 2012 - 08:59 AM

Hi rfsuper,



your logfiles look clean so far! :thumbup2:
Are there any open problems?



Step 1
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.





Step 2
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.





Step 3
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!





Step 4
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.





What you should post with your next answer:
  • an answer to my questions,
  • the logfile from MBAM,
  • the logfile from ESET,
  • the logfile from SecurityCheck.

Regards,
M-K-D-B

#15 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:04 AM

Posted 14 June 2012 - 11:24 AM

Hi rfsuper,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users