also @ TechSpot: Microsoft launches YouTube app, Google demands it taken down

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Svchost.exe trojan.agent, along with a few others I believe

Discussion in 'Virus and Malware Removal' started by ClineStine, Jul 16, 2012.

Post New Reply

Page 1 of 4

ClineStine Newcomer, in training Posts: 50

Hello, first of I want to thank you people for what your doing here! its wonderful how many people you guys are helping here! So thank you in advance for your time and help

I am using toshiba satellite L745 64-bit windows 7 home premium
Ive read the preliminary removal instructions. I have malwarebytes pro 1.62.0.1300 and have downloaded GMER and dds (saved as screen saver?) awaiting instructions before I run anything.

my norton has expired, but still scans and blocks certain things it seems, and tells if files are safe or not. but has not helped much at all in finding trojans or anything really.
Should I download avast or MSE? or stay with norton I cant reactivate as I live in poverty.

My main issue has been random audio commercials playing.
also on any website (exporer and firefox) random words are turned into hyperlinks for ads.
I've had the blue screen of death everytime trying to intall or run (cant remember) Autodesk 3ds max design, hasnt happened in a while, it does a memory dump I believe.
and about 50% of the time when I restart or turn laptop on I get a grey error screen with a code similar to f3-f1000-00 cant remember exact numbers but when googled cannont find my error code exactly.
The audio ads started quite some time ago and went away on their own, either that or I did something to stop/block temporarly, or, it seemed to go away because at the time I left my laptop on for extended times without restart or shutdown, just sleeping.

the ads came back recently after restarting laptop after using auslogics boostspeed to clean registry I think or I fragmented disk, ive used the boostspeed to do a few things. after that audio ads promptly came back.

after reading up on the issues I obtained malwarebytes today and ran a full scan today, it showed about 15 items with three trojan.agents in C: windows\svchost.exe, two rootkit.zeroaccess among other adware and sketchy sounding vendors.
even after removing an/or quarantine ads and hyperlink issues remain.
I have CONSTANT attacks blocked with malbytes from a different port everytime, sometimes same websites.

P 38807 site 109.163.231.236 was first to come from azureus.exe and has not since
otherwise everytime since it is svchost.exe outgoing
sites: 206.161.121.126 - 78.41.203.125 - 206.161.121.126 (3 times) 206.161.121.3 (2 times) 78.41.203.125... these are the ones I noticed and wrote down
also the commercial ads are usually random intervals but almost always come in TWOS playing at same time!

Thank you for your time.

ClineStine, Jul 16, 2012

#1
ClineStine Newcomer, in training Posts: 50

im aware these problems more than likely came from using Vuze p2p to download music, in which I have learned my lesson

ClineStine, Jul 16, 2012

#2
Broni Malware Annihilator Posts: 39,231 +175
Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni, Jul 16, 2012

#3
ClineStine Newcomer, in training Posts: 50

Thank you Broni for taking this up. I see its much reading and some time to help these matters.

GMER would not produce a log, I disabled norton and malwarebytes and internet adapter, tried in safe mode too, made multiple attemps at no avail. After the initial quick scan nothing comes up at all saved the log anyways but opened it and its blank.

On DDS I see that my WINDOWS DEFENDER is Disabled and I Dont believe ive disabled not aware of what it is exactly or that I had it.
also I have two Nortons?

ClineStine, Jul 17, 2012

#4
ClineStine Newcomer, in training Posts: 50

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.17.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TLC :: TLC-PC [administrator]
Protection: Enabled
7/16/2012 10:06:58 PM
mbam-log-2012-07-16 (22-06-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268326
Time elapsed: 3 minute(s), 44 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4548 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

ClineStine, Jul 17, 2012

#5

ClineStine Newcomer, in training Posts: 50

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2011 10:05:12 AM
System Uptime: 7/16/2012 11:25:31 PM (0 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 386.51 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\4&13A08DB7&0&00E5
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
PNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_818110EC&REV_01\4&13A08DB7&0&00E5
Service: RTL8192Ce
.
==== System Restore Points ===================
.
RP99: 7/13/2012 3:00:12 AM - Windows Update
RP100: 7/14/2012 1:40:02 AM - Windows Update
RP101: 7/14/2012 3:00:17 AM - Windows Update
RP102: 7/15/2012 3:00:14 AM - Windows Update
RP103: 7/16/2012 3:00:18 AM - Windows Update
RP104: 7/16/2012 1:20:14 PM - Removed Google Drive
RP105: 7/16/2012 8:47:00 PM - Installed HiJackThis
RP106: 7/16/2012 9:23:03 PM - Windows Update
RP107: 7/16/2012 9:28:33 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Ask Toolbar
Ask Toolbar Updater
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Auslogics BoostSpeed
Autodesk Backburner 2013.0.0
Autodesk Civil View for 3ds Max Design 2013
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Medium Resolution Image Library 2013
Best Buy pc app
BitZipper 2010
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conquer Online 2.0
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Expert PDF 7 Reader
File Type Assistant
Google Chrome
Google Update Helper
HiJackThis
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Label@Once 1.0
Magic ISO Maker v5.4 (build 0239)
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Norton AntiVirus
PianoFX STUDIO 4.0
PlayReady PC Runtime x86
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
Rosetta Stone Version 3
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.1
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 7:47:02 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user TLC-PC\TLC SID (S-1-5-21-3521774429-2675038-2825181902-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2012 9:29:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
7/16/2012 9:29:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
7/16/2012 7:28:54 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
7/16/2012 4:19:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/16/2012 11:47:11 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
7/16/2012 11:47:11 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
7/16/2012 11:47:11 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
7/16/2012 10:55:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 10:55:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 10:55:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/16/2012 10:55:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/16/2012 10:55:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/16/2012 10:55:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/16/2012 10:55:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/16/2012 10:54:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
7/16/2012 10:54:57 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 10:54:54 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 10:54:54 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/15/2012 7:35:05 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service has not been started.
7/14/2012 12:57:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002eb7fca, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 071412-30139-01.
7/13/2012 11:36:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e7a32f, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 071312-31200-01.
7/12/2012 10:46:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.
.
==== End Of File ===========================

