My Windows\System32\services Is Infected Win64/patched.a

sr51463 · Nov 12, 2012

16:41:34.0607 4300 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:41:34.0622 4300 MRxDAV - ok
16:41:34.0654 4300 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:41:34.0685 4300 mrxsmb - ok
16:41:34.0732 4300 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:41:34.0747 4300 mrxsmb10 - ok
16:41:34.0763 4300 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:41:34.0778 4300 mrxsmb20 - ok
16:41:34.0810 4300 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
16:41:34.0825 4300 msahci - ok
16:41:34.0856 4300 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
16:41:34.0872 4300 msdsm - ok
16:41:34.0888 4300 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
16:41:34.0903 4300 MSDTC - ok
16:41:34.0919 4300 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:41:34.0966 4300 Msfs - ok
16:41:34.0997 4300 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:41:35.0028 4300 mshidkmdf - ok
16:41:35.0059 4300 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
16:41:35.0075 4300 msisadrv - ok
16:41:35.0090 4300 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:41:35.0137 4300 MSiSCSI - ok
16:41:35.0137 4300 msiserver - ok
16:41:35.0153 4300 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:41:35.0200 4300 MSKSSRV - ok
16:41:35.0200 4300 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:41:35.0246 4300 MSPCLOCK - ok
16:41:35.0262 4300 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:41:35.0293 4300 MSPQM - ok
16:41:35.0714 4300 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:41:35.0746 4300 MsRPC - ok
16:41:35.0777 4300 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:41:35.0777 4300 mssmbios - ok
16:41:35.0808 4300 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:41:35.0855 4300 MSTEE - ok
16:41:35.0870 4300 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
16:41:35.0886 4300 MTConfig - ok
16:41:35.0902 4300 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
16:41:35.0917 4300 Mup - ok
16:41:35.0964 4300 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
16:41:36.0011 4300 napagent - ok
16:41:36.0042 4300 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:41:36.0073 4300 NativeWifiP - ok
16:41:36.0104 4300 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
16:41:36.0136 4300 NDIS - ok
16:41:36.0151 4300 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:41:36.0182 4300 NdisCap - ok
16:41:36.0198 4300 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:41:36.0245 4300 NdisTapi - ok
16:41:36.0260 4300 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:41:36.0292 4300 Ndisuio - ok
16:41:36.0307 4300 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:41:36.0338 4300 NdisWan - ok
16:41:36.0354 4300 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:41:36.0385 4300 NDProxy - ok
16:41:36.0432 4300 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:41:36.0448 4300 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:41:36.0448 4300 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:41:36.0479 4300 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:41:36.0510 4300 NetBIOS - ok
16:41:36.0947 4300 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:41:36.0994 4300 NetBT - ok
16:41:37.0025 4300 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
16:41:37.0040 4300 Netlogon - ok
16:41:37.0072 4300 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
16:41:37.0103 4300 Netman - ok
16:41:37.0118 4300 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
16:41:37.0165 4300 netprofm - ok
16:41:37.0196 4300 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:41:37.0212 4300 NetTcpPortSharing - ok
16:41:37.0228 4300 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
16:41:37.0243 4300 nfrd960 - ok
16:41:37.0274 4300 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
16:41:37.0321 4300 NlaSvc - ok
16:41:37.0337 4300 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:41:37.0384 4300 Npfs - ok
16:41:37.0384 4300 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
16:41:37.0430 4300 nsi - ok
16:41:37.0446 4300 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:41:37.0477 4300 nsiproxy - ok
16:41:37.0586 4300 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:41:37.0618 4300 Ntfs - ok
16:41:37.0649 4300 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
16:41:37.0696 4300 Null - ok
16:41:37.0945 4300 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
16:41:37.0976 4300 nvraid - ok
16:41:38.0195 4300 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\windows\system32\drivers\nvstor.sys
16:41:38.0226 4300 nvstor - ok
16:41:38.0257 4300 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
16:41:38.0273 4300 nv_agp - ok
16:41:38.0304 4300 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\windows\system32\DRIVERS\o2flash.exe
16:41:38.0304 4300 O2FLASH - ok
16:41:38.0351 4300 [ 3840F61D55DBF32F4B88FA15FB03C461 ] O2MDGRDR C:\windows\system32\DRIVERS\o2mdgx64.sys
16:41:38.0351 4300 O2MDGRDR - ok
16:41:38.0382 4300 [ FA1EED3A10992EBA9A39172B50346434 ] O2SDGRDR C:\windows\system32\DRIVERS\o2sdgx64.sys
16:41:38.0382 4300 O2SDGRDR - ok
16:41:38.0491 4300 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:41:38.0522 4300 odserv - ok
16:41:38.0538 4300 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
16:41:38.0554 4300 ohci1394 - ok
16:41:38.0585 4300 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:41:38.0600 4300 ose - ok
16:41:38.0632 4300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:41:38.0647 4300 p2pimsvc - ok
16:41:38.0678 4300 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
16:41:38.0694 4300 p2psvc - ok
16:41:38.0725 4300 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
16:41:38.0741 4300 Parport - ok
