TechSpot

Svchost.exe Trojan.Agent

Solved
By Perfectionistic
Nov 10, 2012
  1. Hello, I am Sam, good to meet you all.

    Just to put this upfront so it isn't something disclosed at the last moment, I do not have a PayPal or other method for transferring currency electronically. If you hold any expectations of donations, I am sorry for your disappointment and time.

    Although there are - and I have read - other threads on this issues, it seems that the solution is not clear, as the people with the issues become inactive, and the post is abandoned. I am fixing my sister's computer she recently purchased. She has been getting quite a few viruses, which I was able to deal with in a relatively short manor, the longest time being two hours to research and trouble shoot. This bad boy, on the other hand, seems to have eluded many people.

    I have read the following Threads related to this malware virus:

    Threads I have briefed, but symptoms/results from Trojan do not apply to the "troubled" computer:

    I have attempted a few fixes, but nothing has been effective. I an using my personal computer as a method of downloading the software to put on a flashdrive and use on the other computer. If you have any preliminary rules, regulations, questions, or comments related or not directly related to the actual solution, let us please post those now. And to save you the hassle of asking, I have introduced myself. I will also read all directions carefully, be well aware of the consequences of mistakes, refrain from changes that are not mandated by an instructor, not abandon the topic, reply as soon as possible, maintain constant updates on computer behavior, complete the cleaning process, not ask for help outside of this discussion, never run more than one scan at a time, and do as the instructors say. That ought to sum up it up.

    Let me know what I can do to help assist you kindhearted volunteers in aiding me. I will try to reply every day on week days, even if only to say that I have acknowledged the reply and am pending for a time opportunity to complete the instructions fully.
     
  2. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    Donations are totally optional so you don't have to worry about it :)
     
  3. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    Affirmative - I will post the results tomorrow.
     
  4. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    1. Installed Avast Home
     
  5. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    MBAM Log:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.10.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Eva White :: EVA [administrator]

    11/12/2012 6:41:57 PM
    mbam-log-2012-11-12 (18-41-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203608
    Time elapsed: 4 minute(s), 45 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 5020 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
     
  6. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    3. GMER detected no modifications.
     
  7. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    4. Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/5/2011 5:24:00 PM
    System Uptime: 11/12/2012 6:49:01 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Pentium(R) CPU B970 @ 2.30GHz | U3E1 | 2300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 539.197 GiB free.
    D: is CDROM (UDF)
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP3: 9/5/2011 5:24:27 PM - Windows Update
    RP4: 9/5/2011 5:24:43 PM - Installed TOSHIBA Quality Application
    RP5: 9/5/2011 5:25:35 PM - Windows Modules Installer
    RP6: 9/6/2011 5:03:03 PM - Installed iTunes
    RP7: 9/28/2011 12:00:03 AM - Scheduled Checkpoint
    RP8: 10/17/2012 3:55:31 PM - Norton_Power_Eraser_20121017155527392
    RP9: 10/17/2012 4:32:10 PM - Restore Operation
    RP10: 11/10/2012 12:10:33 PM - Removed Amazon Links
    RP11: 11/10/2012 12:17:48 PM - Configured TOSHIBA Bulletin Board
    RP12: 11/10/2012 12:28:18 PM - Removed Toshiba Online Backup
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X MUI
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Bonjour
    D3DX10
    Free Download Manager 3.8
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    InternetHelper1.5 Toolbar
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 25
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    Norton Anti-Theft
    PlayReady PC Runtime amd64
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    Realtek WLAN Driver
    Synaptics Pointing Device Driver
    TOSHIBA Application Installer
    TOSHIBA Audio Enhancement
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    Toshiba Security Dashboard
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA User's Guide
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBARegistration
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2012 5:01:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/8/2012 2:28:36 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    11/7/2012 5:44:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/7/2012 5:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/7/2012 5:01:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ccSet_NAT discache spldr Wanarpv6
    11/7/2012 5:01:16 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/7/2012 5:01:16 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    11/12/2012 7:16:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    11/12/2012 6:52:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    11/12/2012 6:49:59 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    11/12/2012 6:49:59 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    11/12/2012 6:49:24 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    11/12/2012 6:49:21 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    11/12/2012 6:49:21 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
    11/12/2012 6:49:19 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    11/12/2012 6:47:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    11/10/2012 4:40:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
    11/10/2012 12:44:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Eva\Eva White SID (S-1-5-21-2869826210-3714172475-4123464501-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    11/10/2012 12:27:51 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    11/10/2012 12:15:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================

    DDS.txt
    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Eva White at 19:17:37 on 2012-11-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4021.2726 [GMT -8:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\TECO\Teco.exe
    C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Windows\system32\WUDFHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uDefault_Page_URL = hxxp://start.toshiba.com
    uSearchURL,(Default) = hxxp://www.google.com/search?sourceid=ie9&rlz=1I7TSNP_enUS500&q=%s
    uURLSearchHooks: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files (x86)\InternetHelper1.5\prxtbInte.dll
    uURLSearchHooks: {80f6f9bf-9fd1-4f41-9ddf-6dd070f4f62f} - <orphaned>
    mURLSearchHooks: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files (x86)\InternetHelper1.5\prxtbInte.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files (x86)\InternetHelper1.5\prxtbInte.dll
    BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: InternetHelper1.5 Toolbar: {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - C:\Program Files (x86)\InternetHelper1.5\prxtbInte.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{9BB24C21-EC02-4338-8B1F-9B6CA24BEE6D} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{9BB24C21-EC02-4338-8B1F-9B6CA24BEE6D}\160707C65677F6F64613 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{9BB24C21-EC02-4338-8B1F-9B6CA24BEE6D}\46C696E6B6 : DHCPNameServer = 192.168.0.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
    R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\drivers\NATx64\0106000.011\ccSetx64.sys [2011-10-12 168096]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-12 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-12 161560]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2011-9-18 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-18 676936]
    R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe [2011-10-12 143928]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [2012-5-12 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2012-5-12 126392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-11-24 294848]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-12 363800]
    R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-5-12 9216]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
    R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-1-16 103536]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-9-18 25928]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-5-12 38096]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-5-12 313448]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-5-12 1145448]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
    R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
    R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2011-12-22 21264]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-5-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-25 138152]
    R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-14 833976]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    .
    =============== Created Last 30 ================
    .
    2012-11-13 02:50:15 20480 ----a-w- C:\windows\svchost.exe
    2012-11-10 20:25:58 -------- d-----w- C:\Users\Eva White\AppData\Local\SlimWare Utilities Inc
    2012-10-27 20:55:46 -------- d-----w- C:\Program Files (x86)\Conduit
    2012-10-17 22:33:15 -------- d-----w- C:\Users\Eva White\AppData\Local\NPE
    .
    ==================== Find3M ====================
    .
    2012-10-13 00:35:18 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-13 00:35:18 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-13 00:35:10 9575864 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-09-30 02:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-08-21 20:01:20 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
    2012-08-21 20:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
    2012-08-21 20:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
    .
    ============= FINISH: 19:18:14.64 ===============
     
  8. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    5. DONE.
    [Sorry I post most of my replies at this hour - it's the only time I have available to do this.]
     
  9. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    I'll send you the log tomorrow, Broni.
    Never mind, I have time now.
     