ClineStine, Jul 17, 2012

#6

ClineStine Newcomer, in training Posts: 50

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by TLC at 23:47:59 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1706 [GMT -7:00]
.
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TBS\HSON.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\windows\system32\conhost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.55.1
TCP: Interfaces\{5DE77CBF-A38A-4A31-8240-E6AB82D9DE4D} : DhcpNameServer = 192.168.55.1
TCP: Interfaces\{5DE77CBF-A38A-4A31-8240-E6AB82D9DE4D}\2375942554739343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DE77CBF-A38A-4A31-8240-E6AB82D9DE4D}\2716A67616D6D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5DE77CBF-A38A-4A31-8240-E6AB82D9DE4D}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: AutorunsDisabled - No File
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\ezn15uzn.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\ezn15uzn.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112454
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - f04f7068000000000000d0df9a65cae6
FF - user.js: extensions.BabylonToolbar_i.hardId - f04f7068000000000000d0df9a65cae6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15466
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:17:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQy8ShW9V
FF - user.js: extensions.incredibar_i.upn2n - 92542927961203623
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F6
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQy8ShW9V&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - f04f7068000000000000d0df9a65cae6
FF - user.js: extensions.incredibar_i.instlDay - 15482
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.142:21:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120715.001\IDSviA64.sys [2012-7-16 509088]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NAVx64\1207010.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-14 86016]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-13 2656280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-7 138912]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-13 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-13 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-11 250056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-28 1432400]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-13 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-24 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-17 05:23:45 20480 ----a-w- C:\windows\svchost.exe
2012-07-17 03:48:29 388096 ----a-r- C:\Users\TLC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-17 03:48:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-07-16 17:52:26 -------- d-----w- C:\Users\TLC\AppData\Roaming\Malwarebytes
2012-07-16 17:50:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-16 17:50:16 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-16 17:50:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 06:00:14 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-14 06:00:14 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-11 10:07:27 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 09:00:10 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 09:00:10 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-11 09:00:09 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-07-11 09:00:09 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-07-11 09:00:09 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-11 09:00:09 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-29 01:37:43 -------- d-----w- C:\Users\TLC\AppData\Roaming\Auslogics
2012-06-29 01:32:10 -------- d-----w- C:\Program Files (x86)\Auslogics
2012-06-29 00:44:37 -------- d-----w- C:\Users\TLC\AppData\Local\Autodesk
2012-06-29 00:35:08 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-06-29 00:32:05 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-06-29 00:18:54 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-06-29 00:18:54 -------- d-----w- C:\Program Files\Autodesk
2012-06-29 00:12:02 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2012-06-29 00:10:59 68104 ----a-w- C:\windows\System32\XAPOFX1_0.dll
2012-06-28 19:58:36 -------- d-----w- C:\Users\TLC\AppData\Roaming\Autodesk
2012-06-24 19:23:54 -------- d-----w- C:\Users\TLC\AppData\Local\Macromedia
2012-06-19 08:12:09 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-06-19 06:08:22 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-19 06:07:54 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-19 06:07:41 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-19 06:07:41 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-19 04:39:40 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-06-19 04:35:51 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-06-19 04:34:47 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-06-19 04:34:18 -------- d-----w- C:\Users\TLC\AppData\Local\Microsoft Help
2012-06-19 04:25:39 -------- d-----w- C:\Users\TLC\AppData\Local\SoftGrid Client
2012-06-19 04:25:38 -------- d-----w- C:\Users\TLC\AppData\Roaming\SoftGrid Client
2012-06-19 04:24:45 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-06-19 04:24:13 -------- d-----w- C:\Users\TLC\AppData\Roaming\TP
.
==================== Find3M ====================
.
2012-07-12 03:20:49 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:20:49 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-02 01:12:51 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
.
============= FINISH: 23:49:24.26 ===============

ClineStine, Jul 17, 2012

#7
Broni Malware Annihilator Posts: 39,231 +175
On DDS I see that my WINDOWS DEFENDER is Disabled and I Dont believe ive disabled not aware of what it is exactly or that I had it.

Windows Defender is totally worthless so it really doesn't matter if it runs or not.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Jul 17, 2012