16:41:38.0772 4300 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
16:41:38.0788 4300 partmgr - ok
16:41:38.0834 4300 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:41:38.0850 4300 PcaSvc - ok
16:41:38.0881 4300 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
16:41:38.0912 4300 pci - ok
16:41:38.0928 4300 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
16:41:38.0944 4300 pciide - ok
16:41:39.0178 4300 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
16:41:39.0209 4300 pcmcia - ok
16:41:39.0396 4300 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
16:41:39.0427 4300 pcw - ok
16:41:39.0474 4300 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:41:39.0521 4300 PEAUTH - ok
16:41:39.0614 4300 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
16:41:39.0646 4300 PerfHost - ok
16:41:39.0677 4300 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
16:41:39.0677 4300 PGEffect - ok
16:41:39.0739 4300 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
16:41:39.0786 4300 pla - ok
16:41:39.0833 4300 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:41:39.0864 4300 PlugPlay - ok
16:41:39.0911 4300 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:41:39.0911 4300 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:41:39.0911 4300 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:41:39.0942 4300 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:41:39.0958 4300 PNRPAutoReg - ok
16:41:39.0989 4300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:41:40.0004 4300 PNRPsvc - ok
16:41:40.0051 4300 [ B23F79E41E30ED500586151A9EF27D8F ] Point64 C:\windows\system32\DRIVERS\point64.sys
16:41:40.0067 4300 Point64 - ok
16:41:40.0114 4300 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:41:40.0145 4300 PolicyAgent - ok
16:41:40.0410 4300 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
16:41:40.0457 4300 Power - ok
16:41:40.0628 4300 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:41:40.0675 4300 PptpMiniport - ok
16:41:40.0691 4300 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
16:41:40.0706 4300 Processor - ok
16:41:40.0738 4300 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\windows\system32\profsvc.dll
16:41:40.0753 4300 ProfSvc - ok
16:41:40.0769 4300 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
16:41:40.0784 4300 ProtectedStorage - ok
16:41:40.0800 4300 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:41:40.0847 4300 Psched - ok
16:41:40.0862 4300 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
16:41:40.0878 4300 QIOMem - ok
16:41:40.0925 4300 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
16:41:40.0972 4300 ql2300 - ok
16:41:40.0987 4300 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
16:41:41.0003 4300 ql40xx - ok
16:41:41.0018 4300 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
16:41:41.0050 4300 QWAVE - ok
16:41:41.0065 4300 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:41:41.0096 4300 QWAVEdrv - ok
16:41:41.0096 4300 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:41:41.0143 4300 RasAcd - ok
16:41:41.0159 4300 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:41:41.0206 4300 RasAgileVpn - ok
16:41:41.0237 4300 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
16:41:41.0284 4300 RasAuto - ok
16:41:41.0299 4300 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:41:41.0346 4300 Rasl2tp - ok
16:41:41.0362 4300 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
16:41:41.0408 4300 RasMan - ok
16:41:41.0424 4300 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:41:41.0471 4300 RasPppoe - ok
16:41:41.0627 4300 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:41:41.0689 4300 RasSstp - ok
16:41:41.0861 4300 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:41:41.0908 4300 rdbss - ok
16:41:41.0939 4300 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
16:41:41.0954 4300 rdpbus - ok
16:41:41.0970 4300 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:41:42.0017 4300 RDPCDD - ok
16:41:42.0032 4300 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:41:42.0079 4300 RDPENCDD - ok
16:41:42.0095 4300 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:41:42.0142 4300 RDPREFMP - ok
16:41:42.0188 4300 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:41:42.0204 4300 RDPWD - ok
16:41:42.0235 4300 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:41:42.0251 4300 rdyboost - ok
16:41:42.0282 4300 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\windows\system32\drivers\regi.sys
16:41:42.0298 4300 regi - ok
16:41:42.0313 4300 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:41:42.0344 4300 RemoteAccess - ok
16:41:42.0391 4300 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:41:42.0422 4300 RemoteRegistry - ok
16:41:42.0438 4300 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:41:42.0485 4300 RpcEptMapper - ok
16:41:42.0516 4300 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
16:41:42.0532 4300 RpcLocator - ok
16:41:42.0578 4300 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
16:41:42.0625 4300 RpcSs - ok
16:41:42.0859 4300 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:41:42.0906 4300 rspndr - ok
16:41:43.0124 4300 [ 9D2A069A116289A5C0776488007F62BE ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
16:41:43.0171 4300 rtl8192se - ok
16:41:43.0171 4300 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
16:41:43.0187 4300 SamSs - ok
16:41:43.0202 4300 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
16:41:43.0218 4300 sbp2port - ok
16:41:43.0249 4300 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
16:41:43.0296 4300 SCardSvr - ok
16:41:43.0327 4300 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:41:43.0374 4300 scfilter - ok
16:41:43.0436 4300 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
16:41:43.0468 4300 Schedule - ok
