Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Multi.ZAccess.gen infection


  • This topic is locked This topic is locked
27 replies to this topic

#1 philo123

philo123

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 16 June 2012 - 09:22 PM

I have been hearing commercials/ads on my computer for the last few days while also experiencing redirects on my explorer page or just random windows opening with sites to advertisements or just google. I've done a tdss killer scan and it came up with only one infection: Backdoor.Multi.ZAccess.gen. I was now under the impression that if I got rid of this it would end the problems with my computer. I've tried deleting it but end up having to use a system restore because I find my computer in a constant reboot cycle. I would greatly appreciate guidance to rid my computer of all of these problems. Thank you.

DDS.txt log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by patheo at 18:57:26 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2160 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\svcs.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\patheo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{3679A348-943F-4028-9AD7-A26F1ADBA7B7} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{3679A348-943F-4028-9AD7-A26F1ADBA7B7}\361666564756279616 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO-X64: ALOT Appbar Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 ElRawDisk;ElRawDisk;\??\C:\windows\system32\drivers\rsdrvx64.sys --> C:\windows\system32\drivers\rsdrvx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111028.030\IDSviA64.sys [2011-10-28 488568]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NetworkLog;NetworkLog;C:\Windows\svcs.exe [2012-5-24 549872]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-6-13 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-6-13 838136]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-6 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-6 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-6-13 166528]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-16 14:58:48 -------- d-----we C:\windows\system64
2012-06-16 10:16:01 -------- d-----w- C:\Users\patheo\AppData\Local\ElevatedDiagnostics
2012-06-16 09:13:28 -------- d-----w- C:\Users\patheo\AppData\Roaming\Anvisoft
2012-06-16 09:12:24 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-06-16 07:20:34 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-06-16 07:20:34 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2012-06-16 07:20:33 -------- d-----w- C:\ProgramData\STOPzilla!
2012-06-16 06:35:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-15 10:52:56 -------- d-----w- C:\Users\patheo\AppData\Local\adaware
2012-06-14 09:50:24 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-14 09:50:24 -------- d-----w- C:\Program Files\AVAST Software
2012-06-14 05:24:38 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-06-14 05:23:35 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-06-14 05:18:06 -------- d-----w- C:\Users\patheo\AppData\Roaming\Ad-Aware Antivirus
2012-06-14 02:54:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-14 02:53:53 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2012-06-14 02:53:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-06-13 01:17:36 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-06-12 02:48:25 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys
2012-06-12 02:48:25 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\srtsp64.sys
2012-06-12 02:48:25 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys
2012-06-12 02:48:25 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
2012-06-12 02:48:25 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys
2012-06-12 02:48:25 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys
2012-06-12 02:48:15 -------- d-----w- C:\windows\System32\drivers\NISx64\1207020.003
2012-06-05 00:26:43 -------- d-----w- C:\ProgramData\Conexant
2012-06-05 00:26:41 -------- d-----w- C:\Users\patheo\AppData\Local\Conexant
2012-06-04 06:25:11 -------- d-----w- C:\Users\patheo\AppData\Local\{35B2B53C-B9F4-40E2-806B-5361C681231C}
2012-06-01 21:56:39 40960 ----a-r- C:\Users\patheo\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-06-01 21:56:39 40960 ----a-r- C:\Users\patheo\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-06-01 21:56:38 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2012-05-28 21:13:40 -------- d-----w- C:\Users\patheo\AppData\Local\{CE530F4A-D40E-4870-A34F-610ADCE81A65}
2012-05-24 07:58:08 549872 ----a-w- C:\windows\svcs.exe
2012-05-24 07:40:12 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-06-14 01:36:58 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 01:36:58 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-05 05:22:23 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-03-31 19:25:28 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 18:58:03.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 16 June 2012 - 11:29 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 philo123

philo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 17 June 2012 - 12:50 AM

this is the infomation from the checkup.txt.

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 17 June 2012 - 01:12 AM

Thank you and let me have the combofix report when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 philo123

philo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 17 June 2012 - 01:57 AM

For some reason I can't open Norton Internet Security that came with the computer as a thirty day free trial. I can't even uninstall it. I fear running combofix before resolving this. What should I do?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 17 June 2012 - 09:29 AM

go ahead and run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 philo123

philo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 17 June 2012 - 10:11 PM

I ran combofix and got the message "illegal operation attempted on registry key that has been marked for deletion" so I restarted the computer as you said but now it is in a reboot cycle ending up on windows error recovery stating that it has failed to start. what should I do?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 17 June 2012 - 10:30 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 philo123

philo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 17 June 2012 - 11:46 PM

Here is the FRST log.

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 17-06-2012 21:42:05
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-08-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 2010-08-10] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [415256 2010-08-10] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\patheo\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-14] (Google Inc.)
HKU\patheo\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\patheo\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 btkrnl; C:\Windows\System32\SED133x.dll [6656 2009-07-13] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-18] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 ElRawDisk; \??\C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [239136 2010-02-08] (Realtek Semiconductor Corp.)
3 rtl8192Ce; C:\Windows\System32\Drivers\rtl8192Ce.sys [877088 2010-02-12] (Realtek Semiconductor Corporation )
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: btkrnl -> C:\Windows\system32\SED133x.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess

============ One Month Created Files and Folders ==============

2012-06-17 19:00 - 2012-06-17 19:00 - 00017738 ____A C:\Users\patheo\Desktop\combofix log.txt
2012-06-17 18:57 - 2012-06-17 18:57 - 00017738 ____A C:\ComboFix.txt
2012-06-17 18:51 - 2012-06-17 18:51 - 00000000 __SHD C:\$RECYCLE.BIN
2012-06-17 18:50 - 2012-06-17 18:51 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-17 18:43 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-17 18:43 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-17 18:43 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-17 18:43 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-17 18:43 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-17 18:43 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-17 18:43 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-17 18:43 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-17 04:28 - 2012-06-17 04:28 - 04560591 ____R (Swearware) C:\Users\patheo\Desktop\ComboFix.exe
2012-06-17 03:35 - 2012-06-17 03:38 - 00284132 ____A C:\Windows\ntbtlog.txt
2012-06-16 23:01 - 2012-06-16 23:01 - 00853862 ____A C:\Users\patheo\Desktop\SecurityCheck.exe
2012-06-16 23:00 - 2012-06-16 23:00 - 00607260 ____A (Swearware) C:\Users\patheo\Desktop\dds.scr
2012-06-16 22:59 - 2012-06-16 22:59 - 00050477 ____A C:\Users\patheo\Desktop\Defogger.exe
2012-06-16 21:46 - 2012-06-16 21:46 - 00001016 ____A C:\Users\patheo\Desktop\checkup.txt
2012-06-16 17:59 - 2012-06-16 17:59 - 00025007 ____A C:\Users\patheo\Desktop\DDS.txt
2012-06-16 17:59 - 2012-06-16 17:59 - 00008844 ____A C:\Users\patheo\Desktop\Attach.txt
2012-06-16 16:43 - 2012-06-16 16:43 - 00000474 ____A C:\Users\patheo\Desktop\defogger_disable.log
2012-06-16 16:43 - 2012-06-16 16:43 - 00000000 ____A C:\Users\patheo\defogger_reenable
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-06-16 06:23 - 2012-06-17 18:57 - 00000000 ____D C:\Qoobox
2012-06-16 06:23 - 2012-06-17 18:50 - 00000000 ____D C:\Windows\erdnt
2012-06-16 02:16 - 2012-06-16 02:16 - 00000000 ____D C:\Users\patheo\AppData\Local\ElevatedDiagnostics
2012-06-16 01:13 - 2012-06-16 01:13 - 00000000 ____D C:\Users\patheo\AppData\Roaming\Anvisoft
2012-06-15 23:20 - 2012-06-15 23:26 - 00000000 ____D C:\Users\All Users\STOPzilla!
2012-06-15 22:48 - 2012-06-17 18:51 - 00001167 ____A C:\Windows\setupact.log
2012-06-15 02:52 - 2012-06-15 02:52 - 00000000 ____D C:\Users\patheo\AppData\Local\adaware
2012-06-14 01:50 - 2012-06-14 05:17 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-14 01:50 - 2012-06-14 05:17 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-13 21:24 - 2012-06-15 23:46 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-06-13 21:23 - 2012-06-13 21:23 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-13 21:18 - 2012-06-15 02:53 - 00000000 ____D C:\Users\patheo\AppData\Roaming\Ad-Aware Antivirus
2012-06-13 18:54 - 2012-06-17 03:47 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-13 18:53 - 2009-01-25 12:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-06-13 02:01 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 02:01 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 02:01 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 02:01 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 02:01 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 02:01 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 02:01 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 02:01 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 02:01 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 02:01 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 02:01 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 02:01 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 02:01 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 02:01 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 02:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 02:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 02:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 02:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 02:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 02:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 02:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 02:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 02:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 02:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 02:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 02:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 02:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 02:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 17:17 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 17:17 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 17:17 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 17:17 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 17:17 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 17:17 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 17:17 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 17:17 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 17:17 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 17:17 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 17:17 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 17:17 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 17:17 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 17:17 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 17:17 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 17:17 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 17:17 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-08 18:58 - 2012-06-08 19:56 - 104857600 ____A C:\Users\patheo\Downloads\Latin_Adultery_-_Celeste.part1.rar
2012-06-08 03:26 - 2012-06-08 06:07 - 00000226 ____A C:\Users\patheo\Downloads\mottto-soe601-cd1.part1.rar
2012-06-04 16:26 - 2012-06-04 16:26 - 00000000 ____D C:\Users\patheo\AppData\Local\Conexant
2012-06-04 16:26 - 2012-06-04 16:26 - 00000000 ____D C:\Users\All Users\Conexant
2012-06-03 22:25 - 2012-06-03 22:25 - 00000000 ____D C:\Users\patheo\AppData\Local\{35B2B53C-B9F4-40E2-806B-5361C681231C}
2012-06-03 00:58 - 2012-06-03 00:58 - 00011131 ____A C:\Users\patheo\Documents\My Film M A Factual Report
2012-06-01 14:03 - 2012-06-01 20:14 - 00000000 ____D C:\Users\patheo\Downloads\Nintendo 64 Games
2012-06-01 13:59 - 2012-06-01 15:01 - 00001872 ____A C:\Users\patheo\Desktop\Project64 1.6.lnk
2012-06-01 13:56 - 2012-06-01 13:56 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2012-06-01 05:47 - 2012-06-01 05:47 - 00001293 ____A C:\Users\patheo\Desktop\Classic Arcade Games.lnk
2012-06-01 02:26 - 2012-06-14 21:21 - 00000000 ____D C:\Users\patheo\Downloads\MameUI64
2012-05-28 13:13 - 2012-05-28 13:13 - 00000000 ____D C:\Users\patheo\AppData\Local\{CE530F4A-D40E-4870-A34F-610ADCE81A65}


