Jump to content

Infected with trojan.dropper.bcminer


Recommended Posts

Hello,

When I scan my computer with Malwarebytes this morning, I found a virus called: trojan.dropper.bcminer that suddenly appeared while I was browsing on the Internet with my Opera. So, i tried to removed it with Malwarebytes and then it ask me to restart the computer. When I have reboot the system, I re-scan and it was still here. So, I would need help from you guys to remove this malicious trojan. So,

So I have included the Mbam logs, the DDS logs, and the attach.txt

my mbam logs:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.30.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

shinyaku :: SHINYAKU-PC [administrator]

Protection: Enabled

30/05/2012 9:51:08 PM

mbam-log-2012-05-30 (21-51-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221869

Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

------------------------------------------------------------------------------------------------------------------------------------------

Here's the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by shinyaku at 22:39:25 on 2012-05-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4027.2276 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\SysWOW64\PnkBstrA.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\windows\notepad.exe

C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://accesd.desjardins.com

uWindow Title = Presented by TOSHIBA Leading Innovation >>>

uDefault_Page_URL = hxxp://www.toshiba.ca/welcome

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\452554E444E65647635323 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\6416170255 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\754564 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\C4964747C65635861627B6D27657563747 : DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\C696E6B6379737 : DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37

TCP: Interfaces\{D316E73B-430E-42A1-B495-7DCAB2257460} : DhcpNameServer = 24.48.19.13 24.202.72.13

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 BtHidBus;Bluetooth HID Bus Service;C:\windows\system32\Drivers\BtHidBus.sys --> C:\windows\system32\Drivers\BtHidBus.sys [?]

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-4-13 147563]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 cpuz135;cpuz135;\??\C:\windows\system32\drivers\cpuz135_x64.sys --> C:\windows\system32\drivers\cpuz135_x64.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-9 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-9-10 1604200]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-10 2320920]

R3 BTCOMBUS;Bluetooth Serial Port Bus Service;C:\windows\system32\Drivers\btcombus.sys --> C:\windows\system32\Drivers\btcombus.sys [?]

R3 btnetBUs;Bluetooth PAN Bus Service;C:\windows\system32\Drivers\btnetBus.sys --> C:\windows\system32\Drivers\btnetBus.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\windows\system32\Drivers\IvtBtBus.sys --> C:\windows\system32\Drivers\IvtBtBus.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-4 136176]

S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 253088]

S3 BTCOM;Bluetooth Serial port driver;C:\windows\system32\DRIVERS\btcomport.sys --> C:\windows\system32\DRIVERS\btcomport.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-4 136176]

S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-10 51512]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-30 02:38:37 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%

2012-05-30 01:04:55 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{217F587F-3C72-4EC5-BB64-5A42CE4B1B56}\mpengine.dll

2012-05-28 00:19:10 -------- d-----w- C:\Users\shinyaku\AppData\Local\{5FE63B01-60DF-41C4-9CAC-E3AC975F2D06}

2012-05-28 00:18:50 -------- d-----w- C:\Users\shinyaku\AppData\Local\{709ADB78-A976-415B-8A5B-4B2AE150BC09}

2012-05-26 11:08:07 -------- d-----w- C:\Users\shinyaku\AppData\Local\{D19C763B-466A-4A3E-88E1-312A08F83D58}

2012-05-24 02:00:20 -------- d-----w- C:\Users\shinyaku\AppData\Roaming\MozillaFirefox4.0

2012-05-24 01:27:29 -------- d-----w- C:\Users\shinyaku\AppData\Local\{AB3EE310-0B38-4C59-A210-AF54990D1E8B}

2012-05-24 01:27:18 -------- d-----w- C:\Users\shinyaku\AppData\Local\{50AABC69-3FCD-4C74-928E-3001A73D677D}

2012-05-21 02:21:16 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Defrag

2012-05-21 02:19:12 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2012-05-12 00:15:53 -------- d-----w- C:\Users\shinyaku\AppData\Local\{F81873AA-F52A-4581-81B3-3E22402ACED4}

2012-05-12 00:15:31 -------- d-----w- C:\Users\shinyaku\AppData\Local\{74D45B75-B12E-46A2-8E6D-594166D7794E}

2012-05-09 11:51:02 -------- d-----w- C:\Users\shinyaku\AppData\Local\{111B10F8-D81F-4B86-A9C5-0AF57CDD1868}

2012-05-07 23:22:39 -------- d--h--w- C:\Users\shinyaku\AppData\Roaming\explorateur

2012-05-07 23:21:40 -------- d-----w- C:\Users\shinyaku\AppData\Roaming\Ohqu

2012-05-07 23:21:40 -------- d-----w- C:\Users\shinyaku\AppData\Roaming\Atoc

2012-05-05 23:56:04 544032 ----a-w- C:\windows\System32\npdeployJava1.dll

2012-05-05 23:56:04 525600 ----a-w- C:\windows\System32\deployJava1.dll

2012-05-05 23:46:04 -------- d-----w- C:\Users\shinyaku\AppData\Roaming\.minecraft

2012-05-05 00:01:54 -------- d-----w- C:\Users\shinyaku\AppData\Local\{03374D29-C759-4D8F-9634-A4D5C80FEB73}

2012-05-05 00:01:43 -------- d-----w- C:\Users\shinyaku\AppData\Local\{41467F22-9A39-47D6-B523-350A99813E8D}

2012-05-05 00:01:12 -------- d-----w- C:\windows\en

2012-05-04 23:56:35 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89a9d7641cd2a5101\DSETUP.dll

2012-05-04 23:56:35 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89a9d7641cd2a5101\DXSETUP.exe

2012-05-04 23:56:35 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89a9d7641cd2a5101\dsetup32.dll

2012-05-04 23:55:28 -------- d-----w- C:\Users\shinyaku\AppData\Local\{2BD274BD-C95C-46F6-958A-787132128511}

2012-05-04 23:55:05 -------- d-----w- C:\Users\shinyaku\AppData\Local\{324D565A-C822-4FAA-B7B0-9F5CF78B21C6}

.

==================== Find3M ====================

.

2012-04-17 11:38:55 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-17 11:38:55 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-31 12:22:38 234536 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr

2012-03-31 12:22:38 234536 ----a-w- C:\windows\SysWow64\PnkBstrB.exe

2012-03-31 12:22:33 75064 ----a-w- C:\windows\SysWow64\PnkBstrA.exe

2012-03-31 06:05:57 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-03-31 04:39:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10:03 3146240 ----a-w- C:\windows\System32\win32k.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-03-17 07:58:57 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys

2012-03-08 22:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll

2012-03-08 22:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR

2012-03-03 06:35:38 1544704 ----a-w- C:\windows\System32\DWrite.dll

2012-03-03 05:31:19 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

.

============= FINISH: 22:40:40.90 ===============

Attach.txt

Link to post
Share on other sites
  • Replies 74
  • Created
  • Last Reply

Top Posters In This Topic

Hi stuck and Welcome to Malwarebytes

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer

Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. After we clean your PC. I'll recommend a free one.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Then:
    Double click on Combo-Fix.exe & follow the prompts.
    Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

cf1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Okay, I've download the Combofix to my desktop from the first link and rename it as Combo-Fix. I've disable the malwarebytes free trial protection since I don't have other protection. I tried to go to the Windows 7 Firewall option, but it seems that I can't enable or disable it.

It says : There was an error opening the Windows Firewall with Advanced Security Snap-in

The Windows Firewall with Advanced Security Snap-in fail to load. Restart the Windows Firewall service on the computer that you are managing. Error code: 0x6D9

I've tried to run the combofix, it extracts all the file but...that's all. It didn't ask me anything.

Did I did something wrong? Thanks for the help.

Link to post
Share on other sites

Hi,

No need to disable your Firewall. As for ComboFix. Please do the following:

Please copy and paste this post to a new text document or print it for reference later.

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Log into an account with administrative priviliges.

Run ComboFix as the first time you ran ComboFix

When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply

Link to post
Share on other sites

Hi, I've restarted my computer into safe mode. I've run the Combo-fix and all it does is extract some file and then it shuts down the browser and vanishes. :(

I've noticed those abnormality in my laptop: lost control over firewall security, sometime random webpage appears when I use Opera, can't use Combo-fix?

What should I do next?

Link to post
Share on other sites

I've just updated the Malwarebytes Anti Malware, and I've found 3 threats now instead of 1.

Here's my MBAM logs:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.01.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

shinyaku :: SHINYAKU-PC [administrator]

Protection: Enabled

31/05/2012 11:01:37 PM

mbam-log-2012-05-31 (23-01-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222127

Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Users\shinyaku\AppData\Local\Temp\bcwext.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\shinyaku\AppData\Local\Temp\bcwext.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

We have a Trojan downloader and it added some infected items.

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

here's the log for TDSSKiller:

21:31:27.0810 5012 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

21:31:28.0075 5012 ============================================================

21:31:28.0075 5012 Current date / time: 2012/06/01 21:31:28.0075

21:31:28.0075 5012 SystemInfo:

21:31:28.0075 5012

21:31:28.0075 5012 OS Version: 6.1.7601 ServicePack: 1.0

21:31:28.0075 5012 Product type: Workstation

21:31:28.0075 5012 ComputerName: SHINYAKU-PC

21:31:28.0075 5012 UserName: shinyaku

21:31:28.0075 5012 Windows directory: C:\windows

21:31:28.0075 5012 System windows directory: C:\windows

21:31:28.0075 5012 Running under WOW64

21:31:28.0075 5012 Processor architecture: Intel x64

21:31:28.0075 5012 Number of processors: 8

21:31:28.0075 5012 Page size: 0x1000

21:31:28.0075 5012 Boot type: Normal boot

21:31:28.0075 5012 ============================================================

21:31:28.0543 5012 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:31:28.0558 5012 ============================================================

21:31:28.0558 5012 \Device\Harddisk0\DR0:

21:31:28.0558 5012 MBR partitions:

21:31:28.0558 5012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x45F00000

21:31:28.0558 5012 ============================================================

21:31:28.0605 5012 C: <-> \Device\Harddisk0\DR0\Partition0

21:31:28.0605 5012 ============================================================

21:31:28.0605 5012 Initialize success

21:31:28.0605 5012 ============================================================

21:31:31.0697 4896 ============================================================

21:31:31.0697 4896 Scan started

21:31:31.0697 4896 Mode: Manual;

21:31:31.0697 4896 ============================================================

21:31:32.0103 4896 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

21:31:32.0103 4896 1394ohci - ok

21:31:32.0321 4896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

21:31:32.0321 4896 ACPI - ok

21:31:32.0353 4896 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys

21:31:32.0353 4896 acpials - ok

21:31:32.0446 4896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

21:31:32.0446 4896 AcpiPmi - ok

21:31:32.0680 4896 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:31:32.0680 4896 AdobeFlashPlayerUpdateSvc - ok

21:31:32.0736 4896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

21:31:32.0739 4896 adp94xx - ok

21:31:32.0794 4896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

21:31:32.0796 4896 adpahci - ok

21:31:32.0828 4896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

21:31:32.0828 4896 adpu320 - ok

21:31:32.0890 4896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

21:31:32.0890 4896 AeLookupSvc - ok

21:31:32.0968 4896 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

21:31:32.0984 4896 AFD - ok

21:31:33.0030 4896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

21:31:33.0030 4896 agp440 - ok

21:31:33.0093 4896 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

21:31:33.0093 4896 ALG - ok

21:31:33.0140 4896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

21:31:33.0140 4896 aliide - ok

21:31:33.0171 4896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

21:31:33.0171 4896 amdide - ok

21:31:33.0218 4896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

21:31:33.0218 4896 AmdK8 - ok

21:31:33.0296 4896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

21:31:33.0296 4896 AmdPPM - ok

21:31:33.0358 4896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

21:31:33.0358 4896 amdsata - ok

21:31:33.0420 4896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

21:31:33.0420 4896 amdsbs - ok

21:31:33.0483 4896 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

21:31:33.0483 4896 amdxata - ok

21:31:33.0530 4896 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

21:31:33.0530 4896 AppID - ok

21:31:33.0576 4896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

21:31:33.0576 4896 AppIDSvc - ok

21:31:33.0608 4896 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

21:31:33.0608 4896 Appinfo - ok

21:31:33.0686 4896 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

21:31:33.0686 4896 arc - ok

21:31:33.0701 4896 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

21:31:33.0732 4896 arcsas - ok

21:31:33.0966 4896 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:31:33.0966 4896 aspnet_state - ok

21:31:33.0982 4896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

21:31:33.0982 4896 AsyncMac - ok

21:31:33.0998 4896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

21:31:33.0998 4896 atapi - ok

21:31:34.0107 4896 atksgt (fc0e8778c000291caf60eb88c011e931) C:\windows\system32\DRIVERS\atksgt.sys

21:31:34.0107 4896 atksgt - ok

21:31:34.0200 4896 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

21:31:34.0200 4896 AudioEndpointBuilder - ok

21:31:34.0216 4896 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

21:31:34.0216 4896 AudioSrv - ok

21:31:34.0278 4896 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

21:31:34.0278 4896 AxInstSV - ok

21:31:34.0341 4896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

21:31:34.0341 4896 b06bdrv - ok

21:31:34.0403 4896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

21:31:34.0403 4896 b57nd60a - ok

21:31:34.0450 4896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

21:31:34.0450 4896 BDESVC - ok

21:31:34.0481 4896 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

21:31:34.0481 4896 Beep - ok

21:31:34.0637 4896 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

21:31:34.0637 4896 BITS - ok

21:31:34.0668 4896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

21:31:34.0668 4896 blbdrive - ok

21:31:34.0887 4896 BlueSoleilCS (d021770f596729c3fca2e73daae909e1) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