#8
ClineStine Newcomer, in training Posts: 50

22:29:49.0911 4552 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
22:29:50.0425 4552 ============================================================
22:29:50.0425 4552 Current date / time: 2012/07/17 22:29:50.0425
22:29:50.0425 4552 SystemInfo:
22:29:50.0425 4552
22:29:50.0425 4552 OS Version: 6.1.7601 ServicePack: 1.0
22:29:50.0425 4552 Product type: Workstation
22:29:50.0425 4552 ComputerName: TLC-PC
22:29:50.0425 4552 UserName: TLC
22:29:50.0425 4552 Windows directory: C:\windows
22:29:50.0425 4552 System windows directory: C:\windows
22:29:50.0425 4552 Running under WOW64
22:29:50.0425 4552 Processor architecture: Intel x64
22:29:50.0425 4552 Number of processors: 4
22:29:50.0425 4552 Page size: 0x1000
22:29:50.0425 4552 Boot type: Normal boot
22:29:50.0425 4552 ============================================================
22:29:51.0127 4552 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:29:51.0127 4552 ============================================================
22:29:51.0127 4552 \Device\Harddisk0\DR0:
22:29:51.0127 4552 MBR partitions:
22:29:51.0127 4552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800
22:29:51.0127 4552 ============================================================
22:29:51.0174 4552 C: <-> \Device\Harddisk0\DR0\Partition0
22:29:51.0190 4552 ============================================================
22:29:51.0190 4552 Initialize success
22:29:51.0190 4552 ============================================================
22:30:27.0764 7800 ============================================================
22:30:27.0764 7800 Scan started
22:30:27.0764 7800 Mode: Manual;
22:30:27.0764 7800 ============================================================
22:30:30.0182 7800 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:30:30.0182 7800 1394ohci - ok
22:30:30.0245 7800 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:30:30.0245 7800 ACPI - ok
22:30:30.0276 7800 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:30:30.0276 7800 AcpiPmi - ok
22:30:30.0494 7800 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:30.0494 7800 AdobeFlashPlayerUpdateSvc - ok
22:30:30.0572 7800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:30:30.0572 7800 adp94xx - ok
22:30:30.0635 7800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:30:30.0650 7800 adpahci - ok
22:30:30.0682 7800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:30:30.0682 7800 adpu320 - ok
22:30:30.0728 7800 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:30:30.0728 7800 AeLookupSvc - ok
22:30:30.0791 7800 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:30:30.0791 7800 AFD - ok
22:30:30.0822 7800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:30:30.0822 7800 agp440 - ok
22:30:30.0853 7800 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:30:30.0853 7800 ALG - ok
22:30:30.0869 7800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:30:30.0869 7800 aliide - ok
22:30:30.0884 7800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:30:30.0884 7800 amdide - ok
22:30:30.0900 7800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:30:30.0916 7800 AmdK8 - ok
22:30:30.0916 7800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
22:30:30.0916 7800 AmdPPM - ok
22:30:30.0962 7800 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:30:30.0962 7800 amdsata - ok
22:30:30.0994 7800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:30:30.0994 7800 amdsbs - ok
22:30:31.0009 7800 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:30:31.0009 7800 amdxata - ok
22:30:31.0040 7800 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:30:31.0040 7800 AppID - ok
22:30:31.0072 7800 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:30:31.0072 7800 AppIDSvc - ok
22:30:31.0087 7800 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:30:31.0087 7800 Appinfo - ok
22:30:31.0118 7800 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:30:31.0134 7800 arc - ok
22:30:31.0134 7800 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:30:31.0134 7800 arcsas - ok
22:30:31.0243 7800 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:30:31.0274 7800 aspnet_state - ok
22:30:31.0321 7800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:30:31.0321 7800 AsyncMac - ok
22:30:31.0352 7800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:30:31.0352 7800 atapi - ok
22:30:31.0415 7800 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:30:31.0415 7800 AudioEndpointBuilder - ok
22:30:31.0430 7800 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:30:31.0430 7800 AudioSrv - ok
22:30:31.0462 7800 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:30:31.0462 7800 AxInstSV - ok
22:30:31.0508 7800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:30:31.0508 7800 b06bdrv - ok
22:30:31.0540 7800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:30:31.0555 7800 b57nd60a - ok
22:30:31.0602 7800 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:30:31.0602 7800 BDESVC - ok
22:30:31.0649 7800 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:30:31.0649 7800 Beep - ok
22:30:31.0711 7800 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:30:31.0711 7800 BFE - ok
22:30:31.0930 7800 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
22:30:31.0945 7800 BHDrvx64 - ok
22:30:32.0086 7800 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
22:30:32.0101 7800 BITS - ok
22:30:32.0179 7800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:30:32.0179 7800 blbdrive - ok
22:30:32.0210 7800 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:30:32.0226 7800 bowser - ok
22:30:32.0257 7800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:30:32.0257 7800 BrFiltLo - ok
22:30:32.0257 7800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:30:32.0257 7800 BrFiltUp - ok
22:30:32.0304 7800 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:30:32.0304 7800 Browser - ok
22:30:32.0366 7800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:30:32.0366 7800 Brserid - ok
22:30:32.0382 7800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:30:32.0382 7800 BrSerWdm - ok
22:30:32.0398 7800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:30:32.0398 7800 BrUsbMdm - ok
22:30:32.0398 7800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:30:32.0398 7800 BrUsbSer - ok
22:30:32.0413 7800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:30:32.0413 7800 BTHMODEM - ok
22:30:32.0460 7800 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:30:32.0476 7800 bthserv - ok
22:30:32.0491 7800 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:30:32.0491 7800 cdfs - ok
22:30:32.0522 7800 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:30:32.0522 7800 cdrom - ok
22:30:32.0554 7800 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:30:32.0569 7800 CertPropSvc - ok
22:30:32.0585 7800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:30:32.0585 7800 circlass - ok
22:30:32.0647 7800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:30:32.0647 7800 CLFS - ok
22:30:32.0710 7800 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:30:32.0710 7800 clr_optimization_v2.0.50727_32 - ok
22:30:32.0756 7800 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:30:32.0756 7800 clr_optimization_v2.0.50727_64 - ok
22:30:32.0850 7800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:30:32.0850 7800 clr_optimization_v4.0.30319_32 - ok
22:30:32.0881 7800 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:30:32.0881 7800 clr_optimization_v4.0.30319_64 - ok
22:30:32.0912 7800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:30:32.0912 7800 CmBatt - ok
22:30:32.0928 7800 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:30:32.0928 7800 cmdide - ok
22:30:32.0990 7800 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
22:30:33.0006 7800 CNG - ok
22:30:33.0131 7800 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
22:30:33.0146 7800 CnxtHdAudService - ok
22:30:33.0256 7800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
22:30:33.0256 7800 Compbatt - ok
22:30:33.0271 7800 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
22:30:33.0287 7800 CompositeBus - ok
22:30:33.0302 7800 COMSysApp - ok
22:30:33.0318 7800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:30:33.0318 7800 crcdisk - ok
22:30:33.0380 7800 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:30:33.0380 7800 CryptSvc - ok
22:30:33.0536 7800 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:30:33.0536 7800 cvhsvc - ok
22:30:33.0599 7800 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:30:33.0599 7800 DcomLaunch - ok
22:30:33.0630 7800 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:30:33.0661 7800 defragsvc - ok
22:30:33.0708 7800 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:30:33.0724 7800 DfsC - ok
22:30:33.0739 7800 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:30:33.0739 7800 Dhcp - ok
22:30:33.0770 7800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:30:33.0770 7800 discache - ok
22:30:33.0817 7800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:30:33.0817 7800 Disk - ok
22:30:33.0833 7800 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:30:33.0833 7800 Dnscache - ok
22:30:33.0880 7800 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:30:33.0880 7800 dot3svc - ok
22:30:33.0895 7800 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:30:33.0895 7800 DPS - ok
22:30:33.0911 7800 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:30:33.0911 7800 drmkaud - ok
22:30:33.0973 7800 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:30:33.0973 7800 DXGKrnl - ok
22:30:34.0020 7800 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:30:34.0020 7800 EapHost - ok
22:30:34.0176 7800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:30:34.0238 7800 ebdrv - ok
22:30:34.0410 7800 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:30:34.0426 7800 eeCtrl - ok
22:30:34.0519 7800 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:30:34.0519 7800 EFS - ok
22:30:34.0613 7800 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:30:34.0613 7800 ehRecvr - ok
22:30:34.0644 7800 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:30:34.0644 7800 ehSched - ok
22:30:34.0722 7800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:30:34.0722 7800 elxstor - ok
22:30:34.0847 7800 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:30:34.0847 7800 EraserUtilRebootDrv - ok
22:30:34.0862 7800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:30:34.0862 7800 ErrDev - ok
22:30:34.0940 7800 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:30:34.0940 7800 EventSystem - ok
22:30:34.0987 7800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:30:34.0987 7800 exfat - ok
22:30:35.0018 7800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:30:35.0018 7800 fastfat - ok
22:30:35.0096 7800 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:30:35.0096 7800 Fax - ok
22:30:35.0128 7800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:30:35.0128 7800 fdc - ok
22:30:35.0159 7800 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:30:35.0159 7800 fdPHost - ok
22:30:35.0174 7800 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:30:35.0174 7800 FDResPub - ok