16:41:43.0499 4300 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
16:41:43.0561 4300 SCPolicySvc - ok
16:41:43.0592 4300 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
16:41:43.0608 4300 sdbus - ok
16:41:43.0655 4300 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:41:43.0670 4300 SDRSVC - ok
16:41:43.0733 4300 [ A1A26E8EC51E199D873D85F3E2B6FC65 ] SeagateDashboardService C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
16:41:43.0733 4300 SeagateDashboardService ( UnsignedFile.Multi.Generic ) - warning
16:41:43.0733 4300 SeagateDashboardService - detected UnsignedFile.Multi.Generic (1)
16:41:43.0764 4300 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
16:41:43.0826 4300 seclogon - ok
16:41:43.0842 4300 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
16:41:43.0889 4300 SENS - ok
16:41:44.0092 4300 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:41:44.0123 4300 SensrSvc - ok
16:41:44.0357 4300 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
16:41:44.0388 4300 Serenum - ok
16:41:44.0404 4300 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
16:41:44.0419 4300 Serial - ok
16:41:44.0435 4300 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
16:41:44.0450 4300 sermouse - ok
16:41:44.0482 4300 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
16:41:44.0528 4300 SessionEnv - ok
16:41:44.0544 4300 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
16:41:44.0560 4300 sffdisk - ok
16:41:44.0591 4300 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
16:41:44.0606 4300 sffp_mmc - ok
16:41:44.0622 4300 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
16:41:44.0638 4300 sffp_sd - ok
16:41:44.0638 4300 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
16:41:44.0653 4300 sfloppy - ok
16:41:44.0684 4300 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
16:41:44.0716 4300 SharedAccess - ok
16:41:44.0762 4300 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:41:44.0778 4300 ShellHWDetection - ok
16:41:44.0809 4300 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
16:41:44.0809 4300 SiSRaid2 - ok
16:41:44.0840 4300 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
16:41:44.0856 4300 SiSRaid4 - ok
16:41:44.0903 4300 [ 94CE7845AF6A2065B829E0126CD56236 ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys
16:41:44.0903 4300 SmartDefragDriver - ok
16:41:44.0934 4300 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:41:44.0965 4300 Smb - ok
16:41:44.0996 4300 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:41:45.0012 4300 SNMPTRAP - ok
16:41:45.0043 4300 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
16:41:45.0059 4300 spldr - ok
16:41:45.0106 4300 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\windows\System32\spoolsv.exe
16:41:45.0137 4300 Spooler - ok
16:41:45.0620 4300 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
16:41:45.0667 4300 sppsvc - ok
16:41:45.0698 4300 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:41:45.0730 4300 sppuinotify - ok
16:41:45.0776 4300 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
16:41:45.0792 4300 srv - ok
16:41:45.0823 4300 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:41:45.0839 4300 srv2 - ok
16:41:45.0886 4300 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:41:45.0917 4300 srvnet - ok
16:41:45.0948 4300 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:41:45.0995 4300 SSDPSRV - ok
16:41:45.0995 4300 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
16:41:46.0042 4300 SstpSvc - ok
16:41:46.0057 4300 Steam Client Service - ok
16:41:46.0088 4300 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
16:41:46.0104 4300 stexstor - ok
16:41:46.0151 4300 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
16:41:46.0182 4300 StillCam - ok
16:41:46.0213 4300 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
16:41:46.0244 4300 stisvc - ok
16:41:46.0276 4300 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:41:46.0291 4300 swenum - ok
16:41:46.0322 4300 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
16:41:46.0369 4300 swprv - ok
16:41:46.0759 4300 [ 12A35E44D8647985FCDB8D298A590134 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:41:46.0790 4300 SynTP - ok
16:41:46.0853 4300 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
16:41:46.0900 4300 SysMain - ok
16:41:46.0931 4300 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
16:41:46.0946 4300 TabletInputService - ok
16:41:46.0978 4300 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
16:41:47.0024 4300 TapiSrv - ok
16:41:47.0024 4300 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
16:41:47.0071 4300 TBS - ok
16:41:47.0180 4300 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:41:47.0227 4300 Tcpip - ok
16:41:47.0258 4300 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:41:47.0290 4300 TCPIP6 - ok
16:41:47.0336 4300 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:41:47.0368 4300 tcpipreg - ok
16:41:47.0399 4300 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
16:41:47.0414 4300 tdcmdpst - ok
16:41:47.0430 4300 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:41:47.0446 4300 TDPIPE - ok
16:41:47.0477 4300 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:41:47.0492 4300 TDTCP - ok
16:41:47.0508 4300 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:41:47.0555 4300 tdx - ok
16:41:47.0570 4300 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:41:47.0586 4300 TermDD - ok
16:41:48.0023 4300 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
16:41:48.0085 4300 TermService - ok
16:41:48.0116 4300 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
16:41:48.0132 4300 Themes - ok
16:41:48.0163 4300 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
16:41:48.0179 4300 Thpdrv - ok
16:41:48.0179 4300 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