21:31:34.0887 4896 BlueSoleilCS - ok

21:31:34.0934 4896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

21:31:34.0934 4896 bowser - ok

21:31:34.0980 4896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

21:31:34.0980 4896 BrFiltLo - ok

21:31:34.0996 4896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

21:31:34.0996 4896 BrFiltUp - ok

21:31:35.0043 4896 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

21:31:35.0043 4896 BridgeMP - ok

21:31:35.0136 4896 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

21:31:35.0136 4896 Browser - ok

21:31:35.0183 4896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

21:31:35.0183 4896 Brserid - ok

21:31:35.0214 4896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

21:31:35.0214 4896 BrSerWdm - ok

21:31:35.0246 4896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

21:31:35.0246 4896 BrUsbMdm - ok

21:31:35.0261 4896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

21:31:35.0261 4896 BrUsbSer - ok

21:31:35.0464 4896 BsHelpCS (6f7a1dfe12ae44913b360f089977409b) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

21:31:35.0464 4896 BsHelpCS - ok

21:31:35.0542 4896 BsMobileCS (dfcba9b9dbed69bb4baf29c4b0cd75ed) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe

21:31:35.0542 4896 BsMobileCS - ok

21:31:35.0589 4896 BT (8cad77d0fd83819237bac6f365531d15) C:\windows\system32\DRIVERS\btnetdrv.sys

21:31:35.0589 4896 BT - ok

21:31:35.0636 4896 BTCOM (2f7a3b9d872397fbc8a672171d65448f) C:\windows\system32\DRIVERS\btcomport.sys

21:31:35.0636 4896 BTCOM - ok

21:31:35.0651 4896 BTCOMBUS (f8e0df79ecaaabc41be4b699bf64f96b) C:\windows\system32\Drivers\btcombus.sys

21:31:35.0651 4896 BTCOMBUS - ok

21:31:35.0667 4896 Btcsrusb (0a24821ce12b2cb5b711fbd69344e743) C:\windows\system32\Drivers\btcusb.sys

21:31:35.0667 4896 Btcsrusb - ok

21:31:35.0729 4896 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys

21:31:35.0729 4896 BthEnum - ok

21:31:35.0792 4896 BtHidBus (30b59c7b65092ea44c8668afeb47aaad) C:\windows\system32\Drivers\BtHidBus.sys

21:31:35.0792 4896 BtHidBus - ok

21:31:35.0838 4896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

21:31:35.0838 4896 BTHMODEM - ok

21:31:35.0916 4896 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

21:31:35.0916 4896 BthPan - ok

21:31:36.0041 4896 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys

21:31:36.0041 4896 BTHPORT - ok

21:31:36.0072 4896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

21:31:36.0072 4896 bthserv - ok

21:31:36.0150 4896 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys

21:31:36.0150 4896 BTHUSB - ok

21:31:36.0228 4896 btnetBUs (c0d50877bb7ec88a953a2a56cef170fa) C:\windows\system32\Drivers\btnetBus.sys

21:31:36.0228 4896 btnetBUs - ok

21:31:36.0291 4896 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

21:31:36.0291 4896 cdfs - ok

21:31:36.0338 4896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

21:31:36.0338 4896 cdrom - ok

21:31:36.0431 4896 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

21:31:36.0431 4896 CertPropSvc - ok

21:31:36.0603 4896 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

21:31:36.0603 4896 cfWiMAXService - ok

21:31:36.0665 4896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

21:31:36.0665 4896 circlass - ok

21:31:36.0712 4896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

21:31:36.0728 4896 CLFS - ok

21:31:36.0852 4896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:31:36.0868 4896 clr_optimization_v2.0.50727_32 - ok

21:31:37.0055 4896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:31:37.0055 4896 clr_optimization_v2.0.50727_64 - ok

21:31:37.0196 4896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:31:37.0211 4896 clr_optimization_v4.0.30319_32 - ok

21:31:37.0274 4896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:31:37.0274 4896 clr_optimization_v4.0.30319_64 - ok

21:31:37.0305 4896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

21:31:37.0305 4896 CmBatt - ok

21:31:37.0352 4896 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

21:31:37.0352 4896 cmdide - ok

21:31:37.0414 4896 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

21:31:37.0414 4896 CNG - ok

21:31:37.0523 4896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

21:31:37.0523 4896 Compbatt - ok

21:31:37.0554 4896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

21:31:37.0554 4896 CompositeBus - ok

21:31:37.0570 4896 COMSysApp - ok

21:31:37.0726 4896 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

21:31:37.0726 4896 ConfigFree Service - ok

21:31:37.0788 4896 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\windows\system32\drivers\cpuz135_x64.sys

21:31:37.0788 4896 cpuz135 - ok

21:31:37.0851 4896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

21:31:37.0851 4896 crcdisk - ok

21:31:37.0882 4896 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

21:31:37.0882 4896 CryptSvc - ok

21:31:37.0944 4896 dc3d (76e02db615a03801d698199a2bc4a06a) C:\windows\system32\DRIVERS\dc3d.sys

21:31:37.0944 4896 dc3d - ok

21:31:38.0085 4896 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

21:31:38.0100 4896 DcomLaunch - ok

21:31:38.0147 4896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

21:31:38.0147 4896 defragsvc - ok

21:31:38.0194 4896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

21:31:38.0194 4896 DfsC - ok

21:31:38.0334 4896 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

21:31:38.0334 4896 Dhcp - ok

21:31:38.0366 4896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

21:31:38.0366 4896 discache - ok

21:31:38.0397 4896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

21:31:38.0397 4896 Disk - ok

21:31:38.0459 4896 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

21:31:38.0459 4896 Dnscache - ok

21:31:38.0506 4896 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

21:31:38.0506 4896 dot3svc - ok

21:31:38.0568 4896 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

21:31:38.0568 4896 DPS - ok

21:31:38.0615 4896 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

21:31:38.0615 4896 drmkaud - ok

21:31:38.0756 4896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

21:31:38.0771 4896 DXGKrnl - ok

21:31:38.0771 4896 EagleX64 - ok

21:31:38.0802 4896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

21:31:38.0802 4896 EapHost - ok

21:31:39.0146 4896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

21:31:39.0161 4896 ebdrv - ok

21:31:39.0317 4896 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

21:31:39.0317 4896 EFS - ok

21:31:39.0473 4896 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

21:31:39.0489 4896 ehRecvr - ok

21:31:39.0551 4896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

21:31:39.0551 4896 ehSched - ok

21:31:39.0743 4896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

21:31:39.0750 4896 elxstor - ok

21:31:39.0795 4896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

21:31:39.0795 4896 ErrDev - ok

21:31:39.0930 4896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

21:31:39.0930 4896 EventSystem - ok

21:31:39.0992 4896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

21:31:39.0992 4896 exfat - ok

21:31:40.0039 4896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

21:31:40.0039 4896 fastfat - ok

21:31:40.0273 4896 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

21:31:40.0273 4896 Fax - ok

21:31:40.0366 4896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

21:31:40.0366 4896 fdc - ok

21:31:40.0460 4896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

21:31:40.0460 4896 fdPHost - ok

21:31:40.0538 4896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

21:31:40.0538 4896 FDResPub - ok

21:31:40.0569 4896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

21:31:40.0569 4896 FileInfo - ok

21:31:40.0616 4896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

21:31:40.0616 4896 Filetrace - ok

21:31:40.0803 4896 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:31:40.0803 4896 FLEXnet Licensing Service - ok

21:31:40.0881 4896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

21:31:40.0881 4896 flpydisk - ok

21:31:40.0990 4896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

21:31:40.0990 4896 FltMgr - ok

21:31:41.0178 4896 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

21:31:41.0193 4896 FontCache - ok

21:31:41.0458 4896 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:31:41.0458 4896 FontCache3.0.0.0 - ok

21:31:41.0583 4896 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

21:31:41.0583 4896 FsDepends - ok

21:31:41.0614 4896 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

21:31:41.0614 4896 Fs_Rec - ok

21:31:41.0661 4896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

21:31:41.0677 4896 fvevol - ok

21:31:41.0708 4896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

21:31:41.0708 4896 gagp30kx - ok

21:31:41.0942 4896 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe

21:31:41.0958 4896 GameConsoleService - ok

21:31:42.0082 4896 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

21:31:42.0082 4896 gpsvc - ok

21:31:42.0223 4896 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:31:42.0223 4896 gupdate - ok

21:31:42.0223 4896 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:31:42.0223 4896 gupdatem - ok

21:31:42.0316 4896 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:31:42.0316 4896 gusvc - ok

21:31:42.0441 4896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

21:31:42.0441 4896 hcw85cir - ok

21:31:42.0519 4896 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

21:31:42.0519 4896 HdAudAddService - ok

21:31:42.0550 4896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

21:31:42.0550 4896 HDAudBus - ok

21:31:42.0566 4896 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

21:31:42.0566 4896 HECIx64 - ok

21:31:42.0644 4896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

21:31:42.0644 4896 HidBatt - ok

21:31:42.0691 4896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

21:31:42.0691 4896 HidBth - ok

21:31:42.0750 4896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

21:31:42.0752 4896 HidIr - ok

21:31:42.0842 4896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

21:31:42.0845 4896 hidserv - ok

21:31:42.0918 4896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

21:31:42.0918 4896 HidUsb - ok

21:31:42.0996 4896 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

21:31:43.0074 4896 hkmsvc - ok

21:31:43.0152 4896 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

21:31:43.0152 4896 HomeGroupListener - ok

21:31:43.0261 4896 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

21:31:43.0261 4896 HomeGroupProvider - ok

21:31:43.0308 4896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

21:31:43.0308 4896 HpSAMD - ok

21:31:43.0542 4896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

21:31:43.0542 4896 HTTP - ok

21:31:43.0729 4896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

21:31:43.0744 4896 hwpolicy - ok

21:31:43.0776 4896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

21:31:43.0776 4896 i8042prt - ok

21:31:43.0869 4896 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys

21:31:43.0885 4896 iaStor - ok

21:31:43.0932 4896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

21:31:43.0932 4896 iaStorV - ok

21:31:44.0181 4896 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:31:44.0181 4896 idsvc - ok

21:31:44.0244 4896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

21:31:44.0244 4896 iirsp - ok

21:31:44.0446 4896 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

21:31:44.0446 4896 IKEEXT - ok

21:31:44.0883 4896 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys

21:31:44.0899 4896 IntcAzAudAddService - ok

21:31:45.0226 4896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

21:31:45.0226 4896 intelide - ok

21:31:45.0304 4896 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

21:31:45.0304 4896 intelppm - ok

21:31:45.0367 4896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

21:31:45.0367 4896 IPBusEnum - ok

21:31:45.0414 4896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

21:31:45.0429 4896 IpFilterDriver - ok

21:31:45.0554 4896 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

21:31:45.0554 4896 iphlpsvc - ok

21:31:45.0679 4896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

21:31:45.0679 4896 IPMIDRV - ok

21:31:45.0726 4896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

21:31:45.0726 4896 IPNAT - ok

21:31:45.0757 4896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

21:31:45.0757 4896 IRENUM - ok

21:31:45.0819 4896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

21:31:45.0819 4896 isapnp - ok

21:31:45.0960 4896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

21:31:45.0960 4896 iScsiPrt - ok

21:31:46.0053 4896 IvtBtBUs (c7b6be6bf2b5766648e232077e86b6a0) C:\windows\system32\Drivers\IvtBtBus.sys

21:31:46.0053 4896 IvtBtBUs - ok

21:31:46.0116 4896 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys

21:31:46.0116 4896 JMCR - ok

21:31:46.0162 4896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

21:31:46.0178 4896 kbdclass - ok

21:31:46.0272 4896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

21:31:46.0272 4896 kbdhid - ok

21:31:46.0365 4896 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:31:46.0365 4896 KeyIso - ok

21:31:46.0412 4896 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

21:31:46.0428 4896 KSecDD - ok

21:31:46.0459 4896 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

21:31:46.0459 4896 KSecPkg - ok

21:31:46.0584 4896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

21:31:46.0584 4896 ksthunk - ok

21:31:46.0630 4896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

21:31:46.0646 4896 KtmRm - ok

21:31:46.0724 4896 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

21:31:46.0724 4896 LanmanServer - ok

21:31:46.0786 4896 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

21:31:46.0786 4896 LanmanWorkstation - ok

21:31:46.0849 4896 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\windows\system32\DRIVERS\lirsgt.sys

21:31:46.0849 4896 lirsgt - ok

21:31:46.0896 4896 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

21:31:46.0896 4896 lltdio - ok

21:31:46.0974 4896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

21:31:46.0974 4896 lltdsvc - ok

21:31:47.0005 4896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

21:31:47.0005 4896 lmhosts - ok

21:31:47.0192 4896 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

21:31:47.0192 4896 LMS - ok

21:31:47.0223 4896 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys

21:31:47.0223 4896 LPCFilter - ok

21:31:47.0286 4896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

21:31:47.0301 4896 LSI_FC - ok

21:31:47.0332 4896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

21:31:47.0332 4896 LSI_SAS - ok

21:31:47.0395 4896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

21:31:47.0395 4896 LSI_SAS2 - ok

21:31:47.0426 4896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

21:31:47.0426 4896 LSI_SCSI - ok

21:31:47.0457 4896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

21:31:47.0457 4896 luafv - ok

21:31:47.0535 4896 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys

21:31:47.0535 4896 MBAMProtector - ok

21:31:47.0676 4896 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:31:47.0676 4896 MBAMService - ok