22:30:35.0206 7800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:30:35.0206 7800 FileInfo - ok
22:30:35.0221 7800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:30:35.0221 7800 Filetrace - ok
22:30:35.0377 7800 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:30:35.0393 7800 FLEXnet Licensing Service - ok
22:30:35.0533 7800 FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:30:35.0596 7800 FLEXnet Licensing Service 64 - ok
22:30:35.0705 7800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:30:35.0705 7800 flpydisk - ok
22:30:35.0736 7800 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:30:35.0736 7800 FltMgr - ok
22:30:35.0798 7800 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:30:35.0814 7800 FontCache - ok
22:30:35.0892 7800 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:30:35.0892 7800 FontCache3.0.0.0 - ok
22:30:35.0939 7800 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:30:35.0939 7800 FsDepends - ok
22:30:35.0970 7800 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:30:35.0970 7800 Fs_Rec - ok
22:30:36.0017 7800 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:30:36.0017 7800 fvevol - ok
22:30:36.0048 7800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:30:36.0048 7800 gagp30kx - ok
22:30:36.0188 7800 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:30:36.0204 7800 gpsvc - ok
22:30:36.0313 7800 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:30:36.0313 7800 gupdate - ok
22:30:36.0376 7800 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:30:36.0376 7800 gupdatem - ok
22:30:36.0407 7800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:30:36.0407 7800 hcw85cir - ok
22:30:36.0454 7800 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:30:36.0454 7800 HdAudAddService - ok
22:30:36.0500 7800 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:30:36.0500 7800 HDAudBus - ok
22:30:36.0500 7800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:30:36.0500 7800 HidBatt - ok
22:30:36.0500 7800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:30:36.0500 7800 HidBth - ok
22:30:36.0547 7800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:30:36.0547 7800 HidIr - ok
22:30:36.0578 7800 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
22:30:36.0578 7800 hidserv - ok
22:30:36.0610 7800 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:30:36.0610 7800 HidUsb - ok
22:30:36.0641 7800 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:30:36.0641 7800 hkmsvc - ok
22:30:36.0672 7800 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:30:36.0672 7800 HomeGroupListener - ok
22:30:36.0719 7800 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:30:36.0719 7800 HomeGroupProvider - ok
22:30:36.0750 7800 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:30:36.0750 7800 HpSAMD - ok
22:30:36.0797 7800 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:30:36.0812 7800 HTTP - ok
22:30:36.0828 7800 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:30:36.0828 7800 hwpolicy - ok
22:30:36.0859 7800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:30:36.0859 7800 i8042prt - ok
22:30:36.0906 7800 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
22:30:36.0922 7800 iaStor - ok
22:30:36.0968 7800 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:30:36.0984 7800 iaStorV - ok
22:30:37.0109 7800 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:30:37.0124 7800 IDriverT - ok
22:30:37.0234 7800 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:30:37.0234 7800 idsvc - ok
22:30:37.0421 7800 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120715.001\IDSvia64.sys
22:30:37.0421 7800 IDSVia64 - ok
22:30:37.0936 7800 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
22:30:38.0216 7800 igfx - ok
22:30:38.0341 7800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:30:38.0341 7800 iirsp - ok
22:30:38.0404 7800 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:30:38.0404 7800 IKEEXT - ok
22:30:38.0466 7800 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
22:30:38.0466 7800 IntcDAud - ok
22:30:38.0497 7800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:30:38.0513 7800 intelide - ok
22:30:38.0528 7800 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:30:38.0528 7800 intelppm - ok
22:30:38.0575 7800 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:30:38.0575 7800 IPBusEnum - ok
22:30:38.0591 7800 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:30:38.0591 7800 IpFilterDriver - ok
22:30:38.0622 7800 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
22:30:38.0638 7800 iphlpsvc - ok
22:30:38.0653 7800 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:30:38.0653 7800 IPMIDRV - ok
22:30:38.0669 7800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:30:38.0669 7800 IPNAT - ok
22:30:38.0716 7800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:30:38.0716 7800 IRENUM - ok
22:30:38.0716 7800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:30:38.0716 7800 isapnp - ok
22:30:38.0747 7800 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:30:38.0762 7800 iScsiPrt - ok
22:30:38.0778 7800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:30:38.0778 7800 kbdclass - ok
22:30:38.0794 7800 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
22:30:38.0794 7800 kbdhid - ok
22:30:38.0825 7800 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:38.0825 7800 KeyIso - ok
22:30:38.0856 7800 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
22:30:38.0856 7800 KSecDD - ok
22:30:38.0872 7800 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
22:30:38.0887 7800 KSecPkg - ok
22:30:38.0918 7800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:30:38.0918 7800 ksthunk - ok
22:30:38.0950 7800 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:30:38.0981 7800 KtmRm - ok
22:30:39.0028 7800 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
22:30:39.0028 7800 L1C - ok
22:30:39.0074 7800 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
22:30:39.0074 7800 LanmanServer - ok
22:30:39.0106 7800 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:30:39.0121 7800 LanmanWorkstation - ok
22:30:39.0152 7800 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:30:39.0168 7800 lltdio - ok
22:30:39.0215 7800 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:30:39.0215 7800 lltdsvc - ok
22:30:39.0246 7800 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:30:39.0246 7800 lmhosts - ok
22:30:39.0355 7800 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:30:39.0355 7800 LMS - ok
22:30:39.0402 7800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:30:39.0402 7800 LSI_FC - ok
22:30:39.0418 7800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:30:39.0433 7800 LSI_SAS - ok
22:30:39.0449 7800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:30:39.0449 7800 LSI_SAS2 - ok
22:30:39.0464 7800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:30:39.0480 7800 LSI_SCSI - ok
22:30:39.0511 7800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:30:39.0511 7800 luafv - ok
22:30:39.0589 7800 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys
22:30:39.0589 7800 MBAMProtector - ok
22:30:39.0667 7800 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:30:39.0683 7800 MBAMService - ok
22:30:39.0714 7800 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:30:39.0714 7800 Mcx2Svc - ok
22:30:39.0745 7800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:30:39.0745 7800 megasas - ok
22:30:39.0792 7800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:30:39.0792 7800 MegaSR - ok
22:30:39.0839 7800 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
22:30:39.0839 7800 MEIx64 - ok
22:30:39.0964 7800 mi-raysat_3dsmax2013_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
22:30:39.0964 7800 mi-raysat_3dsmax2013_64 - ok
22:30:40.0088 7800 Microsoft SharePoint Workspace Audit Service - ok
22:30:40.0135 7800 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:30:40.0135 7800 MMCSS - ok
22:30:40.0166 7800 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:30:40.0166 7800 Modem - ok
22:30:40.0198 7800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:30:40.0198 7800 monitor - ok
22:30:40.0229 7800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:30:40.0229 7800 mouclass - ok
22:30:40.0260 7800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:30:40.0260 7800 mouhid - ok
22:30:40.0307 7800 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:30:40.0307 7800 mountmgr - ok
22:30:40.0432 7800 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:30:40.0556 7800 MozillaMaintenance - ok
22:30:40.0619 7800 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:30:40.0619 7800 mpio - ok
22:30:40.0650 7800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:30:40.0650 7800 mpsdrv - ok
22:30:40.0712 7800 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
22:30:40.0712 7800 MpsSvc - ok
22:30:40.0728 7800 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:30:40.0744 7800 MRxDAV - ok
22:30:40.0775 7800 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:30:40.0775 7800 mrxsmb - ok
22:30:40.0806 7800 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:30:40.0806 7800 mrxsmb10 - ok
22:30:40.0822 7800 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:30:40.0822 7800 mrxsmb20 - ok
22:30:40.0853 7800 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
22:30:40.0853 7800 msahci - ok
22:30:40.0884 7800 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:30:40.0884 7800 msdsm - ok
22:30:40.0915 7800 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:30:40.0915 7800 MSDTC - ok
22:30:40.0946 7800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:30:40.0946 7800 Msfs - ok
22:30:40.0946 7800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:30:40.0946 7800 mshidkmdf - ok
22:30:40.0978 7800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:30:40.0978 7800 msisadrv - ok
22:30:41.0009 7800 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:30:41.0024 7800 MSiSCSI - ok
22:30:41.0024 7800 msiserver - ok
22:30:41.0071 7800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:30:41.0071 7800 MSKSSRV - ok
22:30:41.0087 7800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:30:41.0087 7800 MSPCLOCK - ok
22:30:41.0118 7800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:30:41.0118 7800 MSPQM - ok
22:30:41.0149 7800 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:30:41.0149 7800 MsRPC - ok
22:30:41.0165 7800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:30:41.0165 7800 mssmbios - ok
22:30:41.0180 7800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:30:41.0180 7800 MSTEE - ok
22:30:41.0180 7800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:30:41.0196 7800 MTConfig - ok
22:30:41.0212 7800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:30:41.0212 7800 Mup - ok
22:30:41.0258 7800 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:30:41.0274 7800 napagent - ok
22:30:41.0321 7800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:30:41.0321 7800 NativeWifiP - ok
22:30:41.0461 7800 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
22:30:41.0461 7800 NAV - ok
22:30:41.0602 7800 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120716.018\ENG64.SYS
22:30:41.0602 7800 NAVENG - ok