============ 3 Months Modified Files and Folders =============

2012-06-17 21:42 - 2012-06-17 21:41 - 00000000 ____D C:\FRST
2012-06-17 20:32 - 2011-01-05 23:31 - 4083007488 __ASH C:\pagefile.sys
2012-06-17 20:32 - 2011-01-05 23:31 - 3062255616 __ASH C:\hiberfil.sys
2012-06-17 19:06 - 2011-01-05 23:36 - 01993928 ____A C:\Windows\WindowsUpdate.log
2012-06-17 19:05 - 2010-10-14 20:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-17 19:00 - 2012-06-17 19:00 - 00017738 ____A C:\Users\patheo\Desktop\combofix log.txt
2012-06-17 18:59 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-17 18:59 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-17 18:57 - 2012-06-17 18:57 - 00017738 ____A C:\ComboFix.txt
2012-06-17 18:57 - 2012-06-16 06:23 - 00000000 ____D C:\Qoobox
2012-06-17 18:57 - 2009-07-13 19:20 - 00000000 ___AD C:\Windows
2012-06-17 18:55 - 2009-07-13 21:13 - 00744346 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-17 18:51 - 2012-06-17 18:51 - 00000000 __SHD C:\$RECYCLE.BIN
2012-06-17 18:51 - 2012-06-17 18:50 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-17 18:51 - 2012-06-15 22:48 - 00001167 ____A C:\Windows\setupact.log
2012-06-17 18:51 - 2010-10-14 20:32 - 01135342 ____A C:\Windows\PFRO.log
2012-06-17 18:51 - 2010-10-14 20:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-17 18:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-17 18:51 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-17 18:50 - 2012-06-16 06:23 - 00000000 ____D C:\Windows\erdnt
2012-06-17 18:50 - 2009-07-13 18:34 - 60030976 ____A C:\Windows\System32\config\software.bak
2012-06-17 18:50 - 2009-07-13 18:34 - 15466496 ____A C:\Windows\System32\config\system.bak
2012-06-17 18:50 - 2009-07-13 18:34 - 01572864 ____A C:\Windows\System32\config\default.bak
2012-06-17 18:50 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-06-17 18:50 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-06-17 18:42 - 2012-03-04 19:29 - 00000000 ____D C:\Users\patheo\AppData\Roaming\Skype
2012-06-17 05:11 - 2012-03-28 12:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-17 04:54 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2012-06-17 04:34 - 2010-10-21 13:28 - 00000000 __SHD C:\System Volume Information
2012-06-17 04:28 - 2012-06-17 04:28 - 04560591 ____R (Swearware) C:\Users\patheo\Desktop\ComboFix.exe
2012-06-17 04:11 - 2011-01-06 00:00 - 00000000 ____D C:\Users\All Users\Norton
2012-06-17 04:11 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
2012-06-17 04:04 - 2011-01-06 00:00 - 00000000 ____D C:\Users\All Users\NortonInstaller
2012-06-17 03:47 - 2012-06-13 18:54 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-17 03:38 - 2012-06-17 03:35 - 00284132 ____A C:\Windows\ntbtlog.txt
2012-06-16 23:27 - 2012-01-10 23:01 - 00000000 ____D C:\Program Files (x86)\7-Zip
2012-06-16 23:27 - 2011-12-28 16:34 - 00000000 ____D C:\Users\patheo\Downloads\Software
2012-06-16 23:27 - 2011-05-24 20:47 - 00000000 ____D C:\Users\patheo\AppData\Local\TOSHIBA_Corporation
2012-06-16 23:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-16 23:25 - 2011-12-28 16:29 - 00000000 ____D C:\Users\patheo\Downloads\New folder
2012-06-16 23:25 - 2009-07-13 19:20 - 00000000 ___RD C:\Users
2012-06-16 23:24 - 2010-10-14 19:57 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-16 23:24 - 2009-07-13 19:20 - 00000000 ____D C:\ProgramData
2012-06-16 23:01 - 2012-06-16 23:01 - 00853862 ____A C:\Users\patheo\Desktop\SecurityCheck.exe
2012-06-16 23:00 - 2012-06-16 23:00 - 00607260 ____A (Swearware) C:\Users\patheo\Desktop\dds.scr
2012-06-16 22:59 - 2012-06-16 22:59 - 00050477 ____A C:\Users\patheo\Desktop\Defogger.exe
2012-06-16 22:46 - 2011-05-24 19:58 - 00000000 ____D C:\users\patheo
2012-06-16 22:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-16 21:46 - 2012-06-16 21:46 - 00001016 ____A C:\Users\patheo\Desktop\checkup.txt
2012-06-16 17:59 - 2012-06-16 17:59 - 00025007 ____A C:\Users\patheo\Desktop\DDS.txt
2012-06-16 17:59 - 2012-06-16 17:59 - 00008844 ____A C:\Users\patheo\Desktop\Attach.txt
2012-06-16 16:43 - 2012-06-16 16:43 - 00000474 ____A C:\Users\patheo\Desktop\defogger_disable.log
2012-06-16 16:43 - 2012-06-16 16:43 - 00000000 ____A C:\Users\patheo\defogger_reenable
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-06-16 06:35 - 2012-06-16 06:35 - 00000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-06-16 02:16 - 2012-06-16 02:16 - 00000000 ____D C:\Users\patheo\AppData\Local\ElevatedDiagnostics
2012-06-16 01:13 - 2012-06-16 01:13 - 00000000 ____D C:\Users\patheo\AppData\Roaming\Anvisoft
2012-06-15 23:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-15 23:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-15 23:46 - 2012-06-13 21:24 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-06-15 23:44 - 2011-12-25 18:05 - 00000000 ____D C:\Program Files (x86)\Real
2012-06-15 23:26 - 2012-06-15 23:20 - 00000000 ____D C:\Users\All Users\STOPzilla!
2012-06-15 22:51 - 2011-08-11 01:00 - 00000000 ____D C:\Config.Msi
2012-06-15 22:49 - 2011-05-24 20:01 - 00000000 ____D C:\Users\patheo\AppData\Local\Deployment
2012-06-15 02:53 - 2012-06-13 21:18 - 00000000 ____D C:\Users\patheo\AppData\Roaming\Ad-Aware Antivirus
2012-06-15 02:52 - 2012-06-15 02:52 - 00000000 ____D C:\Users\patheo\AppData\Local\adaware
2012-06-15 00:20 - 2012-02-17 23:48 - 00000000 ____D C:\Users\patheo\AppData\Roaming\Guitar Pro 6
2012-06-15 00:19 - 2011-12-25 18:05 - 00000000 ____D C:\Users\patheo\AppData\Roaming\Real
2012-06-14 23:48 - 2009-07-13 21:08 - 00000000 ____D C:\users\Administrator
2012-06-14 21:24 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-06-14 21:21 - 2012-06-01 02:26 - 00000000 ____D C:\Users\patheo\Downloads\MameUI64
2012-06-14 21:21 - 2011-12-25 18:05 - 00000000 ____D C:\Users\All Users\Real
2012-06-14 20:27 - 2011-09-03 17:53 - 00000000 ____D C:\Users\patheo\AppData\Local\CrashDumps
2012-06-14 05:17 - 2012-06-14 01:50 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-14 05:17 - 2012-06-14 01:50 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-13 21:23 - 2012-06-13 21:23 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-13 17:36 - 2012-03-28 12:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-13 17:36 - 2011-07-09 16:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-13 17:35 - 2009-07-13 20:45 - 00283168 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 02:09 - 2011-08-21 21:37 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-08 19:56 - 2012-06-08 18:58 - 104857600 ____A C:\Users\patheo\Downloads\Latin_Adultery_-_Celeste.part1.rar
2012-06-08 06:07 - 2012-06-08 03:26 - 00000226 ____A C:\Users\patheo\Downloads\mottto-soe601-cd1.part1.rar
2012-06-04 16:26 - 2012-06-04 16:26 - 00000000 ____D C:\Users\patheo\AppData\Local\Conexant
2012-06-04 16:26 - 2012-06-04 16:26 - 00000000 ____D C:\Users\All Users\Conexant
2012-06-03 22:25 - 2012-06-03 22:25 - 00000000 ____D C:\Users\patheo\AppData\Local\{35B2B53C-B9F4-40E2-806B-5361C681231C}
2012-06-03 22:23 - 2011-12-28 16:32 - 00000000 ____D C:\Users\patheo\Downloads\New Entries
2012-06-03 00:58 - 2012-06-03 00:58 - 00011131 ____A C:\Users\patheo\Documents\My Film M A Factual Report
2012-06-01 20:14 - 2012-06-01 14:03 - 00000000 ____D C:\Users\patheo\Downloads\Nintendo 64 Games
2012-06-01 15:01 - 2012-06-01 13:59 - 00001872 ____A C:\Users\patheo\Desktop\Project64 1.6.lnk
2012-06-01 13:56 - 2012-06-01 13:56 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2012-06-01 13:51 - 2011-05-24 20:00 - 00000000 ____D C:\Users\patheo\AppData\Local\VirtualStore
2012-06-01 05:47 - 2012-06-01 05:47 - 00001293 ____A C:\Users\patheo\Desktop\Classic Arcade Games.lnk
2012-06-01 05:46 - 2011-12-28 16:34 - 00000000 ____D C:\Users\patheo\Downloads\Hellenic
2012-05-28 13:13 - 2012-05-28 13:13 - 00000000 ____D C:\Users\patheo\AppData\Local\{CE530F4A-D40E-4870-A34F-610ADCE81A65}