  11. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    There are four logs. Two from the first time I ran this, and two from just now. The first one appears to the one with the "cure" information, and the second is the "initialization" success on reboot. I will post both anyway.
    First:
    19:01:24.0501 3872 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    19:01:26.0326 3872 ============================================================
    19:01:26.0326 3872 Current date / time: 2012/11/13 19:01:26.0326
    19:01:26.0326 3872 SystemInfo:
    19:01:26.0326 3872
    19:01:26.0326 3872 OS Version: 6.1.7601 ServicePack: 1.0
    19:01:26.0326 3872 Product type: Workstation
    19:01:26.0326 3872 ComputerName: EVA
    19:01:26.0326 3872 UserName: Eva White
    19:01:26.0326 3872 Windows directory: C:\windows
    19:01:26.0326 3872 System windows directory: C:\windows
    19:01:26.0326 3872 Running under WOW64
    19:01:26.0326 3872 Processor architecture: Intel x64
    19:01:26.0326 3872 Number of processors: 2
    19:01:26.0326 3872 Page size: 0x1000
    19:01:26.0326 3872 Boot type: Normal boot
    19:01:26.0326 3872 ============================================================
    19:01:31.0880 3872 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:01:32.0082 3872 Drive \Device\Harddisk1\DR1 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    19:01:32.0098 3872 ============================================================
    19:01:32.0098 3872 \Device\Harddisk0\DR0:
    19:01:32.0098 3872 MBR partitions:
    19:01:32.0098 3872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48AD5800
    19:01:32.0098 3872 \Device\Harddisk1\DR1:
    19:01:32.0098 3872 MBR partitions:
    19:01:32.0098 3872 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
    19:01:32.0098 3872 ============================================================
    19:01:32.0114 3872 C: <-> \Device\Harddisk0\DR0\Partition1
    19:01:32.0114 3872 ============================================================
    19:01:32.0114 3872 Initialize success
    19:01:32.0114 3872 ============================================================
    19:02:01.0800 4752 ============================================================
    19:02:01.0800 4752 Scan started
    19:02:01.0800 4752 Mode: Manual;
    19:02:01.0800 4752 ============================================================
    19:02:06.0590 4752 ================ Scan system memory ========================
    19:02:06.0590 4752 System memory - ok
    19:02:06.0590 4752 ================ Scan services =============================
    19:02:06.0948 4752 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    19:02:06.0948 4752 1394ohci - ok
    19:02:07.0011 4752 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    19:02:07.0026 4752 ACPI - ok
    19:02:07.0058 4752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    19:02:07.0058 4752 AcpiPmi - ok
    19:02:07.0260 4752 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:02:07.0276 4752 AdobeFlashPlayerUpdateSvc - ok
    19:02:07.0416 4752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
    19:02:07.0416 4752 adp94xx - ok
    19:02:07.0510 4752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
    19:02:07.0510 4752 adpahci - ok
    19:02:07.0619 4752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
    19:02:07.0619 4752 adpu320 - ok
    19:02:07.0682 4752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    19:02:07.0682 4752 AeLookupSvc - ok
    19:02:07.0760 4752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    19:02:07.0775 4752 AFD - ok
    19:02:07.0822 4752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    19:02:07.0822 4752 agp440 - ok
    19:02:07.0869 4752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    19:02:07.0869 4752 ALG - ok
    19:02:08.0025 4752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    19:02:08.0025 4752 aliide - ok
    19:02:08.0072 4752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    19:02:08.0072 4752 amdide - ok
    19:02:08.0165 4752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
    19:02:08.0165 4752 AmdK8 - ok
    19:02:08.0196 4752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
    19:02:08.0196 4752 AmdPPM - ok
    19:02:08.0259 4752 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    19:02:08.0290 4752 amdsata - ok
    19:02:08.0306 4752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
    19:02:08.0321 4752 amdsbs - ok
    19:02:08.0352 4752 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    19:02:08.0368 4752 amdxata - ok
    19:02:08.0430 4752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    19:02:08.0446 4752 AppID - ok
    19:02:08.0477 4752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    19:02:08.0477 4752 AppIDSvc - ok
    19:02:08.0555 4752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    19:02:08.0571 4752 Appinfo - ok
    19:02:08.0664 4752 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:02:08.0680 4752 Apple Mobile Device - ok
    19:02:08.0758 4752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
    19:02:08.0774 4752 arc - ok
    19:02:08.0789 4752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
    19:02:08.0789 4752 arcsas - ok
    19:02:08.0976 4752 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    19:02:09.0023 4752 aspnet_state - ok
    19:02:09.0070 4752 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
    19:02:09.0070 4752 aswFsBlk - ok
    19:02:09.0210 4752 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
    19:02:09.0210 4752 aswMonFlt - ok
    19:02:09.0273 4752 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
    19:02:09.0273 4752 aswRdr - ok
    19:02:09.0413 4752 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys
    19:02:09.0429 4752 aswSnx - ok
    19:02:09.0476 4752 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys
    19:02:09.0476 4752 aswSP - ok
    19:02:09.0491 4752 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
    19:02:09.0507 4752 aswTdi - ok
    19:02:09.0569 4752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    19:02:09.0569 4752 AsyncMac - ok
    19:02:09.0616 4752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    19:02:09.0616 4752 atapi - ok
    19:02:09.0725 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    19:02:09.0741 4752 AudioEndpointBuilder - ok
    19:02:09.0756 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    19:02:09.0772 4752 AudioSrv - ok
    19:02:10.0131 4752 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    19:02:10.0131 4752 avast! Antivirus - ok
    19:02:10.0178 4752 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    19:02:10.0178 4752 AxInstSV - ok
    19:02:10.0287 4752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
    19:02:10.0302 4752 b06bdrv - ok
    19:02:10.0349 4752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    19:02:10.0349 4752 b57nd60a - ok
    19:02:10.0458 4752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    19:02:10.0458 4752 BDESVC - ok
    19:02:10.0490 4752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    19:02:10.0490 4752 Beep - ok
    19:02:10.0568 4752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    19:02:10.0583 4752 blbdrive - ok
    19:02:10.0677 4752 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:02:10.0677 4752 Bonjour Service - ok
    19:02:10.0724 4752 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    19:02:10.0724 4752 bowser - ok
    19:02:10.0786 4752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
    19:02:10.0786 4752 BrFiltLo - ok
    19:02:10.0817 4752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
    19:02:10.0817 4752 BrFiltUp - ok
    19:02:10.0880 4752 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
    19:02:10.0880 4752 Browser - ok
    19:02:10.0942 4752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    19:02:10.0958 4752 Brserid - ok
    19:02:11.0004 4752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    19:02:11.0004 4752 BrSerWdm - ok
    19:02:11.0036 4752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    19:02:11.0051 4752 BrUsbMdm - ok
    19:02:11.0067 4752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    19:02:11.0067 4752 BrUsbSer - ok
    19:02:11.0098 4752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
    19:02:11.0098 4752 BTHMODEM - ok
    19:02:11.0160 4752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    19:02:11.0160 4752 bthserv - ok
    19:02:11.0254 4752 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_NAT C:\windows\system32\drivers\NATx64\0106000.011\ccSetx64.sys
    19:02:11.0254 4752 ccSet_NAT - ok
    19:02:11.0316 4752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    19:02:11.0316 4752 cdfs - ok
    19:02:11.0394 4752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    19:02:11.0394 4752 cdrom - ok
    19:02:11.0457 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    19:02:11.0472 4752 CertPropSvc - ok
    19:02:11.0519 4752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
    19:02:11.0519 4752 circlass - ok
    19:02:11.0582 4752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    19:02:11.0597 4752 CLFS - ok
    19:02:11.0675 4752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:02:11.0675 4752 clr_optimization_v2.0.50727_32 - ok
    19:02:11.0738 4752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:02:11.0738 4752 clr_optimization_v2.0.50727_64 - ok
    19:02:11.0925 4752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:02:12.0050 4752 clr_optimization_v4.0.30319_32 - ok
    19:02:12.0112 4752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:02:12.0237 4752 clr_optimization_v4.0.30319_64 - ok
    19:02:12.0284 4752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    19:02:12.0284 4752 CmBatt - ok
    19:02:12.0315 4752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    19:02:12.0330 4752 cmdide - ok
    19:02:12.0424 4752 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys
    19:02:12.0471 4752 CNG - ok
    19:02:12.0580 4752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
    19:02:12.0580 4752 Compbatt - ok
    19:02:12.0627 4752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
    19:02:12.0627 4752 CompositeBus - ok
    19:02:12.0658 4752 COMSysApp - ok
    19:02:12.0736 4752 [ B5FF69F768B18A771DB4B0962544CB71 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
    19:02:12.0752 4752 cphs - ok
    19:02:12.0798 4752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
    19:02:12.0798 4752 crcdisk - ok
    19:02:12.0892 4752 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll
    19:02:12.0892 4752 CryptSvc - ok
    19:02:13.0001 4752 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    19:02:13.0001 4752 cvhsvc - ok
    19:02:13.0079 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    19:02:13.0095 4752 DcomLaunch - ok
    19:02:13.0157 4752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    19:02:13.0173 4752 defragsvc - ok
    19:02:13.0235 4752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    19:02:13.0251 4752 DfsC - ok
    19:02:13.0313 4752 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    19:02:13.0313 4752 Dhcp - ok
    19:02:13.0360 4752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    19:02:13.0376 4752 discache - ok
    19:02:13.0422 4752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
    19:02:13.0422 4752 Disk - ok
    19:02:13.0547 4752 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    19:02:13.0547 4752 Dnscache - ok
    19:02:13.0625 4752 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    19:02:13.0625 4752 dot3svc - ok
    19:02:13.0641 4752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    19:02:13.0656 4752 DPS - ok
    19:02:13.0703 4752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    19:02:13.0703 4752 drmkaud - ok
    19:02:13.0812 4752 [ ED5B31FFC64B9305DDB468701E4019A0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    19:02:13.0828 4752 DXGKrnl - ok
    19:02:13.0875 4752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    19:02:13.0890 4752 EapHost - ok
    19:02:14.0171 4752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
    19:02:14.0296 4752 ebdrv - ok
    19:02:14.0390 4752 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    19:02:14.0390 4752 EFS - ok
    19:02:14.0546 4752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    19:02:14.0561 4752 ehRecvr - ok
    19:02:14.0577 4752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    19:02:14.0577 4752 ehSched - ok
    19:02:14.0655 4752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
    19:02:14.0670 4752 elxstor - ok
    19:02:14.0686 4752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    19:02:14.0686 4752 ErrDev - ok
    19:02:14.0764 4752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    19:02:14.0780 4752 EventSystem - ok
    19:02:14.0826 4752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    19:02:14.0826 4752 exfat - ok
    19:02:14.0873 4752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    19:02:14.0873 4752 fastfat - ok
    19:02:15.0014 4752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    19:02:15.0029 4752 Fax - ok
    19:02:15.0076 4752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
    19:02:15.0076 4752 fdc - ok
    19:02:15.0138 4752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    19:02:15.0138 4752 fdPHost - ok
    19:02:15.0138 4752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    19:02:15.0154 4752 FDResPub - ok
    19:02:15.0232 4752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    19:02:15.0232 4752 FileInfo - ok
    19:02:15.0263 4752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    19:02:15.0263 4752 Filetrace - ok
    19:02:15.0497 4752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
    19:02:15.0513 4752 flpydisk - ok
    19:02:15.0513 4752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    19:02:15.0528 4752 FltMgr - ok
    19:02:15.0684 4752 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    19:02:15.0731 4752 FontCache - ok
    19:02:15.0778 4752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:02:15.0778 4752 FontCache3.0.0.0 - ok
    19:02:15.0794 4752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    19:02:15.0794 4752 FsDepends - ok
    19:02:15.0825 4752 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    19:02:15.0825 4752 Fs_Rec - ok
    19:02:16.0215 4752 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    19:02:16.0230 4752 fvevol - ok
    19:02:16.0277 4752 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
    19:02:16.0277 4752 FwLnk - ok
    19:02:16.0355 4752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
    19:02:16.0355 4752 gagp30kx - ok
    19:02:16.0386 4752 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    19:02:16.0386 4752 GEARAspiWDM - ok
    19:02:16.0480 4752 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    19:02:16.0496 4752 gpsvc - ok
    19:02:16.0652 4752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:02:16.0652 4752 gupdate - ok
    19:02:16.0698 4752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:02:16.0698 4752 gupdatem - ok
    19:02:16.0776 4752 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:02:16.0792 4752 gusvc - ok
    19:02:16.0870 4752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    19:02:16.0870 4752 hcw85cir - ok
    19:02:16.0917 4752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    19:02:16.0932 4752 HdAudAddService - ok
    19:02:16.0979 4752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
    19:02:16.0979 4752 HDAudBus - ok
    19:02:16.0995 4752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
    19:02:16.0995 4752 HidBatt - ok
    19:02:17.0042 4752 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
    19:02:17.0042 4752 HidBth - ok
    19:02:17.0088 4752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
    19:02:17.0088 4752 HidIr - ok
    19:02:17.0135 4752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    19:02:17.0135 4752 hidserv - ok
    19:02:17.0244 4752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    19:02:17.0244 4752 HidUsb - ok
    19:02:17.0291 4752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    19:02:17.0291 4752 hkmsvc - ok
    19:02:17.0322 4752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    19:02:17.0338 4752 HomeGroupListener - ok
    19:02:17.0385 4752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    19:02:17.0385 4752 HomeGroupProvider - ok
    19:02:17.0447 4752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    19:02:17.0463 4752 HpSAMD - ok
    19:02:17.0541 4752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    19:02:17.0572 4752 HTTP - ok
    19:02:17.0619 4752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    19:02:17.0619 4752 hwpolicy - ok
    19:02:17.0650 4752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    19:02:17.0650 4752 i8042prt - ok
    19:02:17.0712 4752 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    19:02:17.0728 4752 iaStor - ok
    19:02:17.0822 4752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    19:02:17.0837 4752 iaStorV - ok
    19:02:18.0009 4752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:02:18.0087 4752 idsvc - ok
    19:02:19.0163 4752 [ E910E770A54E55973FFBE663C3254000 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    19:02:19.0506 4752 igfx - ok
    19:02:19.0569 4752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
    19:02:19.0569 4752 iirsp - ok
    19:02:19.0647 4752 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    19:02:19.0662 4752 IKEEXT - ok
    19:02:19.0959 4752 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    19:02:19.0990 4752 IntcAzAudAddService - ok
    19:02:20.0115 4752 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
    19:02:20.0130 4752 IntcDAud - ok
    19:02:20.0271 4752 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    19:02:20.0286 4752 Intel(R) Capability Licensing Service Interface - ok
    19:02:20.0380 4752 [ D7467E57549960468E0CA85C17185B12 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    19:02:20.0396 4752 Intel(R) ME Service - ok
    19:02:20.0458 4752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    19:02:20.0458 4752 intelide - ok
    19:02:20.0520 4752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    19:02:20.0520 4752 intelppm - ok
    19:02:20.0552 4752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    19:02:20.0567 4752 IPBusEnum - ok
    19:02:20.0630 4752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    19:02:20.0645 4752 IpFilterDriver - ok
    19:02:20.0645 4752 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    19:02:20.0645 4752 IPMIDRV - ok
    19:02:20.0676 4752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    19:02:20.0676 4752 IPNAT - ok
    19:02:20.0770 4752 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    19:02:20.0786 4752 iPod Service - ok
    19:02:20.0864 4752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    19:02:20.0864 4752 IRENUM - ok
    19:02:20.0879 4752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    19:02:20.0879 4752 isapnp - ok
    19:02:20.0910 4752 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    19:02:20.0926 4752 iScsiPrt - ok
    19:02:20.0973 4752 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
    19:02:20.0973 4752 iusb3hcs - ok
    19:02:21.0004 4752 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
    19:02:21.0004 4752 iusb3hub - ok
    19:02:21.0066 4752 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
    19:02:21.0082 4752 iusb3xhc - ok
    19:02:21.0176 4752 [ 604A8615BB3D7064197A0563C799B938 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    19:02:21.0176 4752 jhi_service - ok
    19:02:21.0207 4752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    19:02:21.0207 4752 kbdclass - ok
    19:02:21.0254 4752 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