21:31:47.0754 4896 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys

21:31:47.0754 4896 mcdbus - ok

21:31:47.0832 4896 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

21:31:47.0832 4896 Mcx2Svc - ok

21:31:47.0863 4896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

21:31:47.0863 4896 megasas - ok

21:31:47.0925 4896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

21:31:47.0925 4896 MegaSR - ok

21:31:47.0988 4896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

21:31:48.0003 4896 MMCSS - ok

21:31:48.0034 4896 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

21:31:48.0034 4896 Modem - ok

21:31:48.0081 4896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

21:31:48.0081 4896 monitor - ok

21:31:48.0206 4896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

21:31:48.0206 4896 mouclass - ok

21:31:48.0253 4896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

21:31:48.0253 4896 mouhid - ok

21:31:48.0300 4896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

21:31:48.0300 4896 mountmgr - ok

21:31:48.0362 4896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

21:31:48.0362 4896 mpio - ok

21:31:48.0409 4896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

21:31:48.0409 4896 mpsdrv - ok

21:31:48.0799 4896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

21:31:48.0799 4896 MRxDAV - ok

21:31:48.0846 4896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

21:31:48.0846 4896 mrxsmb - ok

21:31:48.0939 4896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

21:31:48.0939 4896 mrxsmb10 - ok

21:31:48.0986 4896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

21:31:48.0986 4896 mrxsmb20 - ok

21:31:49.0048 4896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

21:31:49.0048 4896 msahci - ok

21:31:49.0111 4896 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

21:31:49.0111 4896 msdsm - ok

21:31:49.0236 4896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

21:31:49.0251 4896 MSDTC - ok

21:31:49.0298 4896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

21:31:49.0298 4896 Msfs - ok

21:31:49.0314 4896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

21:31:49.0314 4896 mshidkmdf - ok

21:31:49.0392 4896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

21:31:49.0392 4896 msisadrv - ok

21:31:49.0454 4896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

21:31:49.0454 4896 MSiSCSI - ok

21:31:49.0470 4896 msiserver - ok

21:31:49.0501 4896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

21:31:49.0501 4896 MSKSSRV - ok

21:31:49.0532 4896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

21:31:49.0532 4896 MSPCLOCK - ok

21:31:49.0563 4896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

21:31:49.0563 4896 MSPQM - ok

21:31:49.0719 4896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

21:31:49.0737 4896 MsRPC - ok

21:31:49.0792 4896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

21:31:49.0792 4896 mssmbios - ok

21:31:49.0830 4896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

21:31:49.0830 4896 MSTEE - ok

21:31:49.0847 4896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

21:31:49.0847 4896 MTConfig - ok

21:31:49.0875 4896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

21:31:49.0877 4896 Mup - ok

21:31:49.0965 4896 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

21:31:49.0972 4896 napagent - ok

21:31:50.0090 4896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

21:31:50.0092 4896 NativeWifiP - ok

21:31:50.0237 4896 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

21:31:50.0237 4896 NDIS - ok

21:31:50.0283 4896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

21:31:50.0283 4896 NdisCap - ok

21:31:50.0299 4896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

21:31:50.0299 4896 NdisTapi - ok

21:31:50.0377 4896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

21:31:50.0377 4896 Ndisuio - ok

21:31:50.0455 4896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

21:31:50.0471 4896 NdisWan - ok

21:31:50.0517 4896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

21:31:50.0517 4896 NDProxy - ok

21:31:50.0564 4896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

21:31:50.0564 4896 NetBIOS - ok

21:31:50.0595 4896 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

21:31:50.0611 4896 NetBT - ok

21:31:50.0642 4896 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:31:50.0642 4896 Netlogon - ok

21:31:50.0720 4896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

21:31:50.0720 4896 Netman - ok

21:31:50.0970 4896 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:31:50.0970 4896 NetMsmqActivator - ok

21:31:50.0985 4896 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:31:50.0985 4896 NetPipeActivator - ok

21:31:51.0110 4896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

21:31:51.0126 4896 netprofm - ok

21:31:51.0126 4896 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:31:51.0126 4896 NetTcpActivator - ok

21:31:51.0126 4896 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:31:51.0126 4896 NetTcpPortSharing - ok

21:31:51.0235 4896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

21:31:51.0235 4896 nfrd960 - ok

21:31:51.0360 4896 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

21:31:51.0360 4896 NlaSvc - ok

21:31:51.0407 4896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

21:31:51.0407 4896 Npfs - ok

21:31:51.0469 4896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

21:31:51.0469 4896 nsi - ok

21:31:51.0500 4896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

21:31:51.0500 4896 nsiproxy - ok

21:31:51.0687 4896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

21:31:51.0703 4896 Ntfs - ok

21:31:51.0812 4896 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\windows\system32\DRIVERS\NuidFltr.sys

21:31:51.0812 4896 NuidFltr - ok

21:31:51.0843 4896 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

21:31:51.0843 4896 Null - ok

21:31:51.0890 4896 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\windows\system32\drivers\nvhda64v.sys

21:31:51.0890 4896 NVHDA - ok

21:31:54.0331 4896 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\windows\system32\DRIVERS\nvlddmkm.sys

21:31:54.0409 4896 nvlddmkm - ok

21:31:54.0690 4896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

21:31:54.0690 4896 nvraid - ok

21:31:54.0737 4896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

21:31:54.0737 4896 nvstor - ok

21:31:54.0846 4896 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\windows\system32\nvvsvc.exe

21:31:54.0846 4896 nvsvc - ok

21:31:55.0158 4896 nvUpdatusService (18f1906bfe993ead51200e3195b3d6e2) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

21:31:55.0173 4896 nvUpdatusService - ok

21:31:55.0361 4896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

21:31:55.0361 4896 nv_agp - ok

21:31:55.0548 4896 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:31:55.0563 4896 odserv - ok

21:31:55.0673 4896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

21:31:55.0673 4896 ohci1394 - ok

21:31:55.0766 4896 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:31:55.0766 4896 ose - ok

21:31:55.0844 4896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

21:31:55.0844 4896 p2pimsvc - ok

21:31:55.0953 4896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

21:31:55.0953 4896 p2psvc - ok

21:31:56.0063 4896 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

21:31:56.0063 4896 Parport - ok

21:31:56.0109 4896 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

21:31:56.0109 4896 partmgr - ok

21:31:56.0203 4896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

21:31:56.0203 4896 PcaSvc - ok

21:31:56.0234 4896 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\windows\system32\DRIVERS\pccsmcfdx64.sys

21:31:56.0234 4896 pccsmcfd - ok

21:31:56.0312 4896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

21:31:56.0312 4896 pci - ok

21:31:56.0359 4896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

21:31:56.0359 4896 pciide - ok

21:31:56.0499 4896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

21:31:56.0499 4896 pcmcia - ok

21:31:56.0515 4896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

21:31:56.0515 4896 pcw - ok

21:31:56.0577 4896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

21:31:56.0577 4896 PEAUTH - ok

21:31:56.0765 4896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

21:31:56.0765 4896 PerfHost - ok

21:31:56.0858 4896 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

21:31:56.0858 4896 PGEffect - ok

21:31:57.0123 4896 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

21:31:57.0139 4896 pla - ok

21:31:57.0217 4896 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

21:31:57.0233 4896 PlugPlay - ok

21:31:57.0233 4896 PnkBstrA - ok

21:31:57.0295 4896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

21:31:57.0295 4896 PNRPAutoReg - ok

21:31:57.0357 4896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

21:31:57.0357 4896 PNRPsvc - ok

21:31:57.0404 4896 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

21:31:57.0420 4896 PolicyAgent - ok

21:31:57.0498 4896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

21:31:57.0498 4896 Power - ok

21:31:57.0638 4896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

21:31:57.0638 4896 PptpMiniport - ok

21:31:57.0716 4896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

21:31:57.0716 4896 Processor - ok

21:31:57.0825 4896 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

21:31:57.0825 4896 ProfSvc - ok

21:31:57.0857 4896 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:31:57.0857 4896 ProtectedStorage - ok

21:31:57.0903 4896 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

21:31:57.0903 4896 Psched - ok

21:31:58.0184 4896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

21:31:58.0200 4896 ql2300 - ok

21:31:58.0481 4896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

21:31:58.0481 4896 ql40xx - ok

21:31:58.0543 4896 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

21:31:58.0543 4896 QWAVE - ok

21:31:58.0574 4896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

21:31:58.0574 4896 QWAVEdrv - ok

21:31:58.0605 4896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

21:31:58.0605 4896 RasAcd - ok

21:31:58.0637 4896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

21:31:58.0637 4896 RasAgileVpn - ok

21:31:58.0699 4896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

21:31:58.0699 4896 RasAuto - ok

21:31:58.0761 4896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

21:31:58.0777 4896 Rasl2tp - ok

21:31:58.0839 4896 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

21:31:58.0839 4896 RasMan - ok

21:31:58.0949 4896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

21:31:58.0949 4896 RasPppoe - ok

21:31:58.0980 4896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

21:31:58.0980 4896 RasSstp - ok

21:31:59.0073 4896 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

21:31:59.0089 4896 rdbss - ok

21:31:59.0151 4896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

21:31:59.0151 4896 rdpbus - ok

21:31:59.0167 4896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

21:31:59.0167 4896 RDPCDD - ok

21:31:59.0245 4896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

21:31:59.0245 4896 RDPENCDD - ok

21:31:59.0276 4896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

21:31:59.0276 4896 RDPREFMP - ok

21:31:59.0323 4896 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

21:31:59.0323 4896 RDPWD - ok

21:31:59.0401 4896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

21:31:59.0401 4896 rdyboost - ok

21:31:59.0463 4896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

21:31:59.0463 4896 RemoteAccess - ok

21:31:59.0541 4896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

21:31:59.0541 4896 RemoteRegistry - ok

21:31:59.0651 4896 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

21:31:59.0666 4896 RFCOMM - ok

21:31:59.0791 4896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

21:31:59.0791 4896 RpcEptMapper - ok

21:31:59.0838 4896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

21:31:59.0838 4896 RpcLocator - ok

21:31:59.0994 4896 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

21:31:59.0994 4896 RpcSs - ok

21:32:00.0041 4896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

21:32:00.0041 4896 rspndr - ok

21:32:00.0165 4896 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys

21:32:00.0181 4896 RTL8167 - ok

21:32:00.0431 4896 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys

21:32:00.0431 4896 rtl8192se - ok

21:32:00.0477 4896 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:32:00.0477 4896 SamSs - ok

21:32:00.0493 4896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

21:32:00.0493 4896 sbp2port - ok

21:32:00.0649 4896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

21:32:00.0665 4896 SCardSvr - ok

21:32:00.0696 4896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

21:32:00.0696 4896 scfilter - ok

21:32:00.0992 4896 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

21:32:01.0008 4896 Schedule - ok

21:32:01.0055 4896 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

21:32:01.0055 4896 SCPolicySvc - ok

21:32:01.0133 4896 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys

21:32:01.0133 4896 sdbus - ok

21:32:01.0195 4896 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

21:32:01.0195 4896 SDRSVC - ok

21:32:01.0257 4896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

21:32:01.0257 4896 secdrv - ok

21:32:01.0320 4896 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

21:32:01.0320 4896 seclogon - ok

21:32:01.0351 4896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

21:32:01.0351 4896 SENS - ok

21:32:01.0398 4896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

21:32:01.0398 4896 SensrSvc - ok

21:32:01.0445 4896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

21:32:01.0445 4896 Serenum - ok

21:32:01.0476 4896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

21:32:01.0476 4896 Serial - ok

21:32:01.0507 4896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

21:32:01.0507 4896 sermouse - ok

21:32:01.0710 4896 ServiceLayer (3334de016fdcde5c98e30a405a72dd8d) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

21:32:01.0710 4896 ServiceLayer - ok

21:32:01.0772 4896 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

21:32:01.0788 4896 SessionEnv - ok

21:32:01.0850 4896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

21:32:01.0850 4896 sffdisk - ok

21:32:01.0881 4896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

21:32:01.0881 4896 sffp_mmc - ok

21:32:01.0913 4896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

21:32:01.0913 4896 sffp_sd - ok

21:32:02.0022 4896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

21:32:02.0022 4896 sfloppy - ok

21:32:02.0240 4896 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

21:32:02.0256 4896 ShellHWDetection - ok

21:32:02.0303 4896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

21:32:02.0303 4896 SiSRaid2 - ok

21:32:02.0334 4896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

21:32:02.0334 4896 SiSRaid4 - ok

21:32:02.0381 4896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

21:32:02.0381 4896 Smb - ok

21:32:02.0427 4896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

21:32:02.0443 4896 SNMPTRAP - ok

21:32:02.0552 4896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

21:32:02.0552 4896 spldr - ok

21:32:02.0693 4896 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

21:32:02.0693 4896 Spooler - ok

21:32:03.0098 4896 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

21:32:03.0114 4896 sppsvc - ok

21:32:03.0348 4896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

21:32:03.0348 4896 sppuinotify - ok

21:32:03.0738 4896 sptd (602884696850c86434530790b110e8eb) C:\windows\system32\Drivers\sptd.sys

21:32:03.0738 4896 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

21:32:03.0738 4896 sptd ( LockedFile.Multi.Generic ) - warning

21:32:03.0738 4896 sptd - detected LockedFile.Multi.Generic (1)