2012-05-17 18:47 - 2012-06-13 02:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 02:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 02:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 02:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 02:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 02:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 02:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 02:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 02:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 02:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 02:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 02:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 02:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 02:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 02:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 02:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 02:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-12 17:17 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 13:31 - 2012-05-12 13:31 - 00000000 ____D C:\Users\patheo\AppData\Local\{F297EFAC-7FD3-4B01-8E61-F6BB15F76034}
2012-05-12 11:31 - 2011-12-28 16:36 - 00000000 ____D C:\Users\patheo\Downloads\Movies
2012-05-12 01:15 - 2012-05-12 01:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-12 01:15 - 2012-05-12 01:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 06:35 - 2012-04-12 19:53 - 00028346 ____A C:\Users\patheo\Documents\Personal Narrative Second Draft.doc
2012-05-10 06:06 - 2012-05-10 06:05 - 00005040 ____A C:\Users\patheo\Documents\question 4.odt
2012-05-10 05:11 - 2012-05-10 05:11 - 00004732 ____A C:\Users\patheo\Documents\question 3.rtf
2012-05-10 04:40 - 2012-05-10 04:40 - 00006246 ____A C:\Users\patheo\Documents\question 2.rtf
2012-05-09 05:00 - 2012-05-09 05:00 - 00002764 ____A C:\Users\patheo\Documents\listening journal 5.rtf
2012-05-09 04:52 - 2012-05-07 06:11 - 00024077 ____A C:\Users\patheo\Documents\modern.rtf
2012-05-08 23:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-07 07:53 - 2012-05-06 17:24 - 02269568 ____A C:\Users\patheo\Documents\history of music presentation.odp
2012-05-07 07:53 - 2011-09-18 22:14 - 00000000 ____D C:\Users\patheo\AppData\Roaming\SoftGrid Client
2012-05-07 06:10 - 2012-05-07 06:10 - 00007570 ____A C:\Users\patheo\Documents\poem 4.rtf
2012-05-06 12:33 - 2012-05-06 12:33 - 00002186 ____A C:\Users\patheo\Documents\kk.odb
2012-05-04 21:22 - 2012-03-28 13:12 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-12 17:17 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 17:17 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 17:17 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 17:36 - 2012-05-02 17:35 - 00000000 ____D C:\Users\patheo\AppData\Local\{312B96A4-D9F5-4174-9F17-A784A92F75D7}
2012-04-30 21:40 - 2012-06-12 17:17 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 17:17 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 14:47 - 2012-04-26 14:46 - 00007785 ____A C:\Users\patheo\Documents\poem 1.rtf
2012-04-25 21:41 - 2012-06-12 17:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 17:17 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 17:17 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 06:36 - 2012-04-25 06:36 - 00002812 ____A C:\Users\patheo\Documents\listening journal 3.rtf
2012-04-25 06:24 - 2012-04-25 06:24 - 00002791 ____A C:\Users\patheo\Documents\listening journal 2.rtf
2012-04-23 21:37 - 2012-06-12 17:17 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 17:17 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 17:17 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 17:17 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 17:17 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 17:17 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 18:11 - 2012-04-11 18:18 - 00000000 ____D C:\Users\patheo\Downloads\Articles & Essays
2012-04-23 04:53 - 2012-04-23 04:53 - 00002899 ____A C:\Users\patheo\Documents\listening journal.rtf
2012-04-21 13:04 - 2012-04-21 13:04 - 00000162 ___AH C:\Users\patheo\Documents\~$ilosophy Spring Essay.rtf
2012-04-19 10:16 - 2012-04-19 03:51 - 00016327 ____A C:\Users\patheo\Documents\Philosophy Spring Essay.rtf
2012-04-16 11:15 - 2012-04-16 11:15 - 00000162 ___AH C:\Users\patheo\Downloads\~$say #2, Spring.docx
2012-04-16 10:47 - 2012-04-16 10:47 - 00000162 ___AH C:\Users\patheo\Documents\~$ul Theodorou's Cover Letter.docx
2012-04-14 18:34 - 2012-04-14 18:25 - 00000000 ____D C:\Users\patheo\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-04-14 18:34 - 2012-04-14 18:25 - 00000000 ____D C:\Users\All Users\Virtualized Applications
2012-04-14 18:25 - 2011-09-18 22:14 - 00000000 ____D C:\Users\patheo\AppData\Local\SoftGrid Client
2012-04-11 18:19 - 2012-04-11 18:17 - 00000000 ____D C:\Users\patheo\Downloads\Important Documents
2012-04-07 04:31 - 2012-06-12 17:17 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 17:17 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 06:43 - 2012-03-29 20:05 - 00020634 ____A C:\Users\patheo\Documents\Personal Narrative.docx
2012-04-04 05:05 - 2012-04-03 18:36 - 00025393 ____A C:\Users\patheo\Documents\Beethoven.docx
2012-04-04 04:54 - 2012-04-04 04:54 - 00016995 ____A C:\Users\patheo\Documents\Concert Reflection.docx
2012-04-04 04:31 - 2012-04-03 12:21 - 00019929 ____A C:\Users\patheo\Documents\Anschluss can be regarded as disregarded tragedy of World War II.docx
2012-04-04 00:17 - 2012-04-04 00:17 - 00014870 ____A C:\Users\patheo\Documents\This idea of transformation of music through power and the power of music to transform seem to go hand in hand.docx
2012-04-03 22:13 - 2012-04-03 22:13 - 00016452 ____A C:\Users\patheo\Documents\The power of music to transform the aspects of life is quite prevalent to see.docx
2012-04-03 22:13 - 2012-04-03 22:13 - 00000162 ___AH C:\Users\patheo\Documents\~$e power of music to transform the aspects of life is quite prevalent to see.docx
2012-04-03 18:36 - 2012-04-03 18:36 - 00000162 ___AH C:\Users\patheo\Documents\~$ethoven.docx
2012-04-01 19:15 - 2012-01-26 10:08 - 00020010 ____A C:\Users\patheo\Documents\Paul Theodorou's Cover Letter.docx
2012-04-01 11:21 - 2012-04-01 11:21 - 00000000 ____D C:\Users\patheo\AppData\Local\Mendeley Ltd
2012-03-31 18:26 - 2012-03-31 18:26 - 00000162 ___AH C:\Users\patheo\Documents\~$rsonal Narrative.docx
2012-03-31 11:25 - 2012-03-31 11:25 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-31 11:25 - 2012-03-31 11:25 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-31 11:25 - 2012-03-31 11:25 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-31 11:25 - 2012-03-31 11:25 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-31 11:25 - 2012-03-31 11:25 - 00000000 ____D C:\Users\All Users\Sun
2012-03-30 03:35 - 2012-05-08 16:12 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 06:18 - 2012-03-29 06:18 - 00016949 ____A C:\Users\patheo\Documents\The passage that stuck out to me is in Heather Treseler.docx
2012-03-27 06:20 - 2012-03-27 06:19 - 00016526 ____A C:\Users\patheo\Documents\The passage the stuck out to me was in Hannah Swaim.docx
2012-03-26 11:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-03-21 04:11 - 2012-03-21 04:11 - 00015746 ____A C:\Users\patheo\Documents\Bach.docx
2012-03-21 03:08 - 2012-03-21 03:08 - 00015738 ____A C:\Users\patheo\Documents\Rameau.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3893.86 MB
Available physical RAM: 3356.86 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3343.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106033W0C) (Fixed) (Total:452.58 GB) (Free:330.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 977 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 452 GB 1501 MB
Partition 3 Primary 11 GB 454 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106033W0C NTFS Partition 452 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 976 MB 122 KB