    19:02:21.0254 4752 kbdhid - ok
    19:02:21.0316 4752 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    19:02:21.0332 4752 KeyIso - ok
    19:02:21.0363 4752 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    19:02:21.0363 4752 KSecDD - ok
    19:02:21.0363 4752 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    19:02:21.0378 4752 KSecPkg - ok
    19:02:21.0410 4752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    19:02:21.0410 4752 ksthunk - ok
    19:02:21.0456 4752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    19:02:21.0472 4752 KtmRm - ok
    19:02:21.0534 4752 [ 3CE6A9BEF066BF9488E6BC4D6C62F77E ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
    19:02:21.0550 4752 L1C - ok
    19:02:21.0612 4752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    19:02:21.0612 4752 LanmanServer - ok
    19:02:21.0675 4752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    19:02:21.0675 4752 LanmanWorkstation - ok
    19:02:21.0753 4752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    19:02:21.0753 4752 lltdio - ok
    19:02:21.0878 4752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    19:02:21.0893 4752 lltdsvc - ok
    19:02:21.0940 4752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    19:02:21.0940 4752 lmhosts - ok
    19:02:22.0002 4752 [ AB41542FA180CB3317F597ED7E7D5C5D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    19:02:22.0002 4752 LMS - ok
    19:02:22.0143 4752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
    19:02:22.0143 4752 LSI_FC - ok
    19:02:22.0221 4752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
    19:02:22.0236 4752 LSI_SAS - ok
    19:02:22.0268 4752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
    19:02:22.0283 4752 LSI_SAS2 - ok
    19:02:22.0314 4752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
    19:02:22.0314 4752 LSI_SCSI - ok
    19:02:22.0361 4752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    19:02:22.0361 4752 luafv - ok
    19:02:22.0470 4752 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
    19:02:22.0486 4752 MBAMProtector - ok
    19:02:22.0673 4752 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    19:02:22.0689 4752 MBAMScheduler - ok
    19:02:22.0814 4752 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    19:02:22.0829 4752 MBAMService - ok
    19:02:22.0876 4752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    19:02:22.0876 4752 Mcx2Svc - ok
    19:02:22.0954 4752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
    19:02:22.0954 4752 megasas - ok
    19:02:22.0985 4752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
    19:02:22.0985 4752 MegaSR - ok
    19:02:23.0048 4752 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    19:02:23.0048 4752 MEIx64 - ok
    19:02:23.0126 4752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    19:02:23.0126 4752 MMCSS - ok
    19:02:23.0188 4752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    19:02:23.0188 4752 Modem - ok
    19:02:23.0235 4752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    19:02:23.0235 4752 monitor - ok
    19:02:23.0313 4752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    19:02:23.0313 4752 mouclass - ok
    19:02:23.0375 4752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    19:02:23.0375 4752 mouhid - ok
    19:02:23.0484 4752 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    19:02:23.0500 4752 mountmgr - ok
    19:02:23.0516 4752 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    19:02:23.0516 4752 mpio - ok
    19:02:23.0547 4752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    19:02:23.0562 4752 mpsdrv - ok
    19:02:23.0578 4752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    19:02:23.0578 4752 MRxDAV - ok
    19:02:23.0625 4752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    19:02:23.0625 4752 mrxsmb - ok
    19:02:23.0640 4752 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    19:02:23.0656 4752 mrxsmb10 - ok
    19:02:23.0687 4752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    19:02:23.0687 4752 mrxsmb20 - ok
    19:02:23.0718 4752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
    19:02:23.0718 4752 msahci - ok
    19:02:23.0765 4752 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    19:02:23.0781 4752 msdsm - ok
    19:02:23.0828 4752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    19:02:23.0843 4752 MSDTC - ok
    19:02:23.0906 4752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    19:02:23.0906 4752 Msfs - ok
    19:02:23.0984 4752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    19:02:23.0984 4752 mshidkmdf - ok
    19:02:23.0984 4752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    19:02:23.0999 4752 msisadrv - ok
    19:02:24.0062 4752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    19:02:24.0077 4752 MSiSCSI - ok
    19:02:24.0077 4752 msiserver - ok
    19:02:24.0202 4752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    19:02:24.0202 4752 MSKSSRV - ok
    19:02:24.0233 4752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    19:02:24.0233 4752 MSPCLOCK - ok
    19:02:24.0249 4752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    19:02:24.0249 4752 MSPQM - ok
    19:02:24.0280 4752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    19:02:24.0296 4752 MsRPC - ok
    19:02:24.0342 4752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
    19:02:24.0342 4752 mssmbios - ok
    19:02:24.0374 4752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    19:02:24.0374 4752 MSTEE - ok
    19:02:24.0405 4752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
    19:02:24.0405 4752 MTConfig - ok
    19:02:24.0436 4752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    19:02:24.0436 4752 Mup - ok
    19:02:24.0498 4752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    19:02:24.0514 4752 napagent - ok
    19:02:24.0686 4752 [ 8D11DA92F83D8C8281689739BEF05FD5 ] NAT C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
    19:02:24.0686 4752 NAT - ok
    19:02:24.0826 4752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    19:02:24.0842 4752 NativeWifiP - ok
    19:02:24.0904 4752 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
    19:02:24.0966 4752 NDIS - ok
    19:02:25.0029 4752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    19:02:25.0044 4752 NdisCap - ok
    19:02:25.0076 4752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    19:02:25.0076 4752 NdisTapi - ok
    19:02:25.0107 4752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    19:02:25.0107 4752 Ndisuio - ok
    19:02:25.0154 4752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    19:02:25.0154 4752 NdisWan - ok
    19:02:25.0185 4752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    19:02:25.0185 4752 NDProxy - ok
    19:02:25.0216 4752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    19:02:25.0216 4752 NetBIOS - ok
    19:02:25.0278 4752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    19:02:25.0294 4752 NetBT - ok
    19:02:25.0356 4752 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    19:02:25.0372 4752 Netlogon - ok
    19:02:25.0419 4752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    19:02:25.0434 4752 Netman - ok
    19:02:25.0497 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:02:25.0544 4752 NetMsmqActivator - ok
    19:02:25.0544 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:02:25.0559 4752 NetPipeActivator - ok
    19:02:25.0590 4752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    19:02:25.0606 4752 netprofm - ok
    19:02:25.0637 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:02:25.0653 4752 NetTcpActivator - ok
    19:02:25.0653 4752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:02:25.0668 4752 NetTcpPortSharing - ok
    19:02:25.0715 4752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
    19:02:25.0715 4752 nfrd960 - ok
    19:02:25.0793 4752 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
    19:02:25.0809 4752 NlaSvc - ok
    19:02:25.0871 4752 Norton PC Checkup Application Launcher - ok
    19:02:25.0887 4752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    19:02:25.0887 4752 Npfs - ok
    19:02:25.0918 4752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    19:02:25.0918 4752 nsi - ok
    19:02:25.0980 4752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    19:02:25.0980 4752 nsiproxy - ok
    19:02:26.0074 4752 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    19:02:26.0136 4752 Ntfs - ok
    19:02:26.0199 4752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    19:02:26.0199 4752 Null - ok
    19:02:26.0246 4752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    19:02:26.0261 4752 nvraid - ok
    19:02:26.0277 4752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    19:02:26.0292 4752 nvstor - ok
    19:02:26.0339 4752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    19:02:26.0339 4752 nv_agp - ok
    19:02:26.0370 4752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    19:02:26.0370 4752 ohci1394 - ok
    19:02:26.0448 4752 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:02:26.0464 4752 ose - ok
    19:02:26.0776 4752 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    19:02:26.0916 4752 osppsvc - ok
    19:02:26.0963 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    19:02:26.0979 4752 p2pimsvc - ok
    19:02:27.0010 4752 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    19:02:27.0026 4752 p2psvc - ok
    19:02:27.0088 4752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
    19:02:27.0306 4752 Parport - ok
    19:02:27.0322 4752 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\windows\system32\drivers\partmgr.sys
    19:02:27.0322 4752 partmgr - ok
    19:02:27.0369 4752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    19:02:27.0384 4752 PcaSvc - ok
    19:02:27.0447 4752 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
    19:02:27.0447 4752 PCCUJobMgr - ok
     