21:32:03.0800 4896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

21:32:03.0816 4896 srv - ok

21:32:03.0956 4896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

21:32:03.0956 4896 srv2 - ok

21:32:04.0050 4896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

21:32:04.0065 4896 srvnet - ok

21:32:04.0143 4896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

21:32:04.0143 4896 SSDPSRV - ok

21:32:04.0175 4896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

21:32:04.0175 4896 SstpSvc - ok

21:32:04.0221 4896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

21:32:04.0221 4896 stexstor - ok

21:32:04.0409 4896 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

21:32:04.0409 4896 stisvc - ok

21:32:04.0471 4896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

21:32:04.0471 4896 swenum - ok

21:32:04.0689 4896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

21:32:04.0705 4896 swprv - ok

21:32:04.0814 4896 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

21:32:04.0830 4896 SynTP - ok

21:32:05.0142 4896 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

21:32:05.0157 4896 SysMain - ok

21:32:05.0391 4896 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

21:32:05.0407 4896 TabletInputService - ok

21:32:05.0454 4896 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

21:32:05.0454 4896 TapiSrv - ok

21:32:05.0547 4896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

21:32:05.0547 4896 TBS - ok

21:32:05.0875 4896 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

21:32:05.0891 4896 Tcpip - ok

21:32:06.0686 4896 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

21:32:06.0686 4896 TCPIP6 - ok

21:32:06.0983 4896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

21:32:07.0014 4896 tcpipreg - ok

21:32:07.0076 4896 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

21:32:07.0076 4896 tdcmdpst - ok

21:32:07.0123 4896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

21:32:07.0123 4896 TDPIPE - ok

21:32:07.0217 4896 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

21:32:07.0217 4896 TDTCP - ok

21:32:07.0388 4896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

21:32:07.0388 4896 tdx - ok

21:32:07.0513 4896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

21:32:07.0513 4896 TermDD - ok

21:32:07.0638 4896 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

21:32:07.0654 4896 TermService - ok

21:32:07.0747 4896 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

21:32:07.0747 4896 Themes - ok

21:32:07.0794 4896 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

21:32:07.0794 4896 Thpdrv - ok

21:32:07.0934 4896 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

21:32:07.0934 4896 Thpevm - ok

21:32:08.0137 4896 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe

21:32:08.0137 4896 Thpsrv - ok

21:32:08.0184 4896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

21:32:08.0184 4896 THREADORDER - ok

21:32:08.0309 4896 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

21:32:08.0309 4896 TMachInfo - ok

21:32:08.0371 4896 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe

21:32:08.0387 4896 TODDSrv - ok

21:32:08.0496 4896 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

21:32:08.0512 4896 TosCoSrv - ok

21:32:08.0605 4896 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe

21:32:08.0605 4896 TOSHIBA eco Utility Service - ok

21:32:08.0683 4896 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

21:32:08.0683 4896 TOSHIBA HDD SSD Alert Service - ok

21:32:08.0808 4896 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

21:32:08.0808 4896 tos_sps64 - ok

21:32:08.0917 4896 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

21:32:08.0933 4896 TPCHSrv - ok

21:32:09.0042 4896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

21:32:09.0058 4896 TrkWks - ok

21:32:09.0151 4896 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

21:32:09.0151 4896 TrustedInstaller - ok

21:32:09.0229 4896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

21:32:09.0229 4896 tssecsrv - ok

21:32:09.0276 4896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

21:32:09.0276 4896 TsUsbFlt - ok

21:32:09.0323 4896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

21:32:09.0323 4896 tunnel - ok

21:32:09.0370 4896 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

21:32:09.0370 4896 TVALZ - ok

21:32:09.0401 4896 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

21:32:09.0401 4896 TVALZFL - ok

21:32:09.0432 4896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

21:32:09.0432 4896 uagp35 - ok

21:32:09.0494 4896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

21:32:09.0494 4896 udfs - ok

21:32:09.0557 4896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

21:32:09.0557 4896 UI0Detect - ok

21:32:09.0588 4896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

21:32:09.0588 4896 uliagpkx - ok

21:32:09.0635 4896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

21:32:09.0635 4896 umbus - ok

21:32:09.0682 4896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

21:32:09.0682 4896 UmPass - ok

21:32:09.0931 4896 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

21:32:09.0947 4896 UNS - ok

21:32:10.0181 4896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

21:32:10.0181 4896 upnphost - ok

21:32:10.0274 4896 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

21:32:10.0274 4896 usbccgp - ok

21:32:10.0368 4896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

21:32:10.0368 4896 usbcir - ok

21:32:10.0462 4896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

21:32:10.0477 4896 usbehci - ok

21:32:10.0618 4896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

21:32:10.0618 4896 usbhub - ok

21:32:10.0680 4896 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

21:32:10.0680 4896 usbohci - ok

21:32:10.0727 4896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

21:32:10.0727 4896 usbprint - ok

21:32:10.0774 4896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

21:32:10.0774 4896 USBSTOR - ok

21:32:10.0836 4896 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

21:32:10.0836 4896 usbuhci - ok

21:32:10.0898 4896 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

21:32:10.0898 4896 usbvideo - ok

21:32:10.0976 4896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

21:32:10.0976 4896 UxSms - ok

21:32:11.0054 4896 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:32:11.0054 4896 VaultSvc - ok

21:32:11.0054 4896 VComm - ok

21:32:11.0070 4896 VcommMgr - ok

21:32:11.0117 4896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

21:32:11.0117 4896 vdrvroot - ok

21:32:11.0226 4896 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

21:32:11.0226 4896 vds - ok

21:32:11.0288 4896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

21:32:11.0288 4896 vga - ok

21:32:11.0320 4896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

21:32:11.0320 4896 VgaSave - ok

21:32:11.0460 4896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

21:32:11.0460 4896 vhdmp - ok

21:32:11.0554 4896 VHidMinidrv (24c101ae807c779a5cef0a9bf7888da7) C:\windows\system32\drivers\VHIDMini.sys

21:32:11.0554 4896 VHidMinidrv - ok

21:32:11.0678 4896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

21:32:11.0678 4896 viaide - ok

21:32:11.0772 4896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

21:32:11.0772 4896 volmgr - ok

21:32:11.0866 4896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

21:32:11.0866 4896 volmgrx - ok

21:32:11.0944 4896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

21:32:11.0944 4896 volsnap - ok

21:32:12.0022 4896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

21:32:12.0022 4896 vsmraid - ok

21:32:12.0427 4896 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

21:32:12.0443 4896 VSS - ok

21:32:12.0646 4896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

21:32:12.0646 4896 vwifibus - ok

21:32:12.0770 4896 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

21:32:12.0770 4896 vwififlt - ok

21:32:12.0833 4896 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

21:32:12.0833 4896 vwifimp - ok

21:32:12.0926 4896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

21:32:12.0942 4896 W32Time - ok

Link to post
Share on other sites

21:32:13.0004 4896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

21:32:13.0004 4896 WacomPen - ok

21:32:13.0082 4896 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

21:32:13.0082 4896 WANARP - ok

21:32:13.0098 4896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

21:32:13.0098 4896 Wanarpv6 - ok

21:32:13.0254 4896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

21:32:13.0270 4896 WatAdminSvc - ok

21:32:13.0582 4896 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

21:32:13.0597 4896 wbengine - ok

21:32:13.0784 4896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

21:32:13.0800 4896 WbioSrvc - ok

21:32:13.0972 4896 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

21:32:13.0987 4896 wcncsvc - ok

21:32:14.0065 4896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

21:32:14.0065 4896 WcsPlugInService - ok

21:32:14.0252 4896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

21:32:14.0252 4896 Wd - ok

21:32:14.0408 4896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

21:32:14.0408 4896 Wdf01000 - ok

21:32:14.0549 4896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

21:32:14.0549 4896 WdiServiceHost - ok

21:32:14.0564 4896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

21:32:14.0564 4896 WdiSystemHost - ok

21:32:14.0689 4896 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

21:32:14.0689 4896 WebClient - ok

21:32:14.0798 4896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

21:32:14.0798 4896 Wecsvc - ok

21:32:14.0861 4896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

21:32:14.0861 4896 wercplsupport - ok

21:32:14.0970 4896 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

21:32:14.0970 4896 WerSvc - ok

21:32:15.0126 4896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

21:32:15.0126 4896 WfpLwf - ok

21:32:15.0157 4896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

21:32:15.0157 4896 WIMMount - ok

21:32:15.0313 4896 WinDefend - ok

21:32:15.0329 4896 WinHttpAutoProxySvc - ok

21:32:15.0516 4896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

21:32:15.0516 4896 Winmgmt - ok

21:32:16.0046 4896 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

21:32:16.0062 4896 WinRM - ok

21:32:16.0327 4896 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

21:32:16.0327 4896 WinUsb - ok

21:32:16.0468 4896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

21:32:16.0483 4896 Wlansvc - ok

21:32:17.0107 4896 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:32:17.0138 4896 wlidsvc - ok

21:32:17.0279 4896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

21:32:17.0279 4896 WmiAcpi - ok

21:32:17.0435 4896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

21:32:17.0450 4896 wmiApSrv - ok

21:32:17.0497 4896 WMPNetworkSvc - ok

21:32:17.0544 4896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

21:32:17.0544 4896 WPCSvc - ok

21:32:17.0653 4896 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

21:32:17.0653 4896 WPDBusEnum - ok

21:32:17.0731 4896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

21:32:17.0731 4896 ws2ifsl - ok

21:32:17.0840 4896 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll

21:32:17.0840 4896 wscsvc - ok

21:32:17.0872 4896 WSearch - ok

21:32:18.0308 4896 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

21:32:18.0340 4896 wuauserv - ok

21:32:18.0636 4896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

21:32:18.0636 4896 WudfPf - ok

21:32:18.0698 4896 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

21:32:18.0698 4896 WUDFRd - ok

21:32:18.0761 4896 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

21:32:18.0776 4896 wudfsvc - ok

21:32:18.0870 4896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

21:32:18.0870 4896 WwanSvc - ok

21:32:18.0948 4896 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

21:32:19.0385 4896 \Device\Harddisk0\DR0 - ok

21:32:19.0416 4896 Boot (0x1200) (247a934d13e923610f20759dcaaa25b8) \Device\Harddisk0\DR0\Partition0

21:32:19.0416 4896 \Device\Harddisk0\DR0\Partition0 - ok

21:32:19.0416 4896 ============================================================

21:32:19.0416 4896 Scan finished

21:32:19.0416 4896 ============================================================

21:32:19.0432 4820 Detected object count: 1

21:32:19.0432 4820 Actual detected object count: 1

21:32:24.0611 4820 sptd ( LockedFile.Multi.Generic ) - skipped by user

21:32:24.0611 4820 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

21:33:07.0605 4948 ============================================================

21:33:07.0605 4948 Scan started

21:33:07.0605 4948 Mode: Manual;

21:33:07.0605 4948 ============================================================

21:33:07.0792 4948 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

21:33:07.0792 4948 1394ohci - ok

21:33:07.0948 4948 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

21:33:07.0948 4948 ACPI - ok

21:33:07.0995 4948 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys

21:33:07.0995 4948 acpials - ok

21:33:08.0042 4948 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

21:33:08.0042 4948 AcpiPmi - ok

21:33:08.0166 4948 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:33:08.0166 4948 AdobeFlashPlayerUpdateSvc - ok

21:33:08.0244 4948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

21:33:08.0244 4948 adp94xx - ok

21:33:08.0291 4948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

21:33:08.0291 4948 adpahci - ok

21:33:08.0338 4948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

21:33:08.0338 4948 adpu320 - ok

21:33:08.0385 4948 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

21:33:08.0385 4948 AeLookupSvc - ok

21:33:08.0463 4948 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

21:33:08.0463 4948 AFD - ok

21:33:08.0494 4948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

21:33:08.0510 4948 agp440 - ok

21:33:08.0541 4948 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

21:33:08.0541 4948 ALG - ok

21:33:08.0572 4948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

21:33:08.0572 4948 aliide - ok

21:33:08.0603 4948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

21:33:08.0603 4948 amdide - ok

21:33:08.0634 4948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

21:33:08.0634 4948 AmdK8 - ok

21:33:08.0666 4948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

21:33:08.0666 4948 AmdPPM - ok

21:33:08.0697 4948 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

21:33:08.0697 4948 amdsata - ok

21:33:08.0744 4948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

21:33:08.0759 4948 amdsbs - ok

21:33:08.0806 4948 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

21:33:08.0806 4948 amdxata - ok

21:33:08.0853 4948 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

21:33:08.0853 4948 AppID - ok

21:33:08.0868 4948 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

21:33:08.0868 4948 AppIDSvc - ok

21:33:08.0915 4948 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

21:33:08.0915 4948 Appinfo - ok

21:33:08.0946 4948 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

21:33:08.0946 4948 arc - ok

21:33:08.0978 4948 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

21:33:08.0978 4948 arcsas - ok

21:33:09.0180 4948 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:33:09.0180 4948 aspnet_state - ok

21:33:09.0212 4948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

21:33:09.0212 4948 AsyncMac - ok

21:33:09.0243 4948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

21:33:09.0243 4948 atapi - ok

21:33:09.0305 4948 atksgt (fc0e8778c000291caf60eb88c011e931) C:\windows\system32\DRIVERS\atksgt.sys

21:33:09.0305 4948 atksgt - ok

21:33:09.0383 4948 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

21:33:09.0399 4948 AudioEndpointBuilder - ok

21:33:09.0399 4948 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

21:33:09.0414 4948 AudioSrv - ok

21:33:09.0461 4948 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

21:33:09.0461 4948 AxInstSV - ok

21:33:09.0508 4948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

21:33:09.0524 4948 b06bdrv - ok

21:33:09.0555 4948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

21:33:09.0555 4948 b57nd60a - ok

21:33:09.0617 4948 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

21:33:09.0617 4948 BDESVC - ok

21:33:09.0633 4948 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

21:33:09.0633 4948 Beep - ok

21:33:09.0711 4948 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

21:33:09.0726 4948 BITS - ok

21:33:09.0742 4948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

21:33:09.0742 4948 blbdrive - ok

21:33:09.0874 4948 BlueSoleilCS (d021770f596729c3fca2e73daae909e1) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