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 976 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 00:06

======================= End Of Log ==========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 17 June 2012 - 11:55 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2 btkrnl; C:\Windows\System32\SED133x.dll [6656 2009-07-13] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
C:\Windows\System32\SED133x.dll
NETSVC: btkrnl -> C:\Windows\system32\SED133x.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 philo123

philo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 18 June 2012 - 12:12 AM

Here is the Fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 04
Ran by SYSTEM at 2012-06-17 22:11:08 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
btkrnl service deleted successfully.
C:\Windows\System32\SED133x.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs btkrnl Deleted successfully.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 18 June 2012 - 07:49 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 philo123

philo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 18 June 2012 - 10:35 PM

Here is the Combofix log. The computer seems to be functioning fine.

ComboFix 12-06-16.02 - patheo 06/18/2012 20:13:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2423 [GMT -7:00]
Running from: c:\users\patheo\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 03:20 . 2012-06-19 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 03:20 . 2012-06-19 03:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-19 03:11 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{203E1C01-A66E-4430-9772-224439252959}\mpengine.dll
2012-06-18 05:41 . 2012-06-18 05:42 -------- d-----w- C:\FRST
2012-06-16 10:16 . 2012-06-16 10:16 -------- d-----w- c:\users\patheo\AppData\Local\ElevatedDiagnostics
2012-06-16 09:13 . 2012-06-16 09:13 -------- d-----w- c:\users\patheo\AppData\Roaming\Anvisoft
2012-06-16 07:20 . 2012-06-16 07:20 -------- d-----w- c:\program files (x86)\Common Files\iS3
2012-06-16 07:20 . 2012-06-16 07:26 -------- d-----w- c:\programdata\STOPzilla!
2012-06-15 10:52 . 2012-06-15 10:52 -------- d-----w- c:\users\patheo\AppData\Local\adaware
2012-06-14 09:50 . 2012-06-14 13:17 -------- d-----w- c:\programdata\AVAST Software
2012-06-14 09:50 . 2012-06-14 13:17 -------- d-----w- c:\program files\AVAST Software
2012-06-14 05:24 . 2012-06-16 07:46 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-06-14 05:23 . 2012-06-14 05:23 -------- d-----w- c:\programdata\Lavasoft
2012-06-14 05:18 . 2012-06-15 10:53 -------- d-----w- c:\users\patheo\AppData\Roaming\Ad-Aware Antivirus
2012-06-14 02:54 . 2012-06-17 11:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-14 02:53 . 2009-01-25 20:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-06-13 01:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-05 00:26 . 2012-06-05 00:26 -------- d-----w- c:\programdata\Conexant
2012-06-05 00:26 . 2012-06-05 00:26 -------- d-----w- c:\users\patheo\AppData\Local\Conexant
2012-06-01 21:56 . 2012-06-01 21:56 40960 ----a-r- c:\users\patheo\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-06-01 21:56 . 2012-06-01 21:56 40960 ----a-r- c:\users\patheo\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-06-01 21:56 . 2012-06-01 21:56 -------- d-----w- c:\program files (x86)\Project64 1.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 01:36 . 2012-03-28 20:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 01:36 . 2011-07-10 00:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 05:22 . 2012-03-28 21:12 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 19:25 . 2012-03-31 19:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-09 00:12 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-26 06:38 . 2011-09-06 18:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-25 16:59 . 2011-09-07 13:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_02.51.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-19 03:20 . 2012-06-19 03:20 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-18 02:50 . 2012-06-18 02:50 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-10-15 03:20 . 2012-06-19 03:24 56452 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-19 03:24 44534 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-25 04:00 . 2012-06-19 03:24 17194 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2810913871-1016837226-2131129804-1001_UserData.bin
- 2011-10-09 22:14 . 2012-06-17 06:18 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-10-09 22:14 . 2012-06-18 03:07 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-05-25 03:50 . 2012-06-18 02:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-25 03:50 . 2012-06-18 02:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-25 03:50 . 2012-06-18 02:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-25 03:50 . 2012-06-18 02:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 02:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-18 02:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-02 08:03 . 2012-06-17 06:17 5204 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-02 08:03 . 2012-06-18 03:06 5204 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-18 02:51 . 2012-06-18 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 03:20 . 2012-06-19 03:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 03:20 . 2012-06-19 03:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-18 02:51 . 2012-06-18 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-18 02:37 637308 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-19 03:10 637308 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 02:37 111166 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-19 03:10 111166 c:\windows\system32\perfc009.dat
+ 2011-06-20 05:00 . 2012-02-23 17:18 279656 c:\windows\system32\MpSigStub.exe
- 2011-06-20 05:00 . 2012-02-23 13:18 279656 c:\windows\system32\MpSigStub.exe
- 2009-07-14 05:01 . 2012-06-18 02:50 261556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-19 03:20 261556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-07 12:28 . 2012-06-18 02:50 7245006 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2810913871-1016837226-2131129804-1001-8192.dat
+ 2011-09-07 12:28 . 2012-06-19 03:20 7245006 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2810913871-1016837226-2131129804-1001-8192.dat
- 2009-07-14 02:34 . 2012-06-17 07:30 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-18 05:15 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\patheo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 01:36]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-18 20:27:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 03:27
ComboFix2.txt 2012-06-18 02:57
ComboFix3.txt 2012-06-16 14:47
.
Pre-Run: 355,908,648,960 bytes free
Post-Run: 355,742,162,944 bytes free
.
- - End Of File - - 36CB08BFFD66FEED5834723B4F28A11D

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 PM

Posted 18 June 2012 - 10:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 philo123

philo123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 18 June 2012 - 11:32 PM

Here is the log from TDSSKiller. 0 objects were detected.