     
  12. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    19:02:27.0494 4752 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    19:02:27.0494 4752 pci - ok
    19:02:27.0540 4752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
    19:02:27.0540 4752 pciide - ok
    19:02:27.0572 4752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
    19:02:27.0572 4752 pcmcia - ok
    19:02:27.0603 4752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    19:02:27.0618 4752 pcw - ok
    19:02:27.0650 4752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    19:02:27.0665 4752 PEAUTH - ok
    19:02:27.0806 4752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    19:02:27.0806 4752 PerfHost - ok
    19:02:27.0915 4752 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    19:02:27.0915 4752 PGEffect - ok
    19:02:28.0024 4752 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    19:02:28.0071 4752 pla - ok
    19:02:28.0149 4752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    19:02:28.0164 4752 PlugPlay - ok
    19:02:28.0227 4752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    19:02:28.0242 4752 PNRPAutoReg - ok
    19:02:28.0274 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    19:02:28.0274 4752 PNRPsvc - ok
    19:02:28.0383 4752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    19:02:28.0398 4752 PolicyAgent - ok
    19:02:28.0508 4752 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
    19:02:28.0508 4752 Power - ok
    19:02:28.0554 4752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    19:02:28.0570 4752 PptpMiniport - ok
    19:02:28.0632 4752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
    19:02:28.0632 4752 Processor - ok
    19:02:28.0695 4752 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
    19:02:28.0695 4752 ProfSvc - ok
    19:02:28.0773 4752 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    19:02:28.0773 4752 ProtectedStorage - ok
    19:02:28.0898 4752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    19:02:28.0898 4752 Psched - ok
    19:02:29.0007 4752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
    19:02:29.0038 4752 ql2300 - ok
    19:02:29.0085 4752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
    19:02:29.0085 4752 ql40xx - ok
    19:02:29.0132 4752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    19:02:29.0132 4752 QWAVE - ok
    19:02:29.0225 4752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    19:02:29.0225 4752 QWAVEdrv - ok
    19:02:29.0334 4752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    19:02:29.0334 4752 RasAcd - ok
    19:02:29.0412 4752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    19:02:29.0412 4752 RasAgileVpn - ok
    19:02:29.0506 4752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    19:02:29.0522 4752 RasAuto - ok
    19:02:29.0615 4752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    19:02:29.0615 4752 Rasl2tp - ok
    19:02:29.0662 4752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    19:02:29.0678 4752 RasMan - ok
    19:02:29.0709 4752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    19:02:29.0724 4752 RasPppoe - ok
    19:02:29.0740 4752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    19:02:29.0740 4752 RasSstp - ok
    19:02:29.0787 4752 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    19:02:29.0802 4752 rdbss - ok
    19:02:29.0818 4752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
    19:02:29.0818 4752 rdpbus - ok
    19:02:29.0880 4752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    19:02:29.0880 4752 RDPCDD - ok
    19:02:29.0990 4752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    19:02:30.0005 4752 RDPENCDD - ok
    19:02:30.0068 4752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    19:02:30.0068 4752 RDPREFMP - ok
    19:02:30.0177 4752 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    19:02:30.0177 4752 RDPWD - ok
    19:02:30.0270 4752 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    19:02:30.0270 4752 rdyboost - ok
    19:02:30.0348 4752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    19:02:30.0348 4752 RemoteAccess - ok
    19:02:30.0411 4752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    19:02:30.0411 4752 RemoteRegistry - ok
    19:02:30.0458 4752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    19:02:30.0473 4752 RpcEptMapper - ok
    19:02:30.0504 4752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    19:02:30.0520 4752 RpcLocator - ok
    19:02:30.0567 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    19:02:30.0582 4752 RpcSs - ok
    19:02:30.0676 4752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    19:02:30.0676 4752 rspndr - ok
    19:02:30.0816 4752 [ 36FCA0C67BCDC0DA047F5F36743B5CB9 ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
    19:02:30.0832 4752 RSUSBVSTOR - ok
    19:02:30.0972 4752 [ F33E70E48A54A7A1BFBEEB4F3B273E4A ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
    19:02:30.0988 4752 RTL8192Ce - ok
    19:02:31.0035 4752 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    19:02:31.0035 4752 SamSs - ok
    19:02:31.0113 4752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    19:02:31.0113 4752 sbp2port - ok
    19:02:31.0144 4752 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    19:02:31.0144 4752 SCardSvr - ok
    19:02:31.0160 4752 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    19:02:31.0160 4752 scfilter - ok
    19:02:31.0222 4752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    19:02:31.0238 4752 Schedule - ok
    19:02:31.0253 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    19:02:31.0253 4752 SCPolicySvc - ok
    19:02:31.0300 4752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    19:02:31.0316 4752 SDRSVC - ok
    19:02:31.0378 4752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    19:02:31.0378 4752 secdrv - ok
    19:02:31.0394 4752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    19:02:31.0394 4752 seclogon - ok
    19:02:31.0472 4752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    19:02:31.0472 4752 SENS - ok
    19:02:31.0503 4752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    19:02:31.0503 4752 SensrSvc - ok
    19:02:31.0596 4752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
    19:02:31.0596 4752 Serenum - ok
    19:02:31.0659 4752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
    19:02:31.0659 4752 Serial - ok
    19:02:31.0706 4752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
    19:02:31.0706 4752 sermouse - ok
    19:02:31.0784 4752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    19:02:31.0799 4752 SessionEnv - ok
    19:02:32.0080 4752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    19:02:32.0220 4752 sffdisk - ok
    19:02:32.0314 4752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    19:02:32.0330 4752 sffp_mmc - ok
    19:02:32.0376 4752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    19:02:32.0376 4752 sffp_sd - ok
    19:02:32.0439 4752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
    19:02:32.0454 4752 sfloppy - ok
    19:02:32.0626 4752 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
    19:02:32.0626 4752 Sftfs - ok
    19:02:32.0782 4752 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    19:02:32.0798 4752 sftlist - ok
    19:02:32.0829 4752 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
    19:02:32.0844 4752 Sftplay - ok
    19:02:32.0876 4752 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
    19:02:32.0876 4752 Sftredir - ok
    19:02:32.0922 4752 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
    19:02:32.0922 4752 Sftvol - ok
    19:02:32.0954 4752 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    19:02:32.0954 4752 sftvsa - ok
    19:02:33.0000 4752 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    19:02:33.0000 4752 ShellHWDetection - ok
    19:02:33.0078 4752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
    19:02:33.0078 4752 SiSRaid2 - ok
    19:02:33.0125 4752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
    19:02:33.0125 4752 SiSRaid4 - ok
    19:02:33.0188 4752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    19:02:33.0203 4752 Smb - ok
    19:02:33.0281 4752 [ E922286ED6677104AEBB210B9F0BF6F3 ] SmbDrv C:\windows\system32\DRIVERS\Smb_driver.sys
    19:02:33.0281 4752 SmbDrv - ok
    19:02:33.0437 4752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    19:02:33.0437 4752 SNMPTRAP - ok
    19:02:33.0484 4752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    19:02:33.0484 4752 spldr - ok
    19:02:33.0562 4752 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
    19:02:33.0578 4752 Spooler - ok
    19:02:33.0812 4752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    19:02:33.0936 4752 sppsvc - ok
    19:02:33.0952 4752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    19:02:33.0952 4752 sppuinotify - ok
    19:02:34.0061 4752 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    19:02:34.0061 4752 srv - ok
    19:02:34.0077 4752 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    19:02:34.0092 4752 srv2 - ok
    19:02:34.0139 4752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    19:02:34.0139 4752 srvnet - ok
    19:02:34.0233 4752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    19:02:34.0248 4752 SSDPSRV - ok
    19:02:34.0248 4752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    19:02:34.0264 4752 SstpSvc - ok
    19:02:34.0311 4752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
    19:02:34.0326 4752 stexstor - ok
    19:02:34.0436 4752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    19:02:34.0451 4752 stisvc - ok
    19:02:34.0482 4752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
    19:02:34.0482 4752 swenum - ok
    19:02:34.0560 4752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    19:02:34.0576 4752 swprv - ok
    19:02:34.0716 4752 [ 92F4AFC1FDE7A4CA0C88F9143F4DD323 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    19:02:34.0716 4752 SynTP - ok
    19:02:34.0857 4752 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    19:02:34.0919 4752 SysMain - ok
    19:02:35.0013 4752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    19:02:35.0013 4752 TabletInputService - ok
    19:02:35.0060 4752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    19:02:35.0075 4752 TapiSrv - ok
    19:02:35.0091 4752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    19:02:35.0091 4752 TBS - ok
    19:02:35.0262 4752 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    19:02:35.0372 4752 Tcpip - ok
    19:02:35.0418 4752 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    19:02:35.0434 4752 TCPIP6 - ok
    19:02:35.0481 4752 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    19:02:35.0496 4752 tcpipreg - ok
    19:02:35.0606 4752 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    19:02:35.0606 4752 tdcmdpst - ok
    19:02:35.0668 4752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    19:02:35.0668 4752 TDPIPE - ok
    19:02:35.0699 4752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    19:02:35.0699 4752 TDTCP - ok
    19:02:35.0746 4752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    19:02:35.0746 4752 tdx - ok
    19:02:35.0777 4752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
    19:02:35.0777 4752 TermDD - ok
    19:02:36.0448 4752 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    19:02:36.0479 4752 TermService - ok
    19:02:36.0838 4752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    19:02:37.0072 4752 Themes - ok
    19:02:37.0290 4752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    19:02:37.0290 4752 THREADORDER - ok
    19:02:37.0478 4752 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    19:02:37.0478 4752 TMachInfo - ok
    19:02:37.0540 4752 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
    19:02:37.0540 4752 TODDSrv - ok