21:33:09.0874 4948 BlueSoleilCS - ok

21:33:09.0920 4948 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

21:33:09.0920 4948 bowser - ok

21:33:09.0952 4948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

21:33:09.0952 4948 BrFiltLo - ok

21:33:09.0967 4948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

21:33:09.0967 4948 BrFiltUp - ok

21:33:09.0983 4948 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

21:33:09.0983 4948 BridgeMP - ok

21:33:10.0030 4948 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

21:33:10.0045 4948 Browser - ok

21:33:10.0076 4948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

21:33:10.0076 4948 Brserid - ok

21:33:10.0108 4948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

21:33:10.0108 4948 BrSerWdm - ok

21:33:10.0123 4948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

21:33:10.0123 4948 BrUsbMdm - ok

21:33:10.0139 4948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

21:33:10.0139 4948 BrUsbSer - ok

21:33:10.0217 4948 BsHelpCS (6f7a1dfe12ae44913b360f089977409b) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

21:33:10.0217 4948 BsHelpCS - ok

21:33:10.0279 4948 BsMobileCS (dfcba9b9dbed69bb4baf29c4b0cd75ed) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe

21:33:10.0279 4948 BsMobileCS - ok

21:33:10.0326 4948 BT (8cad77d0fd83819237bac6f365531d15) C:\windows\system32\DRIVERS\btnetdrv.sys

21:33:10.0326 4948 BT - ok

21:33:10.0357 4948 BTCOM (2f7a3b9d872397fbc8a672171d65448f) C:\windows\system32\DRIVERS\btcomport.sys

21:33:10.0357 4948 BTCOM - ok

21:33:10.0373 4948 BTCOMBUS (f8e0df79ecaaabc41be4b699bf64f96b) C:\windows\system32\Drivers\btcombus.sys

21:33:10.0373 4948 BTCOMBUS - ok

21:33:10.0388 4948 Btcsrusb (0a24821ce12b2cb5b711fbd69344e743) C:\windows\system32\Drivers\btcusb.sys

21:33:10.0388 4948 Btcsrusb - ok

21:33:10.0404 4948 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys

21:33:10.0404 4948 BthEnum - ok

21:33:10.0451 4948 BtHidBus (30b59c7b65092ea44c8668afeb47aaad) C:\windows\system32\Drivers\BtHidBus.sys

21:33:10.0451 4948 BtHidBus - ok

21:33:10.0466 4948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

21:33:10.0466 4948 BTHMODEM - ok

21:33:10.0513 4948 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

21:33:10.0513 4948 BthPan - ok

21:33:10.0576 4948 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys

21:33:10.0591 4948 BTHPORT - ok

21:33:10.0622 4948 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

21:33:10.0622 4948 bthserv - ok

21:33:10.0669 4948 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys

21:33:10.0669 4948 BTHUSB - ok

21:33:10.0700 4948 btnetBUs (c0d50877bb7ec88a953a2a56cef170fa) C:\windows\system32\Drivers\btnetBus.sys

21:33:10.0700 4948 btnetBUs - ok

21:33:10.0747 4948 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

21:33:10.0747 4948 cdfs - ok

21:33:10.0778 4948 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

21:33:10.0778 4948 cdrom - ok

21:33:10.0810 4948 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

21:33:10.0810 4948 CertPropSvc - ok

21:33:10.0934 4948 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

21:33:10.0934 4948 cfWiMAXService - ok

21:33:10.0981 4948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

21:33:10.0981 4948 circlass - ok

21:33:11.0075 4948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

21:33:11.0075 4948 CLFS - ok

21:33:11.0184 4948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:33:11.0184 4948 clr_optimization_v2.0.50727_32 - ok

21:33:11.0262 4948 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:33:11.0278 4948 clr_optimization_v2.0.50727_64 - ok

21:33:11.0356 4948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:33:11.0356 4948 clr_optimization_v4.0.30319_32 - ok

21:33:11.0418 4948 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:33:11.0418 4948 clr_optimization_v4.0.30319_64 - ok

21:33:11.0465 4948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

21:33:11.0465 4948 CmBatt - ok

21:33:11.0496 4948 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

21:33:11.0496 4948 cmdide - ok

21:33:11.0558 4948 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

21:33:11.0558 4948 CNG - ok

21:33:11.0590 4948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

21:33:11.0590 4948 Compbatt - ok

21:33:11.0636 4948 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

21:33:11.0636 4948 CompositeBus - ok

21:33:11.0636 4948 COMSysApp - ok

21:33:11.0746 4948 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

21:33:11.0746 4948 ConfigFree Service - ok

21:33:11.0777 4948 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\windows\system32\drivers\cpuz135_x64.sys

21:33:11.0777 4948 cpuz135 - ok

21:33:11.0824 4948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

21:33:11.0824 4948 crcdisk - ok

21:33:11.0855 4948 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

21:33:11.0855 4948 CryptSvc - ok

21:33:11.0902 4948 dc3d (76e02db615a03801d698199a2bc4a06a) C:\windows\system32\DRIVERS\dc3d.sys

21:33:11.0902 4948 dc3d - ok

21:33:11.0964 4948 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

21:33:11.0980 4948 DcomLaunch - ok

21:33:12.0026 4948 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

21:33:12.0026 4948 defragsvc - ok

21:33:12.0073 4948 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

21:33:12.0073 4948 DfsC - ok

21:33:12.0151 4948 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

21:33:12.0151 4948 Dhcp - ok

21:33:12.0182 4948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

21:33:12.0182 4948 discache - ok

21:33:12.0198 4948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

21:33:12.0198 4948 Disk - ok

21:33:12.0245 4948 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

21:33:12.0245 4948 Dnscache - ok

21:33:12.0292 4948 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

21:33:12.0292 4948 dot3svc - ok

21:33:12.0338 4948 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

21:33:12.0338 4948 DPS - ok

21:33:12.0385 4948 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

21:33:12.0385 4948 drmkaud - ok

21:33:12.0479 4948 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

21:33:12.0494 4948 DXGKrnl - ok

21:33:12.0494 4948 EagleX64 - ok

21:33:12.0541 4948 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

21:33:12.0541 4948 EapHost - ok

21:33:12.0775 4948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

21:33:12.0806 4948 ebdrv - ok

21:33:12.0909 4948 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

21:33:12.0909 4948 EFS - ok

21:33:13.0018 4948 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

21:33:13.0034 4948 ehRecvr - ok

21:33:13.0080 4948 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

21:33:13.0080 4948 ehSched - ok

21:33:13.0205 4948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

21:33:13.0221 4948 elxstor - ok

21:33:13.0268 4948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

21:33:13.0268 4948 ErrDev - ok

21:33:13.0346 4948 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

21:33:13.0361 4948 EventSystem - ok

21:33:13.0392 4948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

21:33:13.0392 4948 exfat - ok

21:33:13.0424 4948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

21:33:13.0424 4948 fastfat - ok

21:33:13.0502 4948 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

21:33:13.0517 4948 Fax - ok

21:33:13.0564 4948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

21:33:13.0564 4948 fdc - ok

21:33:13.0595 4948 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

21:33:13.0595 4948 fdPHost - ok

21:33:13.0626 4948 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

21:33:13.0626 4948 FDResPub - ok

21:33:13.0642 4948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

21:33:13.0642 4948 FileInfo - ok

21:33:13.0658 4948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

21:33:13.0658 4948 Filetrace - ok

21:33:13.0767 4948 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:33:13.0767 4948 FLEXnet Licensing Service - ok

21:33:13.0814 4948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

21:33:13.0814 4948 flpydisk - ok

21:33:13.0876 4948 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

21:33:13.0876 4948 FltMgr - ok

21:33:14.0001 4948 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

21:33:14.0001 4948 FontCache - ok

21:33:14.0126 4948 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:33:14.0126 4948 FontCache3.0.0.0 - ok

21:33:14.0172 4948 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

21:33:14.0172 4948 FsDepends - ok

21:33:14.0204 4948 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

21:33:14.0204 4948 Fs_Rec - ok

21:33:14.0266 4948 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

21:33:14.0266 4948 fvevol - ok

21:33:14.0297 4948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

21:33:14.0313 4948 gagp30kx - ok

21:33:14.0422 4948 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe

21:33:14.0422 4948 GameConsoleService - ok

21:33:14.0516 4948 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

21:33:14.0531 4948 gpsvc - ok

21:33:14.0625 4948 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:33:14.0625 4948 gupdate - ok

21:33:14.0625 4948 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:33:14.0640 4948 gupdatem - ok

21:33:14.0672 4948 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:33:14.0672 4948 gusvc - ok

21:33:14.0734 4948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

21:33:14.0734 4948 hcw85cir - ok

21:33:14.0796 4948 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

21:33:14.0796 4948 HdAudAddService - ok

21:33:14.0828 4948 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

21:33:14.0828 4948 HDAudBus - ok

21:33:14.0843 4948 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

21:33:14.0843 4948 HECIx64 - ok

21:33:14.0874 4948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

21:33:14.0874 4948 HidBatt - ok

21:33:14.0890 4948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

21:33:14.0890 4948 HidBth - ok

21:33:14.0906 4948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

21:33:14.0906 4948 HidIr - ok

21:33:14.0952 4948 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

21:33:14.0952 4948 hidserv - ok

21:33:14.0999 4948 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

21:33:14.0999 4948 HidUsb - ok

21:33:15.0030 4948 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

21:33:15.0030 4948 hkmsvc - ok

21:33:15.0124 4948 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

21:33:15.0124 4948 HomeGroupListener - ok

21:33:15.0202 4948 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

21:33:15.0202 4948 HomeGroupProvider - ok

21:33:15.0249 4948 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

21:33:15.0249 4948 HpSAMD - ok

21:33:15.0420 4948 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

21:33:15.0420 4948 HTTP - ok

21:33:15.0467 4948 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

21:33:15.0467 4948 hwpolicy - ok

21:33:15.0514 4948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

21:33:15.0530 4948 i8042prt - ok

21:33:15.0623 4948 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys

21:33:15.0623 4948 iaStor - ok

21:33:15.0701 4948 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

21:33:15.0701 4948 iaStorV - ok

21:33:15.0888 4948 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:33:15.0888 4948 idsvc - ok

21:33:15.0935 4948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

21:33:15.0935 4948 iirsp - ok

21:33:16.0029 4948 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

21:33:16.0044 4948 IKEEXT - ok

21:33:16.0232 4948 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys

21:33:16.0247 4948 IntcAzAudAddService - ok

21:33:16.0372 4948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

21:33:16.0372 4948 intelide - ok

21:33:16.0419 4948 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

21:33:16.0419 4948 intelppm - ok

21:33:16.0466 4948 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

21:33:16.0466 4948 IPBusEnum - ok

21:33:16.0512 4948 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

21:33:16.0512 4948 IpFilterDriver - ok

21:33:16.0559 4948 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

21:33:16.0559 4948 iphlpsvc - ok

21:33:16.0606 4948 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

21:33:16.0606 4948 IPMIDRV - ok

21:33:16.0637 4948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

21:33:16.0637 4948 IPNAT - ok

21:33:16.0668 4948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

21:33:16.0668 4948 IRENUM - ok

21:33:16.0700 4948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

21:33:16.0700 4948 isapnp - ok

21:33:16.0746 4948 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

21:33:16.0762 4948 iScsiPrt - ok

21:33:16.0809 4948 IvtBtBUs (c7b6be6bf2b5766648e232077e86b6a0) C:\windows\system32\Drivers\IvtBtBus.sys

21:33:16.0809 4948 IvtBtBUs - ok

21:33:16.0856 4948 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys

21:33:16.0856 4948 JMCR - ok

21:33:16.0918 4948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

21:33:16.0918 4948 kbdclass - ok

21:33:17.0012 4948 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

21:33:17.0012 4948 kbdhid - ok

21:33:17.0043 4948 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:33:17.0043 4948 KeyIso - ok

21:33:17.0090 4948 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

21:33:17.0090 4948 KSecDD - ok

21:33:17.0121 4948 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

21:33:17.0121 4948 KSecPkg - ok

21:33:17.0152 4948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

21:33:17.0152 4948 ksthunk - ok

21:33:17.0199 4948 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

21:33:17.0199 4948 KtmRm - ok

21:33:17.0261 4948 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

21:33:17.0261 4948 LanmanServer - ok

21:33:17.0308 4948 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

21:33:17.0324 4948 LanmanWorkstation - ok

21:33:17.0370 4948 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\windows\system32\DRIVERS\lirsgt.sys

21:33:17.0370 4948 lirsgt - ok

21:33:17.0417 4948 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

21:33:17.0417 4948 lltdio - ok

21:33:17.0464 4948 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

21:33:17.0464 4948 lltdsvc - ok

21:33:17.0480 4948 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

21:33:17.0480 4948 lmhosts - ok

21:33:17.0573 4948 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

21:33:17.0573 4948 LMS - ok

21:33:17.0620 4948 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys

21:33:17.0620 4948 LPCFilter - ok

21:33:17.0651 4948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

21:33:17.0667 4948 LSI_FC - ok

21:33:17.0698 4948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

21:33:17.0698 4948 LSI_SAS - ok

21:33:17.0729 4948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

21:33:17.0729 4948 LSI_SAS2 - ok

21:33:17.0745 4948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

21:33:17.0745 4948 LSI_SCSI - ok

21:33:17.0776 4948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

21:33:17.0776 4948 luafv - ok

21:33:17.0823 4948 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys

21:33:17.0823 4948 MBAMProtector - ok

21:33:17.0932 4948 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:33:17.0932 4948 MBAMService - ok