16:41:48.0194 4300 Thpevm - ok
16:41:48.0226 4300 [ 6146EAC71AE3C9DA17B0E33632082B7B ] Thpsrv C:\windows\system32\ThpSrv.exe
16:41:48.0257 4300 Thpsrv - ok
16:41:48.0272 4300 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
16:41:48.0304 4300 THREADORDER - ok
16:41:48.0366 4300 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:41:48.0382 4300 TMachInfo - ok
16:41:48.0397 4300 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
16:41:48.0413 4300 TODDSrv - ok
16:41:48.0506 4300 [ 06C61275ADC64F1E36240A2287998A5E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:41:48.0522 4300 TosCoSrv - ok
16:41:48.0584 4300 [ 32FF64D06A91DAA0331C624AFF442679 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:41:48.0600 4300 TOSHIBA eco Utility Service - ok
16:41:48.0662 4300 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:41:48.0678 4300 TOSHIBA HDD SSD Alert Service - ok
16:41:48.0709 4300 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
16:41:48.0725 4300 tos_sps64 - ok
16:41:48.0772 4300 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:41:48.0803 4300 TPCHSrv - ok
16:41:49.0224 4300 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
16:41:49.0271 4300 TrkWks - ok
16:41:49.0318 4300 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:41:49.0349 4300 TrustedInstaller - ok
16:41:49.0364 4300 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:41:49.0411 4300 tssecsrv - ok
16:41:49.0427 4300 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:41:49.0474 4300 tunnel - ok
16:41:49.0505 4300 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:41:49.0505 4300 TVALZ - ok
16:41:49.0536 4300 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
16:41:49.0536 4300 TVALZFL - ok
16:41:49.0567 4300 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
16:41:49.0583 4300 uagp35 - ok
16:41:49.0614 4300 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:41:49.0645 4300 udfs - ok
16:41:49.0676 4300 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:41:49.0708 4300 UI0Detect - ok
16:41:49.0723 4300 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
16:41:49.0739 4300 uliagpkx - ok
16:41:49.0770 4300 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:41:49.0786 4300 umbus - ok
16:41:49.0801 4300 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
16:41:49.0817 4300 UmPass - ok
16:41:49.0848 4300 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
16:41:49.0895 4300 upnphost - ok
16:41:49.0942 4300 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
16:41:49.0973 4300 usbaudio - ok
16:41:50.0004 4300 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:41:50.0020 4300 usbccgp - ok
16:41:50.0254 4300 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
16:41:50.0269 4300 usbcir - ok
16:41:50.0503 4300 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:41:50.0534 4300 usbehci - ok
16:41:50.0566 4300 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:41:50.0581 4300 usbhub - ok
16:41:50.0628 4300 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\windows\system32\drivers\usbohci.sys
16:41:50.0644 4300 usbohci - ok
16:41:50.0675 4300 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
16:41:50.0690 4300 usbprint - ok
16:41:50.0722 4300 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
16:41:50.0737 4300 USBSTOR - ok
16:41:50.0784 4300 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
16:41:50.0800 4300 usbuhci - ok
16:41:50.0831 4300 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
16:41:50.0846 4300 usbvideo - ok
16:41:50.0878 4300 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
16:41:50.0924 4300 UxSms - ok
16:41:50.0940 4300 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
16:41:50.0956 4300 VaultSvc - ok
16:41:50.0987 4300 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
16:41:51.0002 4300 vdrvroot - ok
16:41:51.0034 4300 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
16:41:51.0080 4300 vds - ok
16:41:51.0096 4300 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:41:51.0112 4300 vga - ok
16:41:51.0143 4300 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
16:41:51.0174 4300 VgaSave - ok
16:41:51.0205 4300 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
16:41:51.0221 4300 vhdmp - ok
16:41:51.0221 4300 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
16:41:51.0236 4300 viaide - ok
16:41:51.0673 4300 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
16:41:51.0704 4300 volmgr - ok
16:41:51.0736 4300 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:41:51.0751 4300 volmgrx - ok
16:41:51.0782 4300 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
16:41:51.0798 4300 volsnap - ok
16:41:51.0829 4300 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
16:41:51.0845 4300 vsmraid - ok
16:41:51.0923 4300 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
16:41:51.0970 4300 VSS - ok
16:41:51.0985 4300 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:41:52.0016 4300 vwifibus - ok
16:41:52.0032 4300 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:41:52.0048 4300 vwififlt - ok
16:41:52.0063 4300 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
16:41:52.0079 4300 vwifimp - ok
16:41:52.0126 4300 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
16:41:52.0172 4300 W32Time - ok
16:41:52.0204 4300 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
16:41:52.0219 4300 WacomPen - ok
16:41:52.0250 4300 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:41:52.0282 4300 WANARP - ok
16:41:52.0297 4300 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:41:52.0328 4300 Wanarpv6 - ok
16:41:52.0453 4300 [ 06D2B9BC146BB0F45F45FF7A296D50C4 ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
16:41:52.0484 4300 WAS - ok
16:41:52.0968 4300 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:41:53.0015 4300 WatAdminSvc - ok