    19:02:37.0758 4752 [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    19:02:37.0758 4752 TosCoSrv - ok
    19:02:37.0868 4752 [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    19:02:37.0868 4752 TOSHIBA eco Utility Service - ok
    19:02:37.0914 4752 [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    19:02:37.0930 4752 TOSHIBA HDD SSD Alert Service - ok
    19:02:38.0632 4752 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
    19:02:38.0648 4752 tos_sps64 - ok
    19:02:38.0741 4752 [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    19:02:38.0741 4752 TPCHSrv - ok
    19:02:38.0772 4752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    19:02:38.0788 4752 TrkWks - ok
    19:02:38.0897 4752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    19:02:38.0897 4752 TrustedInstaller - ok
    19:02:38.0960 4752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    19:02:38.0960 4752 tssecsrv - ok
    19:02:39.0006 4752 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    19:02:39.0006 4752 TsUsbFlt - ok
    19:02:39.0053 4752 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
    19:02:39.0053 4752 TsUsbGD - ok
    19:02:39.0162 4752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    19:02:39.0162 4752 tunnel - ok
    19:02:39.0256 4752 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    19:02:39.0272 4752 TVALZ - ok
    19:02:39.0350 4752 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    19:02:39.0350 4752 TVALZFL - ok
    19:02:39.0428 4752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
    19:02:39.0521 4752 uagp35 - ok
    19:02:39.0552 4752 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    19:02:39.0568 4752 udfs - ok
    19:02:40.0083 4752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    19:02:40.0332 4752 UI0Detect - ok
    19:02:40.0613 4752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    19:02:40.0613 4752 uliagpkx - ok
    19:02:40.0676 4752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
    19:02:40.0676 4752 umbus - ok
    19:02:40.0691 4752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
    19:02:40.0707 4752 UmPass - ok
    19:02:40.0785 4752 [ 182BBA1B43898D5DA0938D2E9A526B31 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    19:02:40.0800 4752 UNS - ok
    19:02:40.0894 4752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    19:02:40.0910 4752 upnphost - ok
    19:02:40.0956 4752 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    19:02:40.0956 4752 USBAAPL64 - ok
    19:02:41.0050 4752 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    19:02:41.0050 4752 usbccgp - ok
    19:02:41.0081 4752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    19:02:41.0081 4752 usbcir - ok
    19:02:41.0097 4752 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
    19:02:41.0097 4752 usbehci - ok
    19:02:41.0159 4752 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    19:02:41.0159 4752 usbhub - ok
    19:02:41.0190 4752 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    19:02:41.0190 4752 usbohci - ok
    19:02:41.0206 4752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    19:02:41.0206 4752 usbprint - ok
    19:02:41.0268 4752 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    19:02:41.0268 4752 USBSTOR - ok
    19:02:41.0300 4752 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    19:02:41.0300 4752 usbuhci - ok
    19:02:41.0362 4752 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
    19:02:41.0362 4752 usbvideo - ok
    19:02:41.0393 4752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    19:02:41.0409 4752 UxSms - ok
    19:02:41.0440 4752 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    19:02:41.0456 4752 VaultSvc - ok
    19:02:41.0534 4752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    19:02:41.0534 4752 vdrvroot - ok
    19:02:41.0596 4752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    19:02:41.0612 4752 vds - ok
    19:02:41.0658 4752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    19:02:41.0658 4752 vga - ok
    19:02:41.0705 4752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    19:02:41.0705 4752 VgaSave - ok
    19:02:41.0752 4752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    19:02:41.0752 4752 vhdmp - ok
    19:02:41.0799 4752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    19:02:41.0799 4752 viaide - ok
    19:02:41.0830 4752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    19:02:41.0830 4752 volmgr - ok
    19:02:41.0846 4752 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    19:02:41.0846 4752 volmgrx - ok
    19:02:41.0892 4752 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
    19:02:41.0892 4752 volsnap - ok
    19:02:42.0048 4752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
    19:02:42.0064 4752 vsmraid - ok
    19:02:42.0298 4752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    19:02:42.0360 4752 VSS - ok
    19:02:42.0376 4752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    19:02:42.0392 4752 vwifibus - ok
    19:02:42.0423 4752 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    19:02:42.0438 4752 vwififlt - ok
    19:02:42.0454 4752 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    19:02:42.0454 4752 vwifimp - ok
    19:02:42.0563 4752 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    19:02:42.0579 4752 W32Time - ok
    19:02:42.0610 4752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
    19:02:42.0610 4752 WacomPen - ok
    19:02:42.0719 4752 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    19:02:42.0719 4752 WANARP - ok
    19:02:42.0735 4752 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    19:02:42.0735 4752 Wanarpv6 - ok
    19:02:42.0828 4752 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    19:02:42.0860 4752 wbengine - ok
    19:02:42.0891 4752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    19:02:42.0906 4752 WbioSrvc - ok
    19:02:42.0953 4752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    19:02:42.0969 4752 wcncsvc - ok
    19:02:42.0984 4752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    19:02:42.0984 4752 WcsPlugInService - ok
    19:02:43.0016 4752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
    19:02:43.0016 4752 Wd - ok
    19:02:43.0094 4752 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    19:02:43.0109 4752 Wdf01000 - ok
    19:02:43.0140 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    19:02:43.0156 4752 WdiServiceHost - ok
    19:02:43.0172 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    19:02:43.0187 4752 WdiSystemHost - ok
    19:02:43.0203 4752 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    19:02:43.0203 4752 WebClient - ok
    19:02:43.0234 4752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    19:02:43.0250 4752 Wecsvc - ok
    19:02:43.0265 4752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    19:02:43.0281 4752 wercplsupport - ok
    19:02:43.0328 4752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    19:02:43.0343 4752 WerSvc - ok
    19:02:43.0390 4752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    19:02:43.0390 4752 WfpLwf - ok
    19:02:43.0468 4752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    19:02:43.0468 4752 WIMMount - ok
    19:02:43.0484 4752 WinHttpAutoProxySvc - ok
    19:02:43.0593 4752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    19:02:43.0593 4752 Winmgmt - ok
    19:02:43.0827 4752 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    19:02:43.0905 4752 WinRM - ok
    19:02:44.0170 4752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    19:02:44.0201 4752 Wlansvc - ok
    19:02:44.0357 4752 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:02:44.0388 4752 wlidsvc - ok
    19:02:44.0435 4752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    19:02:44.0435 4752 WmiAcpi - ok
    19:02:44.0466 4752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    19:02:44.0482 4752 wmiApSrv - ok
    19:02:44.0498 4752 WMPNetworkSvc - ok
    19:02:44.0544 4752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    19:02:44.0560 4752 WPCSvc - ok
    19:02:44.0576 4752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    19:02:44.0591 4752 WPDBusEnum - ok
    19:02:44.0622 4752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    19:02:44.0622 4752 ws2ifsl - ok
    19:02:44.0638 4752 WSearch - ok
    19:02:44.0669 4752 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    19:02:44.0669 4752 WudfPf - ok
    19:02:44.0747 4752 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    19:02:44.0747 4752 WUDFRd - ok
    19:02:44.0794 4752 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    19:02:44.0810 4752 wudfsvc - ok
    19:02:44.0841 4752 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll
    19:02:44.0856 4752 WwanSvc - ok
    19:02:44.0919 4752 ================ Scan global ===============================
    19:02:44.0966 4752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    19:02:44.0981 4752 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
    19:02:45.0012 4752 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
    19:02:45.0059 4752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    19:02:45.0106 4752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    19:02:45.0122 4752 [Global] - ok
    19:02:45.0122 4752 ================ Scan MBR ==================================
    19:02:45.0137 4752 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    19:02:45.0137 4752 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    19:02:45.0184 4752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    19:02:45.0184 4752 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    19:02:45.0200 4752 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    19:02:45.0215 4752 \Device\Harddisk1\DR1 - ok
    19:02:45.0215 4752 ================ Scan VBR ==================================
    19:02:45.0231 4752 [ C49DC14E4097517961D5F1D492321971 ] \Device\Harddisk0\DR0\Partition1
    19:02:45.0231 4752 \Device\Harddisk0\DR0\Partition1 - ok
    19:02:45.0246 4752 [ 252813F63EB94AC6850C0DE336DB03F0 ] \Device\Harddisk1\DR1\Partition1
    19:02:45.0246 4752 \Device\Harddisk1\DR1\Partition1 - ok
    19:02:45.0246 4752 ============================================================
    19:02:45.0246 4752 Scan finished
    19:02:45.0246 4752 ============================================================
    19:02:45.0262 1264 Detected object count: 1
    19:02:45.0262 1264 Actual detected object count: 1
    19:02:54.0856 1264 \Device\Harddisk0\DR0\# - copied to quarantine
    19:02:54.0887 1264 \Device\Harddisk0\DR0 - copied to quarantine
    19:02:54.0950 1264 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    19:02:54.0997 1264 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    19:02:55.0022 1264 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    19:03:00.0889 1264 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    19:03:00.0932 1264 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    19:03:02.0706 1264 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    19:03:05.0195 1264 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    19:03:05.0195 1264 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    19:03:05.0195 1264 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    19:03:05.0195 1264 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    19:03:05.0225 1264 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    19:03:05.0256 1264 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    19:03:05.0256 1264 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    19:03:05.0256 1264 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    19:03:05.0271 1264 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    19:03:05.0315 1264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    19:03:05.0315 1264 \Device\Harddisk0\DR0 - ok
    19:03:05.0501 1264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    19:03:17.0576 4032 Deinitialize success