21:33:17.0994 4948 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys

21:33:17.0994 4948 mcdbus - ok

21:33:18.0026 4948 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

21:33:18.0026 4948 Mcx2Svc - ok

21:33:18.0041 4948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

21:33:18.0041 4948 megasas - ok

21:33:18.0088 4948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

21:33:18.0104 4948 MegaSR - ok

21:33:18.0135 4948 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

21:33:18.0135 4948 MMCSS - ok

21:33:18.0150 4948 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

21:33:18.0150 4948 Modem - ok

21:33:18.0182 4948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

21:33:18.0182 4948 monitor - ok

21:33:18.0228 4948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

21:33:18.0228 4948 mouclass - ok

21:33:18.0228 4948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

21:33:18.0228 4948 mouhid - ok

21:33:18.0275 4948 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

21:33:18.0275 4948 mountmgr - ok

21:33:18.0338 4948 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

21:33:18.0338 4948 mpio - ok

21:33:18.0353 4948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

21:33:18.0353 4948 mpsdrv - ok

21:33:18.0416 4948 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

21:33:18.0416 4948 MRxDAV - ok

21:33:18.0462 4948 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

21:33:18.0462 4948 mrxsmb - ok

21:33:18.0494 4948 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

21:33:18.0509 4948 mrxsmb10 - ok

21:33:18.0540 4948 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

21:33:18.0540 4948 mrxsmb20 - ok

21:33:18.0556 4948 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

21:33:18.0556 4948 msahci - ok

21:33:18.0603 4948 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

21:33:18.0603 4948 msdsm - ok

21:33:18.0634 4948 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

21:33:18.0650 4948 MSDTC - ok

21:33:18.0681 4948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

21:33:18.0681 4948 Msfs - ok

21:33:18.0696 4948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

21:33:18.0696 4948 mshidkmdf - ok

21:33:18.0728 4948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

21:33:18.0728 4948 msisadrv - ok

21:33:18.0774 4948 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

21:33:18.0774 4948 MSiSCSI - ok

21:33:18.0774 4948 msiserver - ok

21:33:18.0806 4948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

21:33:18.0806 4948 MSKSSRV - ok

21:33:18.0821 4948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

21:33:18.0821 4948 MSPCLOCK - ok

21:33:18.0852 4948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

21:33:18.0852 4948 MSPQM - ok

21:33:18.0899 4948 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

21:33:18.0899 4948 MsRPC - ok

21:33:18.0946 4948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

21:33:18.0946 4948 mssmbios - ok

21:33:18.0993 4948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

21:33:18.0993 4948 MSTEE - ok

21:33:19.0040 4948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

21:33:19.0040 4948 MTConfig - ok

21:33:19.0055 4948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

21:33:19.0055 4948 Mup - ok

21:33:19.0118 4948 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

21:33:19.0118 4948 napagent - ok

21:33:19.0180 4948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

21:33:19.0180 4948 NativeWifiP - ok

21:33:19.0274 4948 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

21:33:19.0289 4948 NDIS - ok

21:33:19.0320 4948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

21:33:19.0320 4948 NdisCap - ok

21:33:19.0336 4948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

21:33:19.0336 4948 NdisTapi - ok

21:33:19.0367 4948 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

21:33:19.0367 4948 Ndisuio - ok

21:33:19.0414 4948 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

21:33:19.0414 4948 NdisWan - ok

21:33:19.0445 4948 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

21:33:19.0445 4948 NDProxy - ok

21:33:19.0476 4948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

21:33:19.0476 4948 NetBIOS - ok

21:33:19.0523 4948 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

21:33:19.0523 4948 NetBT - ok

21:33:19.0539 4948 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:33:19.0554 4948 Netlogon - ok

21:33:19.0601 4948 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

21:33:19.0617 4948 Netman - ok

21:33:19.0742 4948 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:33:19.0757 4948 NetMsmqActivator - ok

21:33:19.0757 4948 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:33:19.0757 4948 NetPipeActivator - ok

21:33:19.0837 4948 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

21:33:19.0842 4948 netprofm - ok

21:33:19.0849 4948 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:33:19.0852 4948 NetTcpActivator - ok

21:33:19.0859 4948 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:33:19.0859 4948 NetTcpPortSharing - ok

21:33:19.0912 4948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

21:33:19.0914 4948 nfrd960 - ok

21:33:19.0968 4948 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

21:33:19.0968 4948 NlaSvc - ok

21:33:20.0000 4948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

21:33:20.0000 4948 Npfs - ok

21:33:20.0031 4948 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

21:33:20.0031 4948 nsi - ok

21:33:20.0062 4948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

21:33:20.0062 4948 nsiproxy - ok

21:33:20.0202 4948 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

21:33:20.0218 4948 Ntfs - ok

21:33:20.0343 4948 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\windows\system32\DRIVERS\NuidFltr.sys

21:33:20.0343 4948 NuidFltr - ok

21:33:20.0390 4948 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

21:33:20.0390 4948 Null - ok

21:33:20.0421 4948 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\windows\system32\drivers\nvhda64v.sys

21:33:20.0421 4948 NVHDA - ok

21:33:21.0312 4948 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\windows\system32\DRIVERS\nvlddmkm.sys

21:33:21.0390 4948 nvlddmkm - ok

21:33:21.0531 4948 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

21:33:21.0531 4948 nvraid - ok

21:33:21.0562 4948 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

21:33:21.0562 4948 nvstor - ok

21:33:21.0640 4948 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\windows\system32\nvvsvc.exe

21:33:21.0656 4948 nvsvc - ok

21:33:21.0827 4948 nvUpdatusService (18f1906bfe993ead51200e3195b3d6e2) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

21:33:21.0843 4948 nvUpdatusService - ok

21:33:21.0983 4948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

21:33:21.0983 4948 nv_agp - ok

21:33:22.0108 4948 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:33:22.0124 4948 odserv - ok

21:33:22.0170 4948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

21:33:22.0170 4948 ohci1394 - ok

21:33:22.0202 4948 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:33:22.0217 4948 ose - ok

21:33:22.0264 4948 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

21:33:22.0280 4948 p2pimsvc - ok

21:33:22.0311 4948 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

21:33:22.0326 4948 p2psvc - ok

21:33:22.0358 4948 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

21:33:22.0358 4948 Parport - ok

21:33:22.0389 4948 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

21:33:22.0404 4948 partmgr - ok

21:33:22.0436 4948 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

21:33:22.0451 4948 PcaSvc - ok

21:33:22.0482 4948 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\windows\system32\DRIVERS\pccsmcfdx64.sys

21:33:22.0482 4948 pccsmcfd - ok

21:33:22.0545 4948 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

21:33:22.0545 4948 pci - ok

21:33:22.0607 4948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

21:33:22.0607 4948 pciide - ok

21:33:22.0654 4948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

21:33:22.0654 4948 pcmcia - ok

21:33:22.0685 4948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

21:33:22.0685 4948 pcw - ok

21:33:22.0748 4948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

21:33:22.0763 4948 PEAUTH - ok

21:33:22.0863 4948 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

21:33:22.0863 4948 PerfHost - ok

21:33:22.0923 4948 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

21:33:22.0925 4948 PGEffect - ok

21:33:23.0070 4948 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

21:33:23.0085 4948 pla - ok

21:33:23.0241 4948 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

21:33:23.0257 4948 PlugPlay - ok

21:33:23.0257 4948 PnkBstrA - ok

21:33:23.0304 4948 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

21:33:23.0319 4948 PNRPAutoReg - ok

21:33:23.0366 4948 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

21:33:23.0366 4948 PNRPsvc - ok

21:33:23.0429 4948 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

21:33:23.0444 4948 PolicyAgent - ok

21:33:23.0491 4948 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

21:33:23.0491 4948 Power - ok

21:33:23.0538 4948 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

21:33:23.0553 4948 PptpMiniport - ok

21:33:23.0569 4948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

21:33:23.0569 4948 Processor - ok

21:33:23.0631 4948 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

21:33:23.0631 4948 ProfSvc - ok

21:33:23.0678 4948 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:33:23.0678 4948 ProtectedStorage - ok

21:33:23.0725 4948 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

21:33:23.0741 4948 Psched - ok

21:33:23.0881 4948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

21:33:23.0897 4948 ql2300 - ok

21:33:24.0037 4948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

21:33:24.0037 4948 ql40xx - ok

21:33:24.0084 4948 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

21:33:24.0099 4948 QWAVE - ok

21:33:24.0131 4948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

21:33:24.0131 4948 QWAVEdrv - ok

21:33:24.0146 4948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

21:33:24.0146 4948 RasAcd - ok

21:33:24.0193 4948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

21:33:24.0193 4948 RasAgileVpn - ok

21:33:24.0240 4948 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

21:33:24.0240 4948 RasAuto - ok

21:33:24.0271 4948 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

21:33:24.0271 4948 Rasl2tp - ok

21:33:24.0318 4948 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

21:33:24.0333 4948 RasMan - ok

21:33:24.0365 4948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

21:33:24.0380 4948 RasPppoe - ok

21:33:24.0396 4948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

21:33:24.0396 4948 RasSstp - ok

21:33:24.0458 4948 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

21:33:24.0458 4948 rdbss - ok

21:33:24.0489 4948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

21:33:24.0489 4948 rdpbus - ok

21:33:24.0521 4948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

21:33:24.0521 4948 RDPCDD - ok

21:33:24.0552 4948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

21:33:24.0552 4948 RDPENCDD - ok

21:33:24.0583 4948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

21:33:24.0583 4948 RDPREFMP - ok

21:33:24.0630 4948 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

21:33:24.0630 4948 RDPWD - ok

21:33:24.0708 4948 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

21:33:24.0708 4948 rdyboost - ok

21:33:24.0755 4948 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

21:33:24.0755 4948 RemoteAccess - ok

21:33:24.0801 4948 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

21:33:24.0801 4948 RemoteRegistry - ok

21:33:24.0848 4948 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

21:33:24.0848 4948 RFCOMM - ok

21:33:24.0864 4948 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

21:33:24.0879 4948 RpcEptMapper - ok

21:33:24.0895 4948 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

21:33:24.0895 4948 RpcLocator - ok

21:33:24.0973 4948 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

21:33:24.0989 4948 RpcSs - ok

21:33:25.0020 4948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

21:33:25.0020 4948 rspndr - ok

21:33:25.0082 4948 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys

21:33:25.0082 4948 RTL8167 - ok

21:33:25.0207 4948 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys

21:33:25.0223 4948 rtl8192se - ok

21:33:25.0269 4948 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:33:25.0269 4948 SamSs - ok

21:33:25.0316 4948 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

21:33:25.0316 4948 sbp2port - ok

21:33:25.0363 4948 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

21:33:25.0379 4948 SCardSvr - ok

21:33:25.0410 4948 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

21:33:25.0410 4948 scfilter - ok

21:33:25.0519 4948 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

21:33:25.0519 4948 Schedule - ok

21:33:25.0566 4948 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

21:33:25.0566 4948 SCPolicySvc - ok

21:33:25.0644 4948 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys

21:33:25.0644 4948 sdbus - ok

21:33:25.0691 4948 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

21:33:25.0691 4948 SDRSVC - ok

21:33:25.0769 4948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

21:33:25.0769 4948 secdrv - ok

21:33:25.0815 4948 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

21:33:25.0815 4948 seclogon - ok

21:33:25.0862 4948 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

21:33:25.0862 4948 SENS - ok

21:33:25.0893 4948 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

21:33:25.0893 4948 SensrSvc - ok

21:33:25.0925 4948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

21:33:25.0925 4948 Serenum - ok

21:33:25.0956 4948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

21:33:25.0956 4948 Serial - ok

21:33:25.0987 4948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

21:33:25.0987 4948 sermouse - ok

21:33:26.0096 4948 ServiceLayer (3334de016fdcde5c98e30a405a72dd8d) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

21:33:26.0112 4948 ServiceLayer - ok

21:33:26.0174 4948 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

21:33:26.0174 4948 SessionEnv - ok

21:33:26.0205 4948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

21:33:26.0205 4948 sffdisk - ok

21:33:26.0237 4948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

21:33:26.0237 4948 sffp_mmc - ok

21:33:26.0252 4948 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

21:33:26.0252 4948 sffp_sd - ok

21:33:26.0299 4948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

21:33:26.0299 4948 sfloppy - ok

21:33:26.0377 4948 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

21:33:26.0377 4948 ShellHWDetection - ok

21:33:26.0408 4948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

21:33:26.0408 4948 SiSRaid2 - ok

21:33:26.0455 4948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

21:33:26.0455 4948 SiSRaid4 - ok

21:33:26.0471 4948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

21:33:26.0471 4948 Smb - ok

21:33:26.0517 4948 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

21:33:26.0517 4948 SNMPTRAP - ok

21:33:26.0549 4948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

21:33:26.0549 4948 spldr - ok

21:33:26.0627 4948 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

21:33:26.0627 4948 Spooler - ok

21:33:26.0907 4948 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

21:33:26.0939 4948 sppsvc - ok

21:33:27.0048 4948 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

21:33:27.0048 4948 sppuinotify - ok

21:33:27.0204 4948 sptd (602884696850c86434530790b110e8eb) C:\windows\system32\Drivers\sptd.sys

21:33:27.0204 4948 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

21:33:27.0219 4948 sptd ( LockedFile.Multi.Generic ) - warning

21:33:27.0219 4948 sptd - detected LockedFile.Multi.Generic (1)