21:22:05.0233 6112 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:22:05.0654 6112 ============================================================
21:22:05.0654 6112 Current date / time: 2012/06/18 21:22:05.0654
21:22:05.0654 6112 SystemInfo:
21:22:05.0654 6112
21:22:05.0654 6112 OS Version: 6.1.7601 ServicePack: 1.0
21:22:05.0654 6112 Product type: Workstation
21:22:05.0654 6112 ComputerName: REXJR
21:22:05.0654 6112 UserName: patheo
21:22:05.0654 6112 Windows directory: C:\windows
21:22:05.0654 6112 System windows directory: C:\windows
21:22:05.0654 6112 Running under WOW64
21:22:05.0654 6112 Processor architecture: Intel x64
21:22:05.0654 6112 Number of processors: 2
21:22:05.0654 6112 Page size: 0x1000
21:22:05.0654 6112 Boot type: Normal boot
21:22:05.0654 6112 ============================================================
21:22:06.0185 6112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:22:06.0185 6112 ============================================================
21:22:06.0185 6112 \Device\Harddisk0\DR0:
21:22:06.0185 6112 MBR partitions:
21:22:06.0185 6112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38926800
21:22:06.0185 6112 ============================================================
21:22:06.0216 6112 C: <-> \Device\Harddisk0\DR0\Partition0
21:22:06.0216 6112 ============================================================
21:22:06.0216 6112 Initialize success
21:22:06.0216 6112 ============================================================
21:22:09.0944 3632 ============================================================
21:22:09.0944 3632 Scan started
21:22:09.0944 3632 Mode: Manual;
21:22:09.0944 3632 ============================================================
21:22:15.0046 3632 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:22:15.0046 3632 1394ohci - ok
21:22:15.0108 3632 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:22:15.0108 3632 ACPI - ok
21:22:15.0155 3632 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:22:15.0155 3632 AcpiPmi - ok
21:22:15.0295 3632 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:22:15.0295 3632 AdobeFlashPlayerUpdateSvc - ok
21:22:15.0389 3632 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
21:22:15.0389 3632 adp94xx - ok
21:22:15.0467 3632 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
21:22:15.0467 3632 adpahci - ok
21:22:15.0498 3632 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
21:22:15.0498 3632 adpu320 - ok
21:22:15.0560 3632 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:22:15.0560 3632 AeLookupSvc - ok
21:22:15.0638 3632 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:22:15.0654 3632 AFD - ok
21:22:15.0716 3632 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:22:15.0716 3632 agp440 - ok
21:22:15.0763 3632 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:22:15.0763 3632 ALG - ok
21:22:15.0826 3632 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:22:15.0826 3632 aliide - ok
21:22:15.0872 3632 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:22:15.0872 3632 amdide - ok
21:22:15.0919 3632 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
21:22:15.0919 3632 AmdK8 - ok
21:22:15.0919 3632 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:22:15.0919 3632 AmdPPM - ok
21:22:15.0997 3632 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:22:15.0997 3632 amdsata - ok
21:22:16.0044 3632 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
21:22:16.0044 3632 amdsbs - ok
21:22:16.0075 3632 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:22:16.0075 3632 amdxata - ok
21:22:16.0138 3632 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:22:16.0138 3632 AppID - ok
21:22:16.0153 3632 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:22:16.0169 3632 AppIDSvc - ok
21:22:16.0200 3632 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:22:16.0200 3632 Appinfo - ok
21:22:16.0294 3632 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:22:16.0309 3632 Apple Mobile Device - ok
21:22:16.0403 3632 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
21:22:16.0403 3632 arc - ok
21:22:16.0403 3632 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
21:22:16.0418 3632 arcsas - ok
21:22:16.0434 3632 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:22:16.0434 3632 AsyncMac - ok
21:22:16.0481 3632 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:22:16.0481 3632 atapi - ok
21:22:16.0559 3632 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:22:16.0574 3632 AudioEndpointBuilder - ok
21:22:16.0590 3632 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:22:16.0590 3632 AudioSrv - ok
21:22:16.0637 3632 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:22:16.0652 3632 AxInstSV - ok
21:22:16.0715 3632 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
21:22:16.0715 3632 b06bdrv - ok
21:22:16.0777 3632 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:22:16.0793 3632 b57nd60a - ok
21:22:16.0840 3632 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:22:16.0855 3632 BDESVC - ok
21:22:16.0871 3632 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:22:16.0871 3632 Beep - ok
21:22:16.0964 3632 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:22:16.0980 3632 BFE - ok
21:22:17.0042 3632 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
21:22:17.0058 3632 BITS - ok
21:22:17.0120 3632 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:22:17.0120 3632 blbdrive - ok
21:22:17.0245 3632 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:22:17.0245 3632 Bonjour Service - ok
21:22:17.0292 3632 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:22:17.0292 3632 bowser - ok
21:22:17.0339 3632 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:22:17.0339 3632 BrFiltLo - ok
21:22:17.0354 3632 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:22:17.0354 3632 BrFiltUp - ok
21:22:17.0386 3632 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
21:22:17.0386 3632 BridgeMP - ok
21:22:17.0417 3632 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:22:17.0417 3632 Browser - ok
21:22:17.0448 3632 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:22:17.0464 3632 Brserid - ok
21:22:17.0464 3632 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:22:17.0464 3632 BrSerWdm - ok
21:22:17.0479 3632 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:22:17.0479 3632 BrUsbMdm - ok
21:22:17.0479 3632 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:22:17.0479 3632 BrUsbSer - ok
21:22:17.0495 3632 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
21:22:17.0495 3632 BTHMODEM - ok
21:22:17.0557 3632 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:22:17.0573 3632 bthserv - ok
21:22:17.0604 3632 catchme - ok
21:22:17.0635 3632 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:22:17.0635 3632 cdfs - ok
21:22:17.0682 3632 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:22:17.0682 3632 cdrom - ok
21:22:17.0729 3632 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:22:17.0729 3632 CertPropSvc - ok
21:22:17.0776 3632 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
21:22:17.0776 3632 circlass - ok
21:22:17.0838 3632 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:22:17.0838 3632 CLFS - ok
21:22:17.0916 3632 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:22:17.0916 3632 clr_optimization_v2.0.50727_32 - ok
21:22:17.0947 3632 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:22:17.0947 3632 clr_optimization_v2.0.50727_64 - ok
21:22:18.0041 3632 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:22:18.0041 3632 clr_optimization_v4.0.30319_32 - ok
21:22:18.0056 3632 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:22:18.0056 3632 clr_optimization_v4.0.30319_64 - ok
21:22:18.0103 3632 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:22:18.0103 3632 CmBatt - ok
21:22:18.0119 3632 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:22:18.0134 3632 cmdide - ok
21:22:18.0197 3632 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:22:18.0197 3632 CNG - ok
21:22:18.0244 3632 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
21:22:18.0244 3632 Compbatt - ok
21:22:18.0275 3632 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
21:22:18.0275 3632 CompositeBus - ok
21:22:18.0290 3632 COMSysApp - ok
21:22:18.0337 3632 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
21:22:18.0337 3632 crcdisk - ok
21:22:18.0384 3632 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
21:22:18.0384 3632 CryptSvc - ok
21:22:18.0540 3632 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:22:18.0556 3632 cvhsvc - ok
21:22:18.0634 3632 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:22:18.0634 3632 DcomLaunch - ok
21:22:18.0665 3632 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:22:18.0680 3632 defragsvc - ok
21:22:18.0712 3632 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:22:18.0712 3632 DfsC - ok
21:22:18.0743 3632 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:22:18.0743 3632 Dhcp - ok
21:22:18.0774 3632 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:22:18.0774 3632 discache - ok
21:22:18.0821 3632 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
21:22:18.0821 3632 Disk - ok
21:22:18.0868 3632 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:22:18.0883 3632 Dnscache - ok
21:22:18.0914 3632 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:22:18.0914 3632 dot3svc - ok
21:22:18.0946 3632 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:22:18.0946 3632 DPS - ok
21:22:18.0992 3632 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:22:18.0992 3632 drmkaud - ok
21:22:19.0070 3632 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:22:19.0086 3632 DXGKrnl - ok
21:22:19.0148 3632 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:22:19.0148 3632 EapHost - ok
21:22:19.0367 3632 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
21:22:19.0398 3632 ebdrv - ok
21:22:19.0507 3632 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:22:19.0507 3632 EFS - ok
21:22:19.0601 3632 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:22:19.0616 3632 ehRecvr - ok
21:22:19.0648 3632 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:22:19.0648 3632 ehSched - ok
21:22:19.0710 3632 ElRawDisk (4778eeecb75c6fb419745beed3530b9d) C:\windows\system32\drivers\rsdrvx64.sys
21:22:19.0726 3632 ElRawDisk - ok
21:22:19.0819 3632 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
21:22:19.0819 3632 elxstor - ok
21:22:19.0850 3632 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:22:19.0850 3632 ErrDev - ok
21:22:19.0897 3632 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:22:19.0913 3632 EventSystem - ok
21:22:19.0944 3632 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:22:19.0960 3632 exfat - ok
21:22:19.0991 3632 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:22:19.0991 3632 fastfat - ok
21:22:20.0069 3632 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:22:20.0084 3632 Fax - ok
21:22:20.0100 3632 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
21:22:20.0100 3632 fdc - ok
21:22:20.0162 3632 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:22:20.0162 3632 fdPHost - ok
21:22:20.0162 3632 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:22:20.0162 3632 FDResPub - ok
21:22:20.0225 3632 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:22:20.0225 3632 FileInfo - ok