    Second:
    19:04:47.0990 3892 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    19:04:48.0442 3892 ============================================================
    19:04:48.0442 3892 Current date / time: 2012/11/13 19:04:48.0442
    19:04:48.0442 3892 SystemInfo:
    19:04:48.0442 3892
    19:04:48.0442 3892 OS Version: 6.1.7601 ServicePack: 1.0
    19:04:48.0442 3892 Product type: Workstation
    19:04:48.0442 3892 ComputerName: EVA
    19:04:48.0458 3892 UserName: Eva White
    19:04:48.0458 3892 Windows directory: C:\windows
    19:04:48.0458 3892 System windows directory: C:\windows
    19:04:48.0458 3892 Running under WOW64
    19:04:48.0458 3892 Processor architecture: Intel x64
    19:04:48.0458 3892 Number of processors: 2
    19:04:48.0458 3892 Page size: 0x1000
    19:04:48.0458 3892 Boot type: Normal boot
    19:04:48.0458 3892 ============================================================
    19:04:49.0098 3892 BG loaded
    19:04:50.0408 3892 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:04:50.0408 3892 Drive \Device\Harddisk1\DR1 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    19:04:50.0408 3892 ============================================================
    19:04:50.0408 3892 \Device\Harddisk0\DR0:
    19:04:50.0408 3892 MBR partitions:
    19:04:50.0408 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48AD5800
    19:04:50.0408 3892 \Device\Harddisk1\DR1:
    19:04:50.0408 3892 MBR partitions:
    19:04:50.0408 3892 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
    19:04:50.0408 3892 ============================================================
    19:04:50.0470 3892 C: <-> \Device\Harddisk0\DR0\Partition1
    19:04:50.0470 3892 ============================================================
    19:04:50.0470 3892 Initialize success
    19:04:50.0470 3892 ============================================================
     