16:41:53.0062 4300 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
16:41:53.0108 4300 wbengine - ok
16:41:53.0108 4300 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:41:53.0140 4300 WbioSrvc - ok
16:41:53.0186 4300 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
16:41:53.0202 4300 wcncsvc - ok
16:41:53.0233 4300 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:41:53.0264 4300 WcsPlugInService - ok
16:41:53.0296 4300 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
16:41:53.0296 4300 Wd - ok
16:41:53.0327 4300 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:41:53.0358 4300 Wdf01000 - ok
16:41:53.0374 4300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
16:41:53.0405 4300 WdiServiceHost - ok
16:41:53.0405 4300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
16:41:53.0421 4300 WdiSystemHost - ok
16:41:53.0467 4300 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
16:41:53.0483 4300 WebClient - ok
16:41:53.0514 4300 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
16:41:53.0561 4300 Wecsvc - ok
16:41:53.0577 4300 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
16:41:53.0623 4300 wercplsupport - ok
16:41:53.0639 4300 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
16:41:53.0686 4300 WerSvc - ok
16:41:53.0701 4300 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:41:53.0733 4300 WfpLwf - ok
16:41:53.0920 4300 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:41:53.0935 4300 WIMMount - ok
16:41:54.0154 4300 WinDefend - ok
16:41:54.0154 4300 WinHttpAutoProxySvc - ok
16:41:54.0216 4300 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:41:54.0279 4300 Winmgmt - ok
16:41:54.0341 4300 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
16:41:54.0419 4300 WinRM - ok
16:41:54.0466 4300 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
16:41:54.0497 4300 WinUsb - ok
16:41:54.0528 4300 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
16:41:54.0559 4300 Wlansvc - ok
16:41:54.0700 4300 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:41:54.0762 4300 wlidsvc - ok
16:41:54.0778 4300 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:41:54.0793 4300 WmiAcpi - ok
16:41:54.0825 4300 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:41:54.0840 4300 wmiApSrv - ok
16:41:54.0887 4300 WMPNetworkSvc - ok
16:41:54.0903 4300 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
16:41:54.0934 4300 WPCSvc - ok
16:41:54.0949 4300 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:41:54.0965 4300 WPDBusEnum - ok
16:41:55.0402 4300 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:41:55.0449 4300 ws2ifsl - ok
16:41:55.0495 4300 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\system32\wscsvc.dll
16:41:55.0527 4300 wscsvc - ok
16:41:55.0558 4300 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
16:41:55.0573 4300 WSDPrintDevice - ok
16:41:55.0573 4300 WSearch - ok
16:41:55.0683 4300 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
16:41:55.0745 4300 wuauserv - ok
16:41:55.0761 4300 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:41:55.0807 4300 WudfPf - ok
16:41:55.0823 4300 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:41:55.0870 4300 WUDFRd - ok
16:41:55.0885 4300 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:41:55.0932 4300 wudfsvc - ok
16:41:55.0963 4300 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
16:41:55.0979 4300 WwanSvc - ok
16:41:56.0010 4300 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
16:41:56.0041 4300 xusb21 - ok
16:41:56.0057 4300 ================ Scan global ===============================
16:41:56.0088 4300 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:41:56.0135 4300 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\windows\system32\winsrv.dll
16:41:56.0151 4300 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\windows\system32\winsrv.dll
16:41:56.0385 4300 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:41:56.0634 4300 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:41:56.0650 4300 [Global] - ok
16:41:56.0650 4300 ================ Scan MBR ==================================
16:41:56.0665 4300 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
16:41:57.0913 4300 \Device\Harddisk0\DR0 - ok
16:41:57.0913 4300 ================ Scan VBR ==================================
16:41:57.0945 4300 [ CAF17B346F7167D02FB7D51453CBB98C ] \Device\Harddisk0\DR0\Partition1
16:41:57.0960 4300 \Device\Harddisk0\DR0\Partition1 - ok
16:41:57.0960 4300 ============================================================
16:41:57.0960 4300 Scan finished
16:41:57.0960 4300 ============================================================
16:41:57.0960 4248 Detected object count: 7
16:41:57.0960 4248 Actual detected object count: 7
16:43:32.0699 4248 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:32.0715 4248 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:43:32.0715 4248 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:32.0715 4248 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:43:32.0715 4248 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:32.0715 4248 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:43:32.0715 4248 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:32.0715 4248 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:43:32.0715 4248 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:32.0715 4248 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:43:32.0715 4248 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:32.0715 4248 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:43:32.0715 4248 SeagateDashboardService ( UnsignedFile.Multi.Generic ) - skipped by user
16:43:32.0715 4248 SeagateDashboardService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:44:57.0969 3136 Deinitialize success