21:22:20.0240 3632 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:22:20.0240 3632 Filetrace - ok
21:22:20.0240 3632 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
21:22:20.0240 3632 flpydisk - ok
21:22:20.0287 3632 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:22:20.0287 3632 FltMgr - ok
21:22:20.0381 3632 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:22:20.0412 3632 FontCache - ok
21:22:20.0459 3632 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:22:20.0459 3632 FontCache3.0.0.0 - ok
21:22:20.0506 3632 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:22:20.0506 3632 FsDepends - ok
21:22:20.0537 3632 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:22:20.0537 3632 Fs_Rec - ok
21:22:20.0584 3632 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:22:20.0584 3632 fvevol - ok
21:22:20.0615 3632 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
21:22:20.0615 3632 gagp30kx - ok
21:22:20.0662 3632 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:22:20.0662 3632 GEARAspiWDM - ok
21:22:20.0724 3632 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:22:20.0724 3632 gpsvc - ok
21:22:20.0849 3632 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:22:20.0849 3632 gupdate - ok
21:22:20.0864 3632 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:22:20.0864 3632 gupdatem - ok
21:22:20.0911 3632 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:22:20.0911 3632 gusvc - ok
21:22:20.0942 3632 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:22:20.0942 3632 hcw85cir - ok
21:22:20.0989 3632 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:22:21.0005 3632 HdAudAddService - ok
21:22:21.0036 3632 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
21:22:21.0036 3632 HDAudBus - ok
21:22:21.0067 3632 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
21:22:21.0067 3632 HECIx64 - ok
21:22:21.0083 3632 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
21:22:21.0083 3632 HidBatt - ok
21:22:21.0114 3632 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
21:22:21.0114 3632 HidBth - ok
21:22:21.0130 3632 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
21:22:21.0145 3632 HidIr - ok
21:22:21.0161 3632 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
21:22:21.0176 3632 hidserv - ok
21:22:21.0223 3632 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
21:22:21.0223 3632 HidUsb - ok
21:22:21.0254 3632 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:22:21.0254 3632 hkmsvc - ok
21:22:21.0301 3632 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:22:21.0301 3632 HomeGroupListener - ok
21:22:21.0348 3632 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:22:21.0348 3632 HomeGroupProvider - ok
21:22:21.0379 3632 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:22:21.0379 3632 HpSAMD - ok
21:22:21.0473 3632 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:22:21.0488 3632 HTTP - ok
21:22:21.0520 3632 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:22:21.0520 3632 hwpolicy - ok
21:22:21.0566 3632 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
21:22:21.0566 3632 i8042prt - ok
21:22:21.0613 3632 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys
21:22:21.0629 3632 iaStor - ok
21:22:21.0676 3632 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:22:21.0676 3632 iaStorV - ok
21:22:21.0769 3632 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:22:21.0769 3632 IDriverT - ok
21:22:21.0894 3632 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:22:21.0910 3632 idsvc - ok
21:22:22.0612 3632 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
21:22:22.0830 3632 igfx - ok
21:22:22.0970 3632 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
21:22:22.0970 3632 iirsp - ok
21:22:23.0080 3632 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:22:23.0095 3632 IKEEXT - ok
21:22:23.0158 3632 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
21:22:23.0173 3632 Impcd - ok
21:22:23.0189 3632 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:22:23.0189 3632 intelide - ok
21:22:23.0251 3632 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:22:23.0251 3632 intelppm - ok
21:22:23.0282 3632 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:22:23.0282 3632 IPBusEnum - ok
21:22:23.0314 3632 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:22:23.0314 3632 IpFilterDriver - ok
21:22:23.0392 3632 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:22:23.0407 3632 iphlpsvc - ok
21:22:23.0438 3632 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:22:23.0438 3632 IPMIDRV - ok
21:22:23.0485 3632 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:22:23.0485 3632 IPNAT - ok
21:22:23.0594 3632 iPod Service (fdf57f795098ab29af780824315c9859) C:\Program Files\iPod\bin\iPodService.exe
21:22:23.0610 3632 iPod Service - ok
21:22:23.0641 3632 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:22:23.0641 3632 IRENUM - ok
21:22:23.0672 3632 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:22:23.0688 3632 isapnp - ok
21:22:23.0719 3632 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:22:23.0735 3632 iScsiPrt - ok
21:22:23.0766 3632 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
21:22:23.0766 3632 kbdclass - ok
21:22:23.0813 3632 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:22:23.0813 3632 kbdhid - ok
21:22:23.0860 3632 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:22:23.0860 3632 KeyIso - ok
21:22:23.0906 3632 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:22:23.0906 3632 KSecDD - ok
21:22:23.0938 3632 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:22:23.0938 3632 KSecPkg - ok
21:22:23.0984 3632 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:22:23.0984 3632 ksthunk - ok
21:22:24.0062 3632 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:22:24.0062 3632 KtmRm - ok
21:22:24.0109 3632 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
21:22:24.0109 3632 L1C - ok
21:22:24.0172 3632 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
21:22:24.0172 3632 LanmanServer - ok
21:22:24.0203 3632 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:22:24.0203 3632 LanmanWorkstation - ok
21:22:24.0250 3632 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:22:24.0250 3632 lltdio - ok
21:22:24.0312 3632 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:22:24.0312 3632 lltdsvc - ok
21:22:24.0343 3632 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:22:24.0343 3632 lmhosts - ok
21:22:24.0452 3632 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:22:24.0452 3632 LMS - ok
21:22:24.0499 3632 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
21:22:24.0499 3632 LSI_FC - ok
21:22:24.0515 3632 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
21:22:24.0515 3632 LSI_SAS - ok
21:22:24.0530 3632 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:22:24.0530 3632 LSI_SAS2 - ok
21:22:24.0562 3632 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:22:24.0562 3632 LSI_SCSI - ok
21:22:24.0577 3632 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:22:24.0577 3632 luafv - ok
21:22:24.0640 3632 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:22:24.0640 3632 Mcx2Svc - ok
21:22:24.0640 3632 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
21:22:24.0655 3632 megasas - ok
21:22:24.0686 3632 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
21:22:24.0686 3632 MegaSR - ok
21:22:24.0718 3632 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:22:24.0718 3632 MMCSS - ok
21:22:24.0733 3632 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:22:24.0733 3632 Modem - ok
21:22:24.0780 3632 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:22:24.0780 3632 monitor - ok
21:22:24.0811 3632 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
21:22:24.0811 3632 mouclass - ok
21:22:24.0858 3632 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:22:24.0858 3632 mouhid - ok
21:22:24.0905 3632 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:22:24.0905 3632 mountmgr - ok
21:22:24.0936 3632 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:22:24.0952 3632 mpio - ok
21:22:24.0983 3632 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:22:24.0983 3632 mpsdrv - ok
21:22:25.0092 3632 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:22:25.0108 3632 MpsSvc - ok
21:22:25.0154 3632 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:22:25.0154 3632 MRxDAV - ok
21:22:25.0186 3632 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:22:25.0201 3632 mrxsmb - ok
21:22:25.0232 3632 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:22:25.0248 3632 mrxsmb10 - ok
21:22:25.0264 3632 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:22:25.0264 3632 mrxsmb20 - ok
21:22:25.0295 3632 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
21:22:25.0295 3632 msahci - ok
21:22:25.0326 3632 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:22:25.0342 3632 msdsm - ok
21:22:25.0373 3632 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:22:25.0373 3632 MSDTC - ok
21:22:25.0435 3632 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:22:25.0435 3632 Msfs - ok
21:22:25.0466 3632 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:22:25.0466 3632 mshidkmdf - ok
21:22:25.0482 3632 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:22:25.0482 3632 msisadrv - ok
21:22:25.0498 3632 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:22:25.0513 3632 MSiSCSI - ok
21:22:25.0513 3632 msiserver - ok
21:22:25.0544 3632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:22:25.0544 3632 MSKSSRV - ok
21:22:25.0560 3632 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:22:25.0560 3632 MSPCLOCK - ok
21:22:25.0591 3632 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:22:25.0591 3632 MSPQM - ok
21:22:25.0638 3632 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:22:25.0638 3632 MsRPC - ok
21:22:25.0669 3632 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
21:22:25.0669 3632 mssmbios - ok
21:22:25.0700 3632 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:22:25.0700 3632 MSTEE - ok
21:22:25.0716 3632 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
21:22:25.0716 3632 MTConfig - ok
21:22:25.0732 3632 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:22:25.0732 3632 Mup - ok
21:22:25.0794 3632 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:22:25.0810 3632 napagent - ok
21:22:25.0872 3632 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:22:25.0872 3632 NativeWifiP - ok
21:22:25.0997 3632 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:22:26.0012 3632 NDIS - ok
21:22:26.0044 3632 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:22:26.0044 3632 NdisCap - ok
21:22:26.0090 3632 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:22:26.0090 3632 NdisTapi - ok
21:22:26.0137 3632 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:22:26.0137 3632 Ndisuio - ok
21:22:26.0168 3632 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:22:26.0168 3632 NdisWan - ok
21:22:26.0200 3632 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:22:26.0200 3632 NDProxy - ok
21:22:26.0262 3632 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:22:26.0262 3632 NetBIOS - ok
21:22:26.0293 3632 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:22:26.0293 3632 NetBT - ok
21:22:26.0340 3632 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:22:26.0340 3632 Netlogon - ok