  13. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Good :)

    Re-run MBAM one more time and post new log.

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===========================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  14. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    I will take care of that tomorrow or Friday at the latest.
     
  15. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    OK...
     
  16. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    Make that Saturday evening, sir, I am sorry for the delay, but I am not yet finished, and I am too tired to do the rest of the items on your list.
     
  17. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    That's fine :)
     
  18. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    I'll be running the last two scans tonight/tomorrow. Please stay pending for the logs.
     
  19. Broni

    Broni Malware Annihilator Posts: 48,011   +271

  20. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    MBAM:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.10.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Eva White :: EVA [administrator]

    11/18/2012 8:26:49 PM
    mbam-log-2012-11-18 (20-26-49).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 325522
    Time elapsed: 34 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  21. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Go on...
     
  22. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    This was before I hit delete - Just skip over this report and onto the next reply.

    RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Eva White [Admin rights]
    Mode : Scan -- Date : 11/19/2012 19:55:16

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2869826210-3714172475-4123464501-1000\$f4e27e32d5b5bc8261cb000bef51340d\n.) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\n.) -> FOUND
    [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\n.) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\@ --> FOUND
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2869826210-3714172475-4123464501-1000\$f4e27e32d5b5bc8261cb000bef51340d\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\U --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2869826210-3714172475-4123464501-1000\$f4e27e32d5b5bc8261cb000bef51340d\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\L --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2869826210-3714172475-4123464501-1000\$f4e27e32d5b5bc8261cb000bef51340d\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
    --- User ---
    [MBR] 13aea8d2c2c9ba8c809d92e86dca11c7
    [BSP] 05c9409824267c5a8e7f5ab337f2ced2 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 595371 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1222393856 | Size: 13608 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
    --- User ---
    [MBR] f9fea5fa2c02941e7b8826eb1f747bd8
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 38 | Size: 3827 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_11192012_02d1955.txt >>
    RKreport[1]_S_11192012_02d1955.txt
     
  23. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Eva White [Admin rights]
    Mode : Remove -- Date : 11/19/2012 19:59:18

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2869826210-3714172475-4123464501-1000\$f4e27e32d5b5bc8261cb000bef51340d\n.) -> REPLACED (C:\windows\system32\shell32.dll)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\n.) -> REPLACED (C:\windows\system32\wbem\fastprox.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\@ --> REMOVED
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2869826210-3714172475-4123464501-1000\$f4e27e32d5b5bc8261cb000bef51340d\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2869826210-3714172475-4123464501-1000\$f4e27e32d5b5bc8261cb000bef51340d\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$f4e27e32d5b5bc8261cb000bef51340d\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2869826210-3714172475-4123464501-1000\$f4e27e32d5b5bc8261cb000bef51340d\L --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
    --- User ---
    [MBR] 13aea8d2c2c9ba8c809d92e86dca11c7
    [BSP] 05c9409824267c5a8e7f5ab337f2ced2 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 595371 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1222393856 | Size: 13608 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11192012_02d1959.txt >>
    RKreport[1]_S_11192012_02d1955.txt ; RKreport[2]_D_11192012_02d1959.txt
     
  24. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-19 20:02:45
    -----------------------------
    20:02:45.298 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:02:45.298 Number of processors: 2 586 0x2A07
    20:02:45.298 ComputerName: EVA UserName:
    20:02:46.686 Initialize success
    20:02:46.811 AVAST engine defs: 12111901
    20:02:56.016 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:02:56.016 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
    20:02:56.032 Disk 0 MBR read successfully
    20:02:56.047 Disk 0 MBR scan
    20:02:56.047 Disk 0 Windows VISTA default MBR code
    20:02:56.063 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    20:02:56.094 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595371 MB offset 3074048
    20:02:56.141 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13608 MB offset 1222393856
    20:02:56.188 Disk 0 scanning C:\windows\system32\drivers
    20:03:02.927 Service scanning
    20:03:28.636 Modules scanning
    20:03:28.651 Disk 0 trace - called modules:
    20:03:28.714 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    20:03:28.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f27060]
    20:03:28.745 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004eb6050]
    20:03:29.478 AVAST engine scan C:\windows
    20:03:31.522 AVAST engine scan C:\windows\system32
    20:05:07.602 AVAST engine scan C:\windows\system32\drivers
    20:05:15.636 AVAST engine scan C:\Users\Eva White
    20:10:06.265 AVAST engine scan C:\ProgramData
    20:10:40.679 Scan finished successfully
    03:37:33.773 Disk 0 MBR has been saved successfully to "E:\White 4108813013\TECH\Logs\aswMBR\MBR.dat"
    03:37:33.773 The log file has been saved successfully to "E:\White 4108813013\TECH\Logs\aswMBR\aswMBR.txt"
     
  25. Perfectionistic

    Perfectionistic TS Rookie Topic Starter Posts: 42

    Also, There is a TOSHIBA Service Station 2.2.13 software update that wished to commence:
    BIOS version 6.30 for Satellite C855/L855/S855
    TOSHIBA Media Controller Plug-in (64-bit)

    Should I install these now or wait until we are finished fixing the malware?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.