sr51463 · Nov 12, 2012

aswMBR freezes when it scans

C:\Users\KIyle\Desktop\Adobe Photoshop \ADBEPHSPCS4_LS1.exe

sr51463 · Nov 13, 2012

Looks like I spoke too soon. It just needed time to finish. Here is the log.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 18:16:51
-----------------------------
18:16:51.854 OS Version: Windows x64 6.1.7600
18:16:51.854 Number of processors: 2 586 0x170A
18:16:51.854 ComputerName: KIYLE-PC UserName: KIyle
18:16:58.546 Initialze error C000010E - driver not loaded
18:16:58.624 AVAST engine defs: 12111201
18:17:09.248 Service scanning
18:18:14.161 Modules scanning
18:18:16.657 AVAST engine scan C:\windows
18:18:23.068 AVAST engine scan C:\windows\system32
18:22:13.137 AVAST engine scan C:\windows\system32\drivers
18:22:30.984 AVAST engine scan C:\Users\KIyle
22:43:05.009 File: C:\Users\KIyle\Desktop\Autoboard 5\fscommand\SAVEPOP.exe **INFECTED** Win32:Malware-gen
22:43:05.133 File: C:\Users\KIyle\Desktop\Autoboard 5\fscommand\SAVEWARNINGS.exe **INFECTED** Win32:Malware-gen
00:05:01.989 AVAST engine scan C:\ProgramData
00:09:22.279 Scan finished successfully
00:21:39.555 The log file has been saved successfully to "C:\Users\KIyle\Desktop\aswMBR.txt"

Jay Pfoutz · Nov 13, 2012

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use

Click Start

When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.