21:22:26.0387 3632 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:22:26.0387 3632 Netman - ok
21:22:26.0434 3632 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:22:26.0449 3632 netprofm - ok
21:22:26.0527 3632 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:22:26.0527 3632 NetTcpPortSharing - ok
21:22:26.0574 3632 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
21:22:26.0574 3632 nfrd960 - ok
21:22:26.0636 3632 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:22:26.0652 3632 NlaSvc - ok
21:22:26.0652 3632 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:22:26.0668 3632 Npfs - ok
21:22:26.0683 3632 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:22:26.0699 3632 nsi - ok
21:22:26.0714 3632 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:22:26.0714 3632 nsiproxy - ok
21:22:26.0839 3632 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:22:26.0870 3632 Ntfs - ok
21:22:26.0964 3632 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:22:26.0964 3632 Null - ok
21:22:27.0026 3632 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:22:27.0026 3632 nvraid - ok
21:22:27.0042 3632 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:22:27.0042 3632 nvstor - ok
21:22:27.0089 3632 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:22:27.0089 3632 nv_agp - ok
21:22:27.0104 3632 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:22:27.0120 3632 ohci1394 - ok
21:22:27.0198 3632 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:22:27.0214 3632 ose - ok
21:22:27.0619 3632 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:22:27.0728 3632 osppsvc - ok
21:22:27.0884 3632 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:22:27.0884 3632 p2pimsvc - ok
21:22:27.0916 3632 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:22:27.0931 3632 p2psvc - ok
21:22:27.0978 3632 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
21:22:27.0978 3632 Parport - ok
21:22:28.0009 3632 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
21:22:28.0009 3632 partmgr - ok
21:22:28.0056 3632 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:22:28.0056 3632 PcaSvc - ok
21:22:28.0103 3632 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:22:28.0103 3632 pci - ok
21:22:28.0118 3632 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
21:22:28.0118 3632 pciide - ok
21:22:28.0150 3632 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
21:22:28.0165 3632 pcmcia - ok
21:22:28.0181 3632 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:22:28.0181 3632 pcw - ok
21:22:28.0243 3632 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:22:28.0243 3632 PEAUTH - ok
21:22:28.0321 3632 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:22:28.0321 3632 PerfHost - ok
21:22:28.0384 3632 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
21:22:28.0384 3632 PGEffect - ok
21:22:28.0493 3632 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:22:28.0508 3632 pla - ok
21:22:28.0602 3632 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:22:28.0602 3632 PlugPlay - ok
21:22:28.0633 3632 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:22:28.0633 3632 PNRPAutoReg - ok
21:22:28.0664 3632 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:22:28.0680 3632 PNRPsvc - ok
21:22:28.0727 3632 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:22:28.0727 3632 PolicyAgent - ok
21:22:28.0774 3632 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:22:28.0789 3632 Power - ok
21:22:28.0852 3632 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:22:28.0867 3632 PptpMiniport - ok
21:22:28.0883 3632 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
21:22:28.0898 3632 Processor - ok
21:22:28.0930 3632 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
21:22:28.0945 3632 ProfSvc - ok
21:22:28.0976 3632 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:22:28.0976 3632 ProtectedStorage - ok
21:22:29.0039 3632 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:22:29.0039 3632 Psched - ok
21:22:29.0086 3632 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
21:22:29.0086 3632 QIOMem - ok
21:22:29.0242 3632 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
21:22:29.0273 3632 ql2300 - ok
21:22:29.0398 3632 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
21:22:29.0398 3632 ql40xx - ok
21:22:29.0429 3632 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:22:29.0444 3632 QWAVE - ok
21:22:29.0444 3632 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:22:29.0444 3632 QWAVEdrv - ok
21:22:29.0476 3632 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:22:29.0476 3632 RasAcd - ok
21:22:29.0522 3632 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:22:29.0522 3632 RasAgileVpn - ok
21:22:29.0538 3632 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:22:29.0538 3632 RasAuto - ok
21:22:29.0569 3632 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:22:29.0569 3632 Rasl2tp - ok
21:22:29.0616 3632 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:22:29.0616 3632 RasMan - ok
21:22:29.0632 3632 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:22:29.0647 3632 RasPppoe - ok
21:22:29.0678 3632 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:22:29.0678 3632 RasSstp - ok
21:22:29.0725 3632 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:22:29.0725 3632 rdbss - ok
21:22:29.0756 3632 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
21:22:29.0756 3632 rdpbus - ok
21:22:29.0788 3632 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:22:29.0788 3632 RDPCDD - ok
21:22:29.0819 3632 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:22:29.0819 3632 RDPENCDD - ok
21:22:29.0834 3632 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:22:29.0834 3632 RDPREFMP - ok
21:22:29.0881 3632 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
21:22:29.0881 3632 RDPWD - ok
21:22:29.0944 3632 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:22:29.0944 3632 rdyboost - ok
21:22:30.0006 3632 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:22:30.0006 3632 RemoteAccess - ok
21:22:30.0037 3632 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:22:30.0037 3632 RemoteRegistry - ok
21:22:30.0053 3632 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:22:30.0053 3632 RpcEptMapper - ok
21:22:30.0068 3632 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:22:30.0068 3632 RpcLocator - ok
21:22:30.0115 3632 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:22:30.0131 3632 RpcSs - ok
21:22:30.0162 3632 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:22:30.0162 3632 rspndr - ok
21:22:30.0224 3632 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
21:22:30.0224 3632 RSUSBSTOR - ok
21:22:30.0318 3632 rtl8192Ce (b89c0601a05e1140ac96fa965d94c340) C:\windows\system32\DRIVERS\rtl8192Ce.sys
21:22:30.0334 3632 rtl8192Ce - ok
21:22:30.0365 3632 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:22:30.0365 3632 SamSs - ok
21:22:30.0396 3632 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:22:30.0396 3632 sbp2port - ok
21:22:30.0427 3632 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:22:30.0427 3632 SCardSvr - ok
21:22:30.0458 3632 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:22:30.0458 3632 scfilter - ok
21:22:30.0552 3632 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:22:30.0568 3632 Schedule - ok
21:22:30.0583 3632 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:22:30.0583 3632 SCPolicySvc - ok
21:22:30.0614 3632 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:22:30.0630 3632 SDRSVC - ok
21:22:30.0692 3632 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:22:30.0692 3632 secdrv - ok
21:22:30.0708 3632 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:22:30.0708 3632 seclogon - ok
21:22:30.0739 3632 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
21:22:30.0739 3632 SENS - ok
21:22:30.0770 3632 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:22:30.0770 3632 SensrSvc - ok
21:22:30.0802 3632 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
21:22:30.0802 3632 Serenum - ok
21:22:30.0880 3632 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
21:22:30.0880 3632 Serial - ok
21:22:30.0942 3632 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
21:22:30.0942 3632 sermouse - ok
21:22:31.0004 3632 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:22:31.0020 3632 SessionEnv - ok
21:22:31.0067 3632 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:22:31.0067 3632 sffdisk - ok
21:22:31.0098 3632 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:22:31.0114 3632 sffp_mmc - ok
21:22:31.0160 3632 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:22:31.0160 3632 sffp_sd - ok
21:22:31.0207 3632 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
21:22:31.0207 3632 sfloppy - ok
21:22:31.0316 3632 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:22:31.0332 3632 Sftfs - ok
21:22:31.0457 3632 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:22:31.0472 3632 sftlist - ok
21:22:31.0535 3632 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:22:31.0535 3632 Sftplay - ok
21:22:31.0566 3632 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:22:31.0566 3632 Sftredir - ok
21:22:31.0613 3632 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:22:31.0613 3632 Sftvol - ok
21:22:31.0675 3632 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:22:31.0675 3632 sftvsa - ok
21:22:31.0769 3632 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:22:31.0784 3632 SharedAccess - ok
21:22:31.0831 3632 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:22:31.0847 3632 ShellHWDetection - ok
21:22:31.0909 3632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:22:31.0909 3632 SiSRaid2 - ok
21:22:31.0909 3632 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
21:22:31.0909 3632 SiSRaid4 - ok
21:22:31.0987 3632 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:22:31.0987 3632 SkypeUpdate - ok
21:22:32.0018 3632 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:22:32.0018 3632 Smb - ok
21:22:32.0081 3632 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:22:32.0081 3632 SNMPTRAP - ok
21:22:32.0096 3632 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:22:32.0096 3632 spldr - ok
21:22:32.0159 3632 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:22:32.0174 3632 Spooler - ok
21:22:32.0408 3632 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:22:32.0440 3632 sppsvc - ok
21:22:32.0533 3632 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:22:32.0549 3632 sppuinotify - ok
21:22:32.0611 3632 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:22:32.0611 3632 srv - ok
21:22:32.0642 3632 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:22:32.0658 3632 srv2 - ok
21:22:32.0720 3632 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
21:22:32.0720 3632 SrvHsfHDA - ok
21:22:32.0830 3632 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
21:22:32.0845 3632 SrvHsfV92 - ok
21:22:33.0001 3632 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
21:22:33.0017 3632 SrvHsfWinac - ok
21:22:33.0064 3632 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:22:33.0064 3632 srvnet - ok
21:22:33.0110 3632 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:22:33.0110 3632 SSDPSRV - ok
21:22:33.0126 3632 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:22:33.0126 3632 SstpSvc - ok