ClineStine, Jul 18, 2012

#9
ClineStine Newcomer, in training Posts: 50

22:30:41.0726 7800 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120716.018\EX64.SYS
22:30:41.0742 7800 NAVEX15 - ok
22:30:41.0898 7800 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
22:30:41.0914 7800 NDIS - ok
22:30:41.0929 7800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:30:41.0929 7800 NdisCap - ok
22:30:41.0945 7800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:30:41.0945 7800 NdisTapi - ok
22:30:41.0992 7800 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:30:41.0992 7800 Ndisuio - ok
22:30:42.0007 7800 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:30:42.0023 7800 NdisWan - ok
22:30:42.0038 7800 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:30:42.0038 7800 NDProxy - ok
22:30:42.0038 7800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:30:42.0054 7800 NetBIOS - ok
22:30:42.0070 7800 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:30:42.0070 7800 NetBT - ok
22:30:42.0101 7800 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:42.0101 7800 Netlogon - ok
22:30:42.0553 7800 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:30:42.0584 7800 Netman - ok
22:30:42.0694 7800 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:42.0709 7800 NetMsmqActivator - ok
22:30:42.0709 7800 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:42.0709 7800 NetPipeActivator - ok
22:30:42.0787 7800 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:30:42.0787 7800 netprofm - ok
22:30:42.0818 7800 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:42.0818 7800 NetTcpActivator - ok
22:30:42.0818 7800 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:30:42.0834 7800 NetTcpPortSharing - ok
22:30:43.0302 7800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:30:43.0318 7800 nfrd960 - ok
22:30:43.0364 7800 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:30:43.0364 7800 NlaSvc - ok
22:30:43.0396 7800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:30:43.0396 7800 Npfs - ok
22:30:43.0427 7800 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:30:43.0427 7800 nsi - ok
22:30:43.0458 7800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:30:43.0458 7800 nsiproxy - ok
22:30:43.0630 7800 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:30:43.0661 7800 Ntfs - ok
22:30:43.0848 7800 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:30:43.0848 7800 Null - ok
22:30:43.0895 7800 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:30:43.0895 7800 nvraid - ok
22:30:43.0942 7800 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:30:43.0957 7800 nvstor - ok
22:30:44.0004 7800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:30:44.0004 7800 nv_agp - ok
22:30:44.0066 7800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:30:44.0066 7800 ohci1394 - ok
22:30:44.0207 7800 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:30:44.0222 7800 ose - ok
22:30:44.0675 7800 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:30:44.0784 7800 osppsvc - ok
22:30:44.0940 7800 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:30:44.0940 7800 p2pimsvc - ok
22:30:45.0034 7800 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:30:45.0065 7800 p2psvc - ok
22:30:45.0127 7800 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:30:45.0127 7800 Parport - ok
22:30:45.0174 7800 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:30:45.0190 7800 partmgr - ok
22:30:45.0268 7800 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:30:45.0268 7800 PcaSvc - ok
22:30:45.0314 7800 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:30:45.0314 7800 pci - ok
22:30:45.0330 7800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:30:45.0330 7800 pciide - ok
22:30:45.0377 7800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:30:45.0377 7800 pcmcia - ok
22:30:45.0392 7800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:30:45.0392 7800 pcw - ok
22:30:45.0439 7800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:30:45.0439 7800 PEAUTH - ok
22:30:45.0502 7800 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:30:45.0502 7800 PerfHost - ok
22:30:45.0548 7800 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
22:30:45.0548 7800 PGEffect - ok
22:30:45.0626 7800 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:30:45.0642 7800 pla - ok
22:30:45.0689 7800 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:30:45.0689 7800 PlugPlay - ok
22:30:45.0704 7800 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:30:45.0704 7800 PNRPAutoReg - ok
22:30:45.0736 7800 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:30:45.0736 7800 PNRPsvc - ok
22:30:45.0782 7800 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:30:45.0782 7800 PolicyAgent - ok
22:30:45.0814 7800 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:30:45.0814 7800 Power - ok
22:30:45.0892 7800 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:30:45.0892 7800 PptpMiniport - ok
22:30:45.0907 7800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:30:45.0907 7800 Processor - ok
22:30:45.0954 7800 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:30:45.0970 7800 ProfSvc - ok
22:30:46.0016 7800 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:46.0016 7800 ProtectedStorage - ok
22:30:46.0063 7800 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:30:46.0063 7800 Psched - ok
22:30:46.0110 7800 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
22:30:46.0126 7800 QIOMem - ok
22:30:46.0297 7800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:30:46.0313 7800 ql2300 - ok
22:30:46.0422 7800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:30:46.0422 7800 ql40xx - ok
22:30:46.0453 7800 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:30:46.0469 7800 QWAVE - ok
22:30:46.0484 7800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:30:46.0484 7800 QWAVEdrv - ok
22:30:46.0500 7800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:30:46.0500 7800 RasAcd - ok
22:30:46.0547 7800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:30:46.0547 7800 RasAgileVpn - ok
22:30:46.0578 7800 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:30:46.0578 7800 RasAuto - ok
22:30:46.0594 7800 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:30:46.0594 7800 Rasl2tp - ok
22:30:46.0625 7800 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:30:46.0625 7800 RasMan - ok
22:30:46.0656 7800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:30:46.0656 7800 RasPppoe - ok
22:30:46.0687 7800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:30:46.0687 7800 RasSstp - ok
22:30:46.0718 7800 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:30:46.0718 7800 rdbss - ok
22:30:46.0734 7800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:30:46.0734 7800 rdpbus - ok
22:30:46.0765 7800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:30:46.0765 7800 RDPCDD - ok
22:30:46.0781 7800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:30:46.0781 7800 RDPENCDD - ok
22:30:46.0796 7800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:30:46.0796 7800 RDPREFMP - ok
22:30:46.0843 7800 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:30:46.0843 7800 RDPWD - ok
22:30:46.0890 7800 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:30:46.0890 7800 rdyboost - ok
22:30:46.0921 7800 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:30:46.0921 7800 RemoteAccess - ok
22:30:46.0952 7800 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:30:46.0968 7800 RemoteRegistry - ok
22:30:46.0999 7800 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:30:46.0999 7800 RpcEptMapper - ok
22:30:47.0015 7800 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:30:47.0015 7800 RpcLocator - ok
22:30:47.0062 7800 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:30:47.0062 7800 RpcSs - ok
22:30:47.0093 7800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:30:47.0093 7800 rspndr - ok
22:30:47.0140 7800 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
22:30:47.0140 7800 RSUSBSTOR - ok
22:30:47.0171 7800 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
22:30:47.0202 7800 RSUSBVSTOR - ok
22:30:47.0280 7800 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
22:30:47.0296 7800 RTL8192Ce - ok
22:30:47.0311 7800 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:47.0311 7800 SamSs - ok
22:30:47.0358 7800 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:30:47.0358 7800 sbp2port - ok
22:30:47.0389 7800 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:30:47.0405 7800 SCardSvr - ok
22:30:47.0420 7800 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:30:47.0420 7800 scfilter - ok