21:33:27.0282 4948 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

21:33:27.0297 4948 srv - ok

21:33:27.0344 4948 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

21:33:27.0344 4948 srv2 - ok

21:33:27.0375 4948 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

21:33:27.0391 4948 srvnet - ok

21:33:27.0422 4948 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

21:33:27.0438 4948 SSDPSRV - ok

21:33:27.0453 4948 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

21:33:27.0469 4948 SstpSvc - ok

21:33:27.0500 4948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

21:33:27.0500 4948 stexstor - ok

21:33:27.0594 4948 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

21:33:27.0594 4948 stisvc - ok

21:33:27.0656 4948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

21:33:27.0656 4948 swenum - ok

21:33:27.0734 4948 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

21:33:27.0734 4948 swprv - ok

21:33:27.0797 4948 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

21:33:27.0812 4948 SynTP - ok

21:33:27.0984 4948 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

21:33:27.0999 4948 SysMain - ok

21:33:28.0124 4948 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

21:33:28.0124 4948 TabletInputService - ok

21:33:28.0155 4948 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

21:33:28.0171 4948 TapiSrv - ok

21:33:28.0218 4948 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

21:33:28.0233 4948 TBS - ok

21:33:28.0452 4948 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

21:33:28.0467 4948 Tcpip - ok

21:33:28.0748 4948 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

21:33:28.0764 4948 TCPIP6 - ok

21:33:28.0904 4948 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

21:33:28.0904 4948 tcpipreg - ok

21:33:28.0982 4948 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

21:33:28.0982 4948 tdcmdpst - ok

21:33:29.0045 4948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

21:33:29.0045 4948 TDPIPE - ok

21:33:29.0107 4948 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

21:33:29.0107 4948 TDTCP - ok

21:33:29.0169 4948 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

21:33:29.0169 4948 tdx - ok

21:33:29.0216 4948 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

21:33:29.0216 4948 TermDD - ok

21:33:29.0279 4948 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

21:33:29.0294 4948 TermService - ok

21:33:29.0341 4948 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

21:33:29.0341 4948 Themes - ok

21:33:29.0372 4948 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

21:33:29.0372 4948 Thpdrv - ok

21:33:29.0403 4948 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

21:33:29.0403 4948 Thpevm - ok

21:33:29.0466 4948 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe

21:33:29.0481 4948 Thpsrv - ok

21:33:29.0528 4948 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

21:33:29.0528 4948 THREADORDER - ok

21:33:29.0653 4948 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

21:33:29.0653 4948 TMachInfo - ok

21:33:29.0747 4948 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe

21:33:29.0747 4948 TODDSrv - ok

21:33:29.0872 4948 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

21:33:29.0877 4948 TosCoSrv - ok

21:33:29.0972 4948 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe

21:33:29.0974 4948 TOSHIBA eco Utility Service - ok

21:33:30.0019 4948 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

21:33:30.0035 4948 TOSHIBA HDD SSD Alert Service - ok

21:33:30.0144 4948 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

21:33:30.0159 4948 tos_sps64 - ok

21:33:30.0269 4948 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

21:33:30.0269 4948 TPCHSrv - ok

21:33:30.0393 4948 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

21:33:30.0409 4948 TrkWks - ok

21:33:30.0487 4948 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

21:33:30.0487 4948 TrustedInstaller - ok

21:33:30.0565 4948 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

21:33:30.0565 4948 tssecsrv - ok

21:33:30.0596 4948 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

21:33:30.0612 4948 TsUsbFlt - ok

21:33:30.0705 4948 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

21:33:30.0705 4948 tunnel - ok

21:33:30.0768 4948 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

21:33:30.0768 4948 TVALZ - ok

21:33:30.0799 4948 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

21:33:30.0799 4948 TVALZFL - ok

21:33:30.0830 4948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

21:33:30.0830 4948 uagp35 - ok

21:33:30.0893 4948 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

21:33:30.0893 4948 udfs - ok

21:33:30.0939 4948 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

21:33:30.0939 4948 UI0Detect - ok

21:33:30.0971 4948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

21:33:30.0986 4948 uliagpkx - ok

21:33:31.0049 4948 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

21:33:31.0049 4948 umbus - ok

21:33:31.0095 4948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

21:33:31.0095 4948 UmPass - ok

21:33:31.0345 4948 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

21:33:31.0361 4948 UNS - ok

21:33:31.0485 4948 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

21:33:31.0485 4948 upnphost - ok

21:33:31.0548 4948 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

21:33:31.0548 4948 usbccgp - ok

21:33:31.0610 4948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

21:33:31.0610 4948 usbcir - ok

21:33:31.0688 4948 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

21:33:31.0688 4948 usbehci - ok

21:33:31.0751 4948 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

21:33:31.0751 4948 usbhub - ok

21:33:31.0782 4948 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

21:33:31.0782 4948 usbohci - ok

21:33:31.0829 4948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

21:33:31.0829 4948 usbprint - ok

21:33:31.0875 4948 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

21:33:31.0875 4948 USBSTOR - ok

21:33:31.0922 4948 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

21:33:31.0922 4948 usbuhci - ok

21:33:32.0000 4948 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

21:33:32.0000 4948 usbvideo - ok

21:33:32.0031 4948 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

21:33:32.0031 4948 UxSms - ok

21:33:32.0063 4948 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:33:32.0078 4948 VaultSvc - ok

21:33:32.0078 4948 VComm - ok

21:33:32.0094 4948 VcommMgr - ok

21:33:32.0125 4948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

21:33:32.0125 4948 vdrvroot - ok

21:33:32.0187 4948 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

21:33:32.0187 4948 vds - ok

21:33:32.0234 4948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

21:33:32.0234 4948 vga - ok

21:33:32.0265 4948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

21:33:32.0265 4948 VgaSave - ok

21:33:32.0312 4948 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

21:33:32.0312 4948 vhdmp - ok

21:33:32.0359 4948 VHidMinidrv (24c101ae807c779a5cef0a9bf7888da7) C:\windows\system32\drivers\VHIDMini.sys

21:33:32.0359 4948 VHidMinidrv - ok

21:33:32.0406 4948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

21:33:32.0406 4948 viaide - ok

21:33:32.0453 4948 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

21:33:32.0453 4948 volmgr - ok

21:33:32.0499 4948 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

21:33:32.0515 4948 volmgrx - ok

21:33:32.0562 4948 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

21:33:32.0562 4948 volsnap - ok

21:33:32.0655 4948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

21:33:32.0655 4948 vsmraid - ok

21:33:32.0796 4948 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

21:33:32.0824 4948 VSS - ok

21:33:32.0934 4948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

21:33:32.0934 4948 vwifibus - ok

21:33:32.0956 4948 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

21:33:32.0959 4948 vwififlt - ok

21:33:32.0986 4948 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

21:33:32.0989 4948 vwifimp - ok

21:33:33.0068 4948 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

21:33:33.0068 4948 W32Time - ok

21:33:33.0114 4948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

21:33:33.0114 4948 WacomPen - ok

21:33:33.0192 4948 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

21:33:33.0192 4948 WANARP - ok

21:33:33.0192 4948 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

21:33:33.0208 4948 Wanarpv6 - ok

21:33:33.0380 4948 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

21:33:33.0395 4948 WatAdminSvc - ok

21:33:33.0536 4948 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

21:33:33.0551 4948 wbengine - ok

21:33:33.0738 4948 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

21:33:33.0738 4948 WbioSrvc - ok

21:33:33.0785 4948 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

21:33:33.0801 4948 wcncsvc - ok

21:33:33.0832 4948 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

21:33:33.0832 4948 WcsPlugInService - ok

21:33:33.0894 4948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

21:33:33.0894 4948 Wd - ok

21:33:33.0941 4948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

21:33:33.0957 4948 Wdf01000 - ok

21:33:33.0988 4948 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

21:33:33.0988 4948 WdiServiceHost - ok

21:33:34.0004 4948 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

21:33:34.0004 4948 WdiSystemHost - ok

21:33:34.0066 4948 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

21:33:34.0066 4948 WebClient - ok

21:33:34.0128 4948 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

21:33:34.0128 4948 Wecsvc - ok

21:33:34.0175 4948 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

21:33:34.0175 4948 wercplsupport - ok

21:33:34.0222 4948 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

21:33:34.0222 4948 WerSvc - ok

21:33:34.0269 4948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

21:33:34.0269 4948 WfpLwf - ok

21:33:34.0300 4948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

21:33:34.0300 4948 WIMMount - ok

21:33:34.0331 4948 WinDefend - ok

21:33:34.0362 4948 WinHttpAutoProxySvc - ok

21:33:34.0440 4948 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

21:33:34.0440 4948 Winmgmt - ok

21:33:34.0565 4948 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

21:33:34.0581 4948 WinRM - ok

21:33:34.0706 4948 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

21:33:34.0706 4948 WinUsb - ok

21:33:34.0799 4948 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

21:33:34.0815 4948 Wlansvc - ok

21:33:35.0049 4948 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:33:35.0064 4948 wlidsvc - ok

21:33:35.0205 4948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

21:33:35.0205 4948 WmiAcpi - ok

21:33:35.0298 4948 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

21:33:35.0298 4948 wmiApSrv - ok

21:33:35.0330 4948 WMPNetworkSvc - ok

21:33:35.0361 4948 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

21:33:35.0361 4948 WPCSvc - ok

21:33:35.0408 4948 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

21:33:35.0408 4948 WPDBusEnum - ok

21:33:35.0439 4948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

21:33:35.0439 4948 ws2ifsl - ok

21:33:35.0486 4948 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll

21:33:35.0501 4948 wscsvc - ok

21:33:35.0501 4948 WSearch - ok

21:33:35.0735 4948 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

21:33:35.0766 4948 wuauserv - ok

21:33:35.0907 4948 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

21:33:35.0907 4948 WudfPf - ok

21:33:35.0938 4948 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

21:33:35.0938 4948 WUDFRd - ok

21:33:36.0000 4948 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

21:33:36.0016 4948 wudfsvc - ok

21:33:36.0078 4948 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

21:33:36.0078 4948 WwanSvc - ok

21:33:36.0125 4948 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

21:33:36.0375 4948 \Device\Harddisk0\DR0 - ok

21:33:36.0390 4948 Boot (0x1200) (247a934d13e923610f20759dcaaa25b8) \Device\Harddisk0\DR0\Partition0

21:33:36.0390 4948 \Device\Harddisk0\DR0\Partition0 - ok

21:33:36.0406 4948 ============================================================

21:33:36.0406 4948 Scan finished

21:33:36.0406 4948 ============================================================

21:33:36.0406 3428 Detected object count: 1

21:33:36.0406 3428 Actual detected object count: 1

21:33:41.0796 3428 sptd ( LockedFile.Multi.Generic ) - skipped by user

21:33:41.0796 3428 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Ok, let's do the following to find out what other infected items is causing this. So, we can remove them.

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it
    really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Next

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Now click on: EOLS3.gif

    [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

    [*]When completed the Online Scan will begin automatically.

    [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

    [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

    [*]Now click on: EOLS4.gif

    [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    [*]Copy and paste that log as a reply to this topic.

In your next reply, please include these log(s):

1.RKreport.txt

2.EsetOnlineScanner\log.txtt

Link to post
Share on other sites

Here's the Rogue Killer log:

RogueKiller V7.5.2 [05/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: shinyaku [Admin rights]

Mode: Scan -- Date: 06/02/2012 10:04:09

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Run : bcwext (rundll32.exe "C:\Users\shinyaku\AppData\Local\Temp\bcwext.dll",SteamAPI_RestartApp) -> FOUND

[bLACKLIST DLL] HKLM\[...]\Run : mandh (rundll32.exe "C:\Users\shinyaku\AppData\Local\Temp\mandh.dll",ConvertMeshSubsetToSingleStrip) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-3786737421-1029651582-3655982258-1000[...]\Run : ctfmon.exe (C:\windows\system32\rundll32.exe C:\PROGRA~3\jmdoexeali.dat,StartAs) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++

--- User ---

[MBR] b0a4b3ab758b1b1c0a81ffba72ced919

[bSP] e324fd1a85efff6f54cded0836f6383f : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 572928 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1176430592 | Size: 22909 Mo

3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1223348224 | Size: 13142 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Link to post
Share on other sites

Here's the ESET scan: 11 possible threats

C:\dnload\Program\gamebooster2.1EN.exe a variant of Win32/Toolbar.Widgi application

C:\dnload\Program\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application

C:\Users\Public\Hadoken should blast Mcafee.zap Win32/HackTool.CheatEngine.AB application

C:\Users\shinyaku\AppData\Local\Temp\mandh.dll a variant of Win32/Medfos.AA trojan

C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n Win64/Sirefef.W trojan

C:\Users\shinyaku\Desktop\RK_Quarantine\mandh.dll.vir a variant of Win32/Medfos.AA trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n Win64/Sirefef.W trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@ Win64/Agent.BA trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000000.@ Win64/Sirefef.AE trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000064.@ Win64/Sirefef.AE trojan

Operating memory multiple threats

Link to post
Share on other sites

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services

    :Reg

    :Files
    C:\dnload\Program\gamebooster2.1EN.exe
    C:\dnload\Program\Nero-7.10.1.0_eng_full.exe
    C:\Users\Public\Hadoken should blast Mcafee.zap
    C:\Users\shinyaku\AppData\Local\Temp\mandh.dll
    C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n
    C:\Users\shinyaku\Desktop\RK_Quarantine\mandh.dll.vir
    C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n
    C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@
    C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000000.@
    C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000032.@
    :Commands
    ipconfig /flushdns /c
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


    Next
    Update Run Malwarebytes

    • Launch Malwarebytes' Anti-Malware
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Hello, just to be sure, after I've downloaded OTM by OldTimer. I've copy the clipboard:

:Processes

:Services

:Reg

:Files

C:\dnload\Program\gamebooster2.1EN.exe

C:\dnload\Program\Nero-7.10.1.0_eng_full.exe

C:\Users\Public\Hadoken should blast Mcafee.zap

C:\Users\shinyaku\AppData\Local\Temp\mandh.dll

C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n

C:\Users\shinyaku\Desktop\RK_Quarantine\mandh.dll.vir

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000000.@

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000032.@

:Commands

ipconfig /flushdns /c

[purity]

[resethosts]

[CREATERESTOREPOINT]

[EMPTYFLASH]

[Reboot]

but after where do I paste the info? When I open OTM, I saw 2 rows, one is (Paste Instructions for Items to be moved) and the other is (Results).

There's also the button MOVE IT! and CleanUP!

Just to make sure before I run malwarebytes... Thanks!