Click Start or wait for the scanner to load.

Make sure that the options Remove found threats and the option Scan unwanted applications are checked.

Click Scan (This scan can take several hours, so please be patient)

Once the scan is completed, there are a couple of things to keep in mind:

1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.

2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.

Open the logfile from wherever you saved it

Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer

Error messages

Fake antivirus alerts or the icon in the system tray

svchost.exe running at 100%

System crashes or blue screen of death

sr51463 · Nov 13, 2012

The only issue I have is that occasionally my firefox browser will redirect me to scorecardsearch.com

I'll post the ESET scan log when it finishes.

Jay Pfoutz · Nov 14, 2012

Post log when ready.

However, let me get this straight... is it scorecardsearch.com (bad site) or scorecardresearch.com (good site)?

sr51463 · Nov 14, 2012

It says scorecardresearch.

sr51463 · Nov 15, 2012

Here is my ESET log.

C:\Users\KIyle\Downloads\backups\backup-20121108-035224-298.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\KIyle\Downloads\backups\backup-20121108-035224-761.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined

Jay Pfoutz · Nov 15, 2012

Great. No problem!

If it all appears to be good, we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance

Select System

On the left select Advance System Settings and accept the warning if you get one

Select System Protection Tab

Select Create at the bottom

Type in a name I.e. Clean

Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page

Select Performance Information and Tools

On the left select Open Disk Cleanup

Select Files from all users and accept the warning if you get one

In the drop down box select your main drive I.e. C

For a few moments the system will make some calculations:

Select the More Options tab

In the System Restore and Shadow Backups select Clean up

Select Delete on the pop up

Select OK

Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.

Double click OTC.exe.

Click the CleanUp! button.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.

A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.

On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.

Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

sr51463 · Nov 15, 2012

It seems that my Disk Cleanup does not have a More Options tab. I cannot find the Restore and Shadow backups on the Disk Cleanup. What should I do?

Jay Pfoutz · Nov 16, 2012

In CCleaner, which is one of the next steps, go to the Tools tab > System Restore. Highlight any listed, and select Remove.

sr51463 · Nov 16, 2012

Ha ha, I already have that program on my computer as a matter of fact. Ok, I deleted the restore points. Now I'm going to run OTC.

Jay Pfoutz · Nov 17, 2012

OKay. Let me know how it all goes.

sr51463 · Nov 17, 2012

I'm currently on the security check stage.

sr51463 · Nov 17, 2012

Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

Jay Pfoutz · Nov 18, 2012

Update your Service Pack: http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

Any other questions before I mark this topic solved?

sr51463 · Nov 19, 2012

Okay, I updated everything and I have no further questions. Thanks for helping me get this virus off of my computer.

Jay Pfoutz · Nov 19, 2012

You're welcome. Topic marked.

TechSpot

Welcome to TechSpot

My Windows\System32\services Is Infected Win64/patched.a

sr51463 Newcomer, in training Posts: 25

sr51463 Newcomer, in training Posts: 25

sr51463 Newcomer, in training Posts: 25

Jay Pfoutz Malware Helper Posts: 4,286 +49

sr51463 Newcomer, in training Posts: 25

Jay Pfoutz Malware Helper Posts: 4,286 +49

sr51463 Newcomer, in training Posts: 25

sr51463 Newcomer, in training Posts: 25

Jay Pfoutz Malware Helper Posts: 4,286 +49

sr51463 Newcomer, in training Posts: 25

Jay Pfoutz Malware Helper Posts: 4,286 +49

sr51463 Newcomer, in training Posts: 25

Jay Pfoutz Malware Helper Posts: 4,286 +49

sr51463 Newcomer, in training Posts: 25

sr51463 Newcomer, in training Posts: 25

Jay Pfoutz Malware Helper Posts: 4,286 +49

sr51463 Newcomer, in training Posts: 25

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.