22:30:47.0467 7800 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:30:47.0483 7800 Schedule - ok
22:30:47.0498 7800 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:30:47.0514 7800 SCPolicySvc - ok
22:30:47.0530 7800 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:30:47.0545 7800 SDRSVC - ok
22:30:47.0576 7800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:30:47.0576 7800 secdrv - ok
22:30:47.0592 7800 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:30:47.0592 7800 seclogon - ok
22:30:47.0608 7800 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
22:30:47.0608 7800 SENS - ok
22:30:47.0654 7800 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:30:47.0654 7800 SensrSvc - ok
22:30:47.0701 7800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:30:47.0701 7800 Serenum - ok
22:30:47.0732 7800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:30:47.0748 7800 Serial - ok
22:30:47.0764 7800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:30:47.0764 7800 sermouse - ok
22:30:47.0795 7800 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:30:47.0810 7800 SessionEnv - ok
22:30:47.0810 7800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:30:47.0810 7800 sffdisk - ok
22:30:47.0826 7800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:30:47.0826 7800 sffp_mmc - ok
22:30:47.0826 7800 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:30:47.0826 7800 sffp_sd - ok
22:30:47.0857 7800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:30:47.0857 7800 sfloppy - ok
22:30:47.0935 7800 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
22:30:47.0951 7800 Sftfs - ok
22:30:48.0060 7800 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:30:48.0076 7800 sftlist - ok
22:30:48.0169 7800 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
22:30:48.0169 7800 Sftplay - ok
22:30:48.0200 7800 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
22:30:48.0200 7800 Sftredir - ok
22:30:48.0232 7800 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
22:30:48.0232 7800 Sftvol - ok
22:30:48.0278 7800 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:30:48.0278 7800 sftvsa - ok
22:30:48.0341 7800 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:30:48.0341 7800 SharedAccess - ok
22:30:48.0388 7800 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:30:48.0388 7800 ShellHWDetection - ok
22:30:48.0419 7800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:30:48.0434 7800 SiSRaid2 - ok
22:30:48.0450 7800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:30:48.0450 7800 SiSRaid4 - ok
22:30:48.0466 7800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:30:48.0466 7800 Smb - ok
22:30:48.0497 7800 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:30:48.0512 7800 SNMPTRAP - ok
22:30:48.0512 7800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:30:48.0512 7800 spldr - ok
22:30:48.0544 7800 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:30:48.0559 7800 Spooler - ok
22:30:48.0684 7800 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:30:48.0715 7800 sppsvc - ok
22:30:48.0809 7800 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:30:48.0824 7800 sppuinotify - ok
22:30:48.0965 7800 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS
22:30:48.0980 7800 SRTSP - ok
22:30:48.0996 7800 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
22:30:48.0996 7800 SRTSPX - ok
22:30:49.0027 7800 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:30:49.0043 7800 srv - ok
22:30:49.0074 7800 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:30:49.0074 7800 srv2 - ok
22:30:49.0136 7800 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
22:30:49.0152 7800 SrvHsfHDA - ok
22:30:49.0199 7800 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
22:30:49.0214 7800 SrvHsfV92 - ok
22:30:49.0355 7800 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
22:30:49.0370 7800 SrvHsfWinac - ok
22:30:49.0402 7800 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:30:49.0417 7800 srvnet - ok
22:30:49.0464 7800 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:30:49.0464 7800 SSDPSRV - ok
22:30:49.0480 7800 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:30:49.0480 7800 SstpSvc - ok
22:30:49.0495 7800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:30:49.0495 7800 stexstor - ok
22:30:49.0558 7800 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:30:49.0558 7800 stisvc - ok
22:30:49.0573 7800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:30:49.0573 7800 swenum - ok
22:30:49.0620 7800 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:30:49.0636 7800 swprv - ok
22:30:49.0729 7800 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
22:30:49.0760 7800 SymDS - ok
22:30:49.0838 7800 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
22:30:49.0854 7800 SymEFA - ok
22:30:49.0901 7800 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
22:30:49.0932 7800 SymEvent - ok
22:30:50.0010 7800 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
22:30:50.0010 7800 SymIRON - ok
22:30:50.0072 7800 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS
22:30:50.0072 7800 SymNetS - ok
22:30:50.0228 7800 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
22:30:50.0244 7800 SynTP - ok
22:30:50.0431 7800 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:30:50.0447 7800 SysMain - ok
22:30:50.0556 7800 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:30:50.0556 7800 TabletInputService - ok
22:30:50.0587 7800 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:30:50.0587 7800 TapiSrv - ok
22:30:50.0587 7800 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:30:50.0603 7800 TBS - ok
22:30:50.0728 7800 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:30:50.0743 7800 Tcpip - ok
22:30:50.0930 7800 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:30:50.0946 7800 TCPIP6 - ok
22:30:51.0040 7800 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:30:51.0040 7800 tcpipreg - ok
22:30:51.0071 7800 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:30:51.0071 7800 tdcmdpst - ok
22:30:51.0086 7800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:30:51.0086 7800 TDPIPE - ok
22:30:51.0133 7800 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:30:51.0133 7800 TDTCP - ok
22:30:51.0149 7800 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:30:51.0149 7800 tdx - ok
22:30:51.0180 7800 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
22:30:51.0180 7800 TermDD - ok
22:30:51.0227 7800 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:30:51.0242 7800 TermService - ok
22:30:51.0258 7800 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:30:51.0258 7800 Themes - ok
22:30:51.0289 7800 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:30:51.0289 7800 THREADORDER - ok
22:30:51.0398 7800 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:30:51.0398 7800 TMachInfo - ok
22:30:51.0430 7800 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
22:30:51.0430 7800 TODDSrv - ok
22:30:51.0523 7800 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
22:30:51.0539 7800 TosCoSrv - ok
22:30:51.0586 7800 TOSHIBA eco Utility Service (d0f868a67cb4d817a3f7abef8c42f49c) C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:30:51.0586 7800 TOSHIBA eco Utility Service - ok
22:30:51.0648 7800 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:30:51.0648 7800 TOSHIBA HDD SSD Alert Service - ok
22:30:51.0710 7800 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
22:30:51.0726 7800 tos_sps64 - ok
22:30:51.0804 7800 TPCHSrv (d65c6b0c070534336b72005391b6168a) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:30:51.0804 7800 TPCHSrv - ok
22:30:51.0898 7800 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:30:51.0913 7800 TrkWks - ok
22:30:51.0960 7800 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:30:51.0960 7800 TrustedInstaller - ok
22:30:52.0007 7800 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:30:52.0007 7800 tssecsrv - ok
22:30:52.0022 7800 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:30:52.0022 7800 TsUsbFlt - ok
22:30:52.0038 7800 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:30:52.0038 7800 TsUsbGD - ok
22:30:52.0069 7800 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:30:52.0069 7800 tunnel - ok
22:30:52.0100 7800 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:30:52.0100 7800 TVALZ - ok
22:30:52.0132 7800 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
22:30:52.0132 7800 TVALZFL - ok
22:30:52.0147 7800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:30:52.0147 7800 uagp35 - ok