21:22:33.0157 3632 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
21:22:33.0157 3632 stexstor - ok
21:22:33.0235 3632 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:22:33.0251 3632 stisvc - ok
21:22:33.0266 3632 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
21:22:33.0266 3632 swenum - ok
21:22:33.0313 3632 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:22:33.0329 3632 swprv - ok
21:22:33.0391 3632 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
21:22:33.0391 3632 SynTP - ok
21:22:33.0516 3632 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:22:33.0547 3632 SysMain - ok
21:22:33.0641 3632 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:22:33.0641 3632 TabletInputService - ok
21:22:33.0672 3632 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:22:33.0672 3632 TapiSrv - ok
21:22:33.0719 3632 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:22:33.0719 3632 TBS - ok
21:22:33.0937 3632 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
21:22:33.0968 3632 Tcpip - ok
21:22:34.0234 3632 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
21:22:34.0249 3632 TCPIP6 - ok
21:22:34.0374 3632 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:22:34.0374 3632 tcpipreg - ok
21:22:34.0421 3632 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:22:34.0421 3632 tdcmdpst - ok
21:22:34.0452 3632 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:22:34.0452 3632 TDPIPE - ok
21:22:34.0483 3632 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:22:34.0483 3632 TDTCP - ok
21:22:34.0514 3632 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:22:34.0530 3632 tdx - ok
21:22:34.0561 3632 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
21:22:34.0561 3632 TermDD - ok
21:22:34.0608 3632 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:22:34.0624 3632 TermService - ok
21:22:34.0655 3632 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:22:34.0655 3632 Themes - ok
21:22:34.0670 3632 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:22:34.0686 3632 THREADORDER - ok
21:22:34.0795 3632 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:22:34.0795 3632 TMachInfo - ok
21:22:34.0826 3632 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
21:22:34.0842 3632 TODDSrv - ok
21:22:34.0936 3632 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:22:34.0936 3632 TosCoSrv - ok
21:22:34.0998 3632 TOSHIBA eco Utility Service (bae96ad126f4eed4d361b092ba2e61fe) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:22:34.0998 3632 TOSHIBA eco Utility Service - ok
21:22:35.0045 3632 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:22:35.0045 3632 TOSHIBA HDD SSD Alert Service - ok
21:22:35.0138 3632 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:22:35.0154 3632 TPCHSrv - ok
21:22:35.0263 3632 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:22:35.0263 3632 TrkWks - ok
21:22:35.0310 3632 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:22:35.0310 3632 TrustedInstaller - ok
21:22:35.0357 3632 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:22:35.0357 3632 tssecsrv - ok
21:22:35.0388 3632 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:22:35.0388 3632 TsUsbFlt - ok
21:22:35.0450 3632 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:22:35.0466 3632 tunnel - ok
21:22:35.0513 3632 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:22:35.0513 3632 TVALZ - ok
21:22:35.0528 3632 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:22:35.0544 3632 TVALZFL - ok
21:22:35.0575 3632 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
21:22:35.0575 3632 uagp35 - ok
21:22:35.0622 3632 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:22:35.0622 3632 udfs - ok
21:22:35.0653 3632 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:22:35.0653 3632 UI0Detect - ok
21:22:35.0716 3632 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:22:35.0716 3632 uliagpkx - ok
21:22:35.0762 3632 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
21:22:35.0762 3632 umbus - ok
21:22:35.0794 3632 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
21:22:35.0794 3632 UmPass - ok
21:22:36.0028 3632 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:22:36.0043 3632 UNS - ok
21:22:36.0168 3632 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:22:36.0168 3632 upnphost - ok
21:22:36.0215 3632 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
21:22:36.0215 3632 USBAAPL64 - ok
21:22:36.0262 3632 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:22:36.0262 3632 usbccgp - ok
21:22:36.0308 3632 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:22:36.0308 3632 usbcir - ok
21:22:36.0324 3632 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
21:22:36.0324 3632 usbehci - ok
21:22:36.0386 3632 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:22:36.0386 3632 usbhub - ok
21:22:36.0402 3632 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:22:36.0402 3632 usbohci - ok
21:22:36.0449 3632 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:22:36.0449 3632 usbprint - ok
21:22:36.0496 3632 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:22:36.0496 3632 USBSTOR - ok
21:22:36.0511 3632 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:22:36.0511 3632 usbuhci - ok
21:22:36.0574 3632 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
21:22:36.0574 3632 usbvideo - ok
21:22:36.0605 3632 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:22:36.0605 3632 UxSms - ok
21:22:36.0636 3632 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:22:36.0636 3632 VaultSvc - ok
21:22:36.0683 3632 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:22:36.0683 3632 vdrvroot - ok
21:22:36.0730 3632 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:22:36.0745 3632 vds - ok
21:22:36.0776 3632 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:22:36.0776 3632 vga - ok
21:22:36.0792 3632 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:22:36.0792 3632 VgaSave - ok
21:22:36.0823 3632 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:22:36.0823 3632 vhdmp - ok
21:22:36.0854 3632 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:22:36.0854 3632 viaide - ok
21:22:36.0870 3632 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:22:36.0870 3632 volmgr - ok
21:22:36.0917 3632 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:22:36.0917 3632 volmgrx - ok
21:22:36.0948 3632 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:22:36.0948 3632 volsnap - ok
21:22:36.0995 3632 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
21:22:36.0995 3632 vsmraid - ok
21:22:37.0120 3632 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:22:37.0151 3632 VSS - ok
21:22:37.0244 3632 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:22:37.0244 3632 vwifibus - ok
21:22:37.0260 3632 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:22:37.0260 3632 vwififlt - ok
21:22:37.0338 3632 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:22:37.0354 3632 W32Time - ok
21:22:37.0369 3632 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
21:22:37.0369 3632 WacomPen - ok
21:22:37.0416 3632 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:22:37.0432 3632 WANARP - ok
21:22:37.0432 3632 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:22:37.0432 3632 Wanarpv6 - ok
21:22:37.0572 3632 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:22:37.0588 3632 WatAdminSvc - ok
21:22:37.0712 3632 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:22:37.0728 3632 wbengine - ok
21:22:37.0853 3632 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:22:37.0853 3632 WbioSrvc - ok
21:22:37.0900 3632 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:22:37.0915 3632 wcncsvc - ok
21:22:37.0915 3632 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:22:37.0931 3632 WcsPlugInService - ok
21:22:37.0946 3632 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
21:22:37.0946 3632 Wd - ok
21:22:37.0993 3632 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
21:22:38.0009 3632 WDC_SAM - ok
21:22:38.0056 3632 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:22:38.0071 3632 Wdf01000 - ok
21:22:38.0087 3632 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:22:38.0087 3632 WdiServiceHost - ok
21:22:38.0102 3632 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:22:38.0102 3632 WdiSystemHost - ok
21:22:38.0134 3632 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:22:38.0149 3632 WebClient - ok
21:22:38.0165 3632 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:22:38.0165 3632 Wecsvc - ok
21:22:38.0196 3632 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:22:38.0196 3632 wercplsupport - ok
21:22:38.0227 3632 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:22:38.0227 3632 WerSvc - ok
21:22:38.0305 3632 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:22:38.0305 3632 WfpLwf - ok
21:22:38.0321 3632 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:22:38.0321 3632 WIMMount - ok
21:22:38.0414 3632 WinDefend - ok
21:22:38.0446 3632 WinHttpAutoProxySvc - ok
21:22:38.0508 3632 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:22:38.0524 3632 Winmgmt - ok
21:22:38.0648 3632 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:22:38.0680 3632 WinRM - ok
21:22:38.0867 3632 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:22:38.0882 3632 Wlansvc - ok
21:22:38.0945 3632 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:22:38.0945 3632 wlcrasvc - ok
21:22:39.0116 3632 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:22:39.0148 3632 wlidsvc - ok
21:22:39.0288 3632 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:22:39.0288 3632 WmiAcpi - ok
21:22:39.0350 3632 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:22:39.0366 3632 wmiApSrv - ok
21:22:39.0444 3632 WMPNetworkSvc - ok
21:22:39.0475 3632 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:22:39.0475 3632 WPCSvc - ok
21:22:39.0522 3632 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:22:39.0522 3632 WPDBusEnum - ok
21:22:39.0538 3632 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:22:39.0553 3632 ws2ifsl - ok
21:22:39.0631 3632 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
21:22:39.0631 3632 wscsvc - ok
21:22:39.0647 3632 WSearch - ok
21:22:39.0803 3632 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:22:39.0834 3632 wuauserv - ok
21:22:39.0943 3632 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:22:39.0943 3632 WudfPf - ok
21:22:39.0990 3632 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:22:39.0990 3632 WUDFRd - ok
21:22:40.0006 3632 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:22:40.0021 3632 wudfsvc - ok
21:22:40.0052 3632 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:22:40.0068 3632 WwanSvc - ok
21:22:40.0084 3632 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:22:40.0318 3632 \Device\Harddisk0\DR0 - ok
21:22:40.0333 3632 Boot (0x1200) (0c80e75223ad68866696b5837df22cac) \Device\Harddisk0\DR0\Partition0
21:22:40.0333 3632 \Device\Harddisk0\DR0\Partition0 - ok
21:22:40.0333 3632 ============================================================
21:22:40.0333 3632 Scan finished
21:22:40.0333 3632 ============================================================
21:22:40.0349 4068 Detected object count: 0
21:22:40.0349 4068 Actual detected object count: 0
21:30:22.0588 1888 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users