22:30:52.0194 7800 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:30:52.0210 7800 udfs - ok
22:30:52.0241 7800 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:30:52.0241 7800 UI0Detect - ok
22:30:52.0272 7800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:30:52.0272 7800 uliagpkx - ok
22:30:52.0319 7800 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:30:52.0319 7800 umbus - ok
22:30:52.0350 7800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
22:30:52.0350 7800 UmPass - ok
22:30:52.0553 7800 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:30:52.0584 7800 UNS - ok
22:30:52.0693 7800 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:30:52.0693 7800 upnphost - ok
22:30:52.0771 7800 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
22:30:52.0787 7800 usbaudio - ok
22:30:52.0818 7800 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:30:52.0818 7800 usbccgp - ok
22:30:52.0834 7800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:30:52.0834 7800 usbcir - ok
22:30:52.0849 7800 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
22:30:52.0849 7800 usbehci - ok
22:30:52.0880 7800 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:30:52.0880 7800 usbhub - ok
22:30:52.0896 7800 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:30:52.0896 7800 usbohci - ok
22:30:52.0912 7800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
22:30:52.0912 7800 usbprint - ok
22:30:52.0943 7800 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:30:52.0943 7800 USBSTOR - ok
22:30:52.0958 7800 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:30:52.0958 7800 usbuhci - ok
22:30:53.0021 7800 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:30:53.0021 7800 usbvideo - ok
22:30:53.0052 7800 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:30:53.0052 7800 UxSms - ok
22:30:53.0068 7800 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:30:53.0068 7800 VaultSvc - ok
22:30:53.0099 7800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:30:53.0099 7800 vdrvroot - ok
22:30:53.0130 7800 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:30:53.0130 7800 vds - ok
22:30:53.0161 7800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:30:53.0161 7800 vga - ok
22:30:53.0177 7800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:30:53.0177 7800 VgaSave - ok
22:30:53.0192 7800 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:30:53.0192 7800 vhdmp - ok
22:30:53.0208 7800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:30:53.0208 7800 viaide - ok
22:30:53.0224 7800 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:30:53.0224 7800 volmgr - ok
22:30:53.0239 7800 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:30:53.0255 7800 volmgrx - ok
22:30:53.0286 7800 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
22:30:53.0286 7800 volsnap - ok
22:30:53.0317 7800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:30:53.0333 7800 vsmraid - ok
22:30:53.0411 7800 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:30:53.0426 7800 VSS - ok
22:30:53.0536 7800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:30:53.0536 7800 vwifibus - ok
22:30:53.0567 7800 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:30:53.0567 7800 vwififlt - ok
22:30:53.0598 7800 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
22:30:53.0598 7800 vwifimp - ok
22:30:53.0645 7800 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:30:53.0645 7800 W32Time - ok
22:30:53.0676 7800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:30:53.0676 7800 WacomPen - ok
22:30:53.0707 7800 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:30:53.0707 7800 WANARP - ok
22:30:53.0723 7800 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:30:53.0723 7800 Wanarpv6 - ok
22:30:53.0863 7800 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:30:53.0894 7800 WatAdminSvc - ok
22:30:53.0972 7800 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:30:54.0004 7800 wbengine - ok
22:30:54.0160 7800 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:30:54.0160 7800 WbioSrvc - ok
22:30:54.0191 7800 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:30:54.0191 7800 wcncsvc - ok
22:30:54.0206 7800 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:30:54.0222 7800 WcsPlugInService - ok
22:30:54.0253 7800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:30:54.0253 7800 Wd - ok
22:30:54.0300 7800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:30:54.0316 7800 Wdf01000 - ok
22:30:54.0347 7800 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:30:54.0347 7800 WdiServiceHost - ok
22:30:54.0347 7800 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:30:54.0362 7800 WdiSystemHost - ok
22:30:54.0394 7800 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:30:54.0409 7800 WebClient - ok
22:30:54.0425 7800 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:30:54.0425 7800 Wecsvc - ok
22:30:54.0440 7800 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:30:54.0456 7800 wercplsupport - ok
22:30:54.0456 7800 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:30:54.0456 7800 WerSvc - ok
22:30:54.0518 7800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:30:54.0518 7800 WfpLwf - ok
22:30:54.0534 7800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:30:54.0550 7800 WIMMount - ok
22:30:54.0596 7800 WinDefend - ok
22:30:54.0596 7800 WinHttpAutoProxySvc - ok
22:30:54.0674 7800 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:30:54.0674 7800 Winmgmt - ok
22:30:54.0768 7800 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:30:54.0799 7800 WinRM - ok
22:30:54.0955 7800 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:30:54.0955 7800 WinUsb - ok
22:30:55.0049 7800 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:30:55.0049 7800 Wlansvc - ok
22:30:55.0142 7800 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:30:55.0158 7800 wlcrasvc - ok
22:30:55.0298 7800 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:30:55.0314 7800 wlidsvc - ok
22:30:55.0423 7800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
22:30:55.0439 7800 WmiAcpi - ok
22:30:55.0501 7800 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:30:55.0501 7800 wmiApSrv - ok
22:30:55.0595 7800 WMPNetworkSvc - ok
22:30:55.0626 7800 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:30:55.0626 7800 WPCSvc - ok
22:30:55.0657 7800 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:30:55.0657 7800 WPDBusEnum - ok
22:30:55.0688 7800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:30:55.0688 7800 ws2ifsl - ok
22:30:55.0704 7800 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
22:30:55.0704 7800 wscsvc - ok
22:30:55.0704 7800 WSearch - ok
22:30:55.0829 7800 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
22:30:55.0860 7800 wuauserv - ok
22:30:55.0954 7800 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:30:55.0969 7800 WudfPf - ok
22:30:55.0985 7800 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:30:56.0000 7800 WUDFRd - ok
22:30:56.0016 7800 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:30:56.0016 7800 wudfsvc - ok
22:30:56.0047 7800 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:30:56.0047 7800 WwanSvc - ok
22:30:56.0078 7800 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:30:56.0141 7800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:30:56.0141 7800 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:30:56.0156 7800 Boot (0x1200) (4eb1e2b90bed742042faa8a67b61b3ec) \Device\Harddisk0\DR0\Partition0
22:30:56.0156 7800 \Device\Harddisk0\DR0\Partition0 - ok
22:30:56.0156 7800 ============================================================
22:30:56.0156 7800 Scan finished
22:30:56.0156 7800 ============================================================
22:30:56.0172 1204 Detected object count: 1
22:30:56.0172 1204 Actual detected object count: 1
22:31:21.0319 1204 \Device\Harddisk0\DR0\# - copied to quarantine
22:31:21.0319 1204 \Device\Harddisk0\DR0 - copied to quarantine
22:31:21.0350 1204 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:31:21.0366 1204 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:31:21.0366 1204 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:31:21.0382 1204 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:31:21.0397 1204 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:31:21.0397 1204 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:31:21.0397 1204 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:31:21.0444 1204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:31:21.0444 1204 \Device\Harddisk0\DR0 - ok
22:31:21.0662 1204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:32:24.0577 2968 Deinitialize success

ClineStine, Jul 18, 2012

#10
Broni Malware Annihilator Posts: 39,231 +175
Good

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Broni, Jul 18, 2012

#11
ClineStine Newcomer, in training Posts: 50

rougekiller asked if I wanted to delete when I closed program after scan, I clicked no, should I of let it delete?

ClineStine, Jul 18, 2012

#12
ClineStine Newcomer, in training Posts: 50

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: TLC [Admin rights]
Mode: Scan -- Date: 07/18/2012 14:32:28
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Guest : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Mcx1-TLC-PC : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 442aaa6927b31297461e6f5031d50495
[BSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594921 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221472256 | Size: 14058 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

ClineStine, Jul 18, 2012

#13
Broni Malware Annihilator Posts: 39,231 +175

Do nothing else than indicated in my instructions.

Broni, Jul 18, 2012

#14
ClineStine Newcomer, in training Posts: 50

understood.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 14:34:58
-----------------------------
14:34:58.878 OS Version: Windows x64 6.1.7601 Service Pack 1
14:34:58.878 Number of processors: 4 586 0x2A07
14:34:58.878 ComputerName: TLC-PC UserName: TLC
14:35:00.328 Initialize success
14:42:07.629 AVAST engine defs: 12071800
14:42:15.227 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:42:15.227 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
14:42:15.242 Disk 0 MBR read successfully
14:42:15.273 Disk 0 MBR scan
14:42:15.273 Disk 0 Windows VISTA default MBR code
14:42:15.305 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:42:15.320 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594921 MB offset 3074048
14:42:15.351 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 1221472256
14:42:15.398 Disk 0 scanning C:\windows\system32\drivers
14:42:24.805 Service scanning
14:42:58.283 Modules scanning
14:42:58.283 Disk 0 trace - called modules:
14:42:58.314 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:42:58.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006924790]
14:42:58.329 3 CLASSPNP.SYS[fffff88001dce43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004abd050]
14:42:59.421 AVAST engine scan C:\windows
14:43:01.340 AVAST engine scan C:\windows\system32
14:45:46.470 AVAST engine scan C:\windows\system32\drivers
14:46:06.040 AVAST engine scan C:\Users\TLC
15:01:32.450 AVAST engine scan C:\ProgramData
15:12:15.630 Scan finished successfully
15:15:22.471 Disk 0 MBR has been saved successfully to "C:\Users\TLC\Desktop\MBR.dat"
15:15:22.471 The log file has been saved successfully to "C:\Users\TLC\Desktop\aswMBR.txt"

ClineStine, Jul 18, 2012

#15
Broni Malware Annihilator Posts: 39,231 +175
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Jul 18, 2012

#16
ClineStine Newcomer, in training Posts: 50

well combofix does run.
but should it take two hours? its seems stuck at completed stage 4, I was waiting for about two hours and I closed it to ask.

ClineStine, Jul 18, 2012

#17
Broni Malware Annihilator Posts: 39,231 +175

If, for some reason, Combofix refuses to run, try one of the following:

Broni, Jul 18, 2012

#18
ClineStine Newcomer, in training Posts: 50

sorry, I didnt try safe mode but I did try rkill, will try safe mode now.

ClineStine, Jul 18, 2012

#19
ClineStine Newcomer, in training Posts: 50

well now I get
Error saving file
HIV - Backup
continue with next file?
(RegCreateKeyEx: 5 Access Denied)
If I click yes it will give error for multiple HIV-Backup files.
If I click no it continues the start up but does not go to blue screen where it scans.

ClineStine, Jul 18, 2012

#20

Page 1 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.