Link to post
Share on other sites

Sorry I left this part out of my post:

  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

Here's the log for OTM:

========== PROCESSES ==========

No active process named :Services was found!

No active process named :Reg was found!

No active process named :Files was found!

No active process named C:\dnload\Program\gamebooster2.1EN.exe was found!

No active process named C:\dnload\Program\Nero-7.10.1.0_eng_full.exe was found!

No active process named C:\Users\Public\Hadoken should blast Mcafee.zap was found!

No active process named C:\Users\shinyaku\AppData\Local\Temp\mandh.dll was found!

No active process named C:\Users\shinyaku\AppData\Local\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n was found!

No active process named C:\Users\shinyaku\Desktop\RK_Quarantine\mandh.dll.vir was found!

No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n was found!

No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@ was found!

No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000000.@ was found!

No active process named C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000032.@ was found!

No active process named :Commands was found!

No active process named ipconfig /flushdns /c was found!

No active process named [purity] was found!

No active process named [resethosts] was found!

No active process named [CREATERESTOREPOINT] was found!

No active process named [EMPTYFLASH] was found!

No active process named [Reboot] was found!

OTM by OldTimer - Version 3.1.19.0 log created on 06032012_185141

Link to post
Share on other sites

Here's MBAM logs with latest updates:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.03.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

shinyaku :: SHINYAKU-PC [administrator]

Protection: Enabled

03/06/2012 6:53:28 PM

mbam-log-2012-06-03 (18-53-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222521

Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Let's install a antivirus and do a full scan as well before we move on.

  • Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.

Note:

Durning installion. Uncheck the two boxes about Avira SearchFree or/and ask toolbar.

Perform a full scan with Avira and let it delete everything it is finding.

Then reboot.

After reboot, open your Avira and select "reports".

There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply

Link to post
Share on other sites

Here's the log for Avira:

Avira Free Antivirus

Report file date: June-03-12 20:54

Scanning for 3786703 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 Home Premium

Windows version : (Service Pack 1) [6.1.7601]

Boot mode : Normally booted

Username : shinyaku

Computer name : SHINYAKU-PC

Version information:

BUILD.DAT : 12.0.0.1125 41829 Bytes 02/05/2012 17:40:00

AVSCAN.EXE : 12.3.0.15 466896 Bytes 02/05/2012 04:48:51

AVSCAN.DLL : 12.3.0.15 54736 Bytes 02/05/2012 19:31:39

LUKE.DLL : 12.3.0.15 68304 Bytes 02/05/2012 05:31:47

AVSCPLR.DLL : 12.3.0.14 97032 Bytes 02/05/2012 04:13:36

AVREG.DLL : 12.3.0.17 232200 Bytes 04/06/2012 00:53:55

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 00:18:34

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 05:23:21

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 05:32:24

VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 15:58:50

VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 16:43:53

VBASE005.VDF : 7.11.29.136 2166272 Bytes 10/05/2012 00:53:31

VBASE006.VDF : 7.11.29.137 2048 Bytes 10/05/2012 00:53:32

VBASE007.VDF : 7.11.29.138 2048 Bytes 10/05/2012 00:53:32

VBASE008.VDF : 7.11.29.139 2048 Bytes 10/05/2012 00:53:32

VBASE009.VDF : 7.11.29.140 2048 Bytes 10/05/2012 00:53:33

VBASE010.VDF : 7.11.29.141 2048 Bytes 10/05/2012 00:53:33

VBASE011.VDF : 7.11.29.142 2048 Bytes 10/05/2012 00:53:33

VBASE012.VDF : 7.11.29.143 2048 Bytes 10/05/2012 00:53:33

VBASE013.VDF : 7.11.29.144 2048 Bytes 10/05/2012 00:53:34

VBASE014.VDF : 7.11.30.3 198144 Bytes 14/05/2012 00:53:35

VBASE015.VDF : 7.11.30.69 186368 Bytes 17/05/2012 00:53:35

VBASE016.VDF : 7.11.30.143 223744 Bytes 21/05/2012 00:53:36

VBASE017.VDF : 7.11.30.207 287744 Bytes 23/05/2012 00:53:37

VBASE018.VDF : 7.11.31.57 188416 Bytes 28/05/2012 00:53:38

VBASE019.VDF : 7.11.31.111 214528 Bytes 30/05/2012 00:53:39

VBASE020.VDF : 7.11.31.151 116736 Bytes 31/05/2012 00:53:40

VBASE021.VDF : 7.11.31.205 134144 Bytes 03/06/2012 00:53:40

VBASE022.VDF : 7.11.31.206 2048 Bytes 03/06/2012 00:53:40

VBASE023.VDF : 7.11.31.207 2048 Bytes 03/06/2012 00:53:41

VBASE024.VDF : 7.11.31.208 2048 Bytes 03/06/2012 00:53:41

VBASE025.VDF : 7.11.31.209 2048 Bytes 03/06/2012 00:53:41

VBASE026.VDF : 7.11.31.210 2048 Bytes 03/06/2012 00:53:41

VBASE027.VDF : 7.11.31.211 2048 Bytes 03/06/2012 00:53:42

VBASE028.VDF : 7.11.31.212 2048 Bytes 03/06/2012 00:53:42

VBASE029.VDF : 7.11.31.213 2048 Bytes 03/06/2012 00:53:42

VBASE030.VDF : 7.11.31.214 2048 Bytes 03/06/2012 00:53:43

VBASE031.VDF : 7.11.31.218 2048 Bytes 03/06/2012 00:53:43

Engine version : 8.2.10.80

AEVDF.DLL : 8.1.2.8 106867 Bytes 04/06/2012 00:53:52

AESCRIPT.DLL : 8.1.4.24 450939 Bytes 04/06/2012 00:53:52

AESCN.DLL : 8.1.8.2 131444 Bytes 16/02/2012 22:11:36

AESBX.DLL : 8.2.5.10 606580 Bytes 04/06/2012 00:53:53

AERDL.DLL : 8.1.9.15 639348 Bytes 21/01/2012 05:22:40

AEPACK.DLL : 8.2.16.16 807288 Bytes 04/06/2012 00:53:51

AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26/04/2012 22:41:32

AEHEUR.DLL : 8.1.4.36 4874615 Bytes 04/06/2012 00:53:50

AEHELP.DLL : 8.1.21.0 254326 Bytes 04/06/2012 00:53:45

AEGEN.DLL : 8.1.5.28 422260 Bytes 26/04/2012 22:41:31

AEEXP.DLL : 8.1.0.44 82293 Bytes 04/06/2012 00:53:53

AEEMU.DLL : 8.1.3.0 393589 Bytes 21/01/2012 05:22:36

AECORE.DLL : 8.1.25.10 201080 Bytes 04/06/2012 00:53:44

AEBB.DLL : 8.1.1.0 53618 Bytes 21/01/2012 05:22:35

AVWINLL.DLL : 12.3.0.15 27344 Bytes 02/05/2012 04:59:21

AVPREF.DLL : 12.3.0.15 51920 Bytes 02/05/2012 04:44:31

AVREP.DLL : 12.3.0.15 179208 Bytes 02/05/2012 04:13:35

AVARKT.DLL : 12.3.0.15 211408 Bytes 02/05/2012 04:21:32

AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 02/05/2012 04:28:49

SQLITE3.DLL : 3.7.0.1 398288 Bytes 17/04/2012 03:11:02

AVSMTP.DLL : 12.3.0.15 63440 Bytes 02/05/2012 04:51:35

NETNT.DLL : 12.3.0.15 17104 Bytes 02/05/2012 05:33:29

RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 02/05/2012 06:03:52

RCTEXT.DLL : 12.3.0.15 96720 Bytes 02/05/2012 19:40:44

Configuration settings for the scan:

Jobname.............................: Short system scan after installation

Configuration file..................: c:\program files (x86)\avira\antivir desktop\setupprf.dat

Logging.............................: default

Primary action......................: Interactive

Secondary action....................: Ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: extended

Start of the scan: June-03-12 20:54

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avconfig.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'UNS.exe' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned

Scan process 'setup.exe' - '1' Module(s) have been scanned

Scan process 'presetup.exe' - '1' Module(s) have been scanned

Scan process 'avira_free_antivirus_en.exe' - '1' Module(s) have been scanned

Module is OK -> <C:\Users\shinyaku\Desktop\avira_free_antivirus_en.exe>

[WARNING] The file is password protected

Scan process 'CFSwMgr.exe' - '1' Module(s) have been scanned

Scan process 'NDSTray.exe' - '1' Module(s) have been scanned

Scan process 'opera.exe' - '1' Module(s) have been scanned

Scan process 'mbamgui.exe' - '1' Module(s) have been scanned

Scan process 'reader_sl.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'winampa.exe' - '1' Module(s) have been scanned

Scan process 'TSleepSrv.exe' - '1' Module(s) have been scanned

Scan process 'KeNotify.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'daemonu.exe' - '1' Module(s) have been scanned

Scan process 'LMS.exe' - '1' Module(s) have been scanned

Scan process 'BsMobileCS.exe' - '1' Module(s) have been scanned

Scan process 'BlueSoleilCS.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).

C:\Users\shinyaku\AppData\Local\Temp\mandh.dll

[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan

C:\Program Files (x86)\DOSBox-0.72\uninstall.exe

[WARNING] Invalid end of file

C:\Program Files (x86)\DOSBox-0.74\uninstall.exe

[WARNING] Invalid end of file

C:\Windows\Sysnative\drivers\sptd.sys

[WARNING] The file could not be opened!

The registry was scanned ( '3848' files ).

Beginning disinfection:

The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit> was successfully repaired.

The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mandh> was successfully repaired.

C:\Users\shinyaku\AppData\Local\Temp\mandh.dll

[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan

[WARNING] The file could not be copied to quarantine!

[WARNING] The file could not be deleted!

[NOTE] The file is scheduled for deleting after reboot.

[NOTE] For the final repair, a restart of the computer is instigated.

[NOTE] The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mandh> was successfully repaired.

Link to post
Share on other sites

Okay, when I restarted the laptop after scan, it's somewhat slowdown a little bit of the computer speed. And i've got a pop-up of Avira saying:

A virus or unwanted program (TR/ATRAPS.Gen2) was found in file c:\Windows\Installer\...\80000064.@

So what do I do now? And thanks for your help.

Link to post
Share on other sites

Oh I thought the first scan (that took me around 10 minutes) of Avira was the full scan, now here's the full scan of Avira that scanned for 3 hours:

Avira Free Antivirus

Report file date: June-03-12 21:14

Scanning for 3786703 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 Home Premium

Windows version : (Service Pack 1) [6.1.7601]

Boot mode : Normally booted

Username : SYSTEM

Computer name : SHINYAKU-PC

Version information:

BUILD.DAT : 12.0.0.1125 41829 Bytes 02/05/2012 17:40:00

AVSCAN.EXE : 12.3.0.15 466896 Bytes 02/05/2012 04:48:51

AVSCAN.DLL : 12.3.0.15 54736 Bytes 02/05/2012 19:31:39

LUKE.DLL : 12.3.0.15 68304 Bytes 02/05/2012 05:31:47

AVSCPLR.DLL : 12.3.0.14 97032 Bytes 02/05/2012 04:13:36

AVREG.DLL : 12.3.0.17 232200 Bytes 04/06/2012 00:53:55

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 00:18:34

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 05:23:21

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 05:32:24

VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 15:58:50

VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 16:43:53

VBASE005.VDF : 7.11.29.136 2166272 Bytes 10/05/2012 00:53:31

VBASE006.VDF : 7.11.29.137 2048 Bytes 10/05/2012 00:53:32

VBASE007.VDF : 7.11.29.138 2048 Bytes 10/05/2012 00:53:32

VBASE008.VDF : 7.11.29.139 2048 Bytes 10/05/2012 00:53:32

VBASE009.VDF : 7.11.29.140 2048 Bytes 10/05/2012 00:53:33

VBASE010.VDF : 7.11.29.141 2048 Bytes 10/05/2012 00:53:33

VBASE011.VDF : 7.11.29.142 2048 Bytes 10/05/2012 00:53:33

VBASE012.VDF : 7.11.29.143 2048 Bytes 10/05/2012 00:53:33

VBASE013.VDF : 7.11.29.144 2048 Bytes 10/05/2012 00:53:34

VBASE014.VDF : 7.11.30.3 198144 Bytes 14/05/2012 00:53:35

VBASE015.VDF : 7.11.30.69 186368 Bytes 17/05/2012 00:53:35

VBASE016.VDF : 7.11.30.143 223744 Bytes 21/05/2012 00:53:36

VBASE017.VDF : 7.11.30.207 287744 Bytes 23/05/2012 00:53:37

VBASE018.VDF : 7.11.31.57 188416 Bytes 28/05/2012 00:53:38

VBASE019.VDF : 7.11.31.111 214528 Bytes 30/05/2012 00:53:39

VBASE020.VDF : 7.11.31.151 116736 Bytes 31/05/2012 00:53:40

VBASE021.VDF : 7.11.31.205 134144 Bytes 03/06/2012 00:53:40

VBASE022.VDF : 7.11.31.206 2048 Bytes 03/06/2012 00:53:40

VBASE023.VDF : 7.11.31.207 2048 Bytes 03/06/2012 00:53:41

VBASE024.VDF : 7.11.31.208 2048 Bytes 03/06/2012 00:53:41

VBASE025.VDF : 7.11.31.209 2048 Bytes 03/06/2012 00:53:41

VBASE026.VDF : 7.11.31.210 2048 Bytes 03/06/2012 00:53:41

VBASE027.VDF : 7.11.31.211 2048 Bytes 03/06/2012 00:53:42

VBASE028.VDF : 7.11.31.212 2048 Bytes 03/06/2012 00:53:42

VBASE029.VDF : 7.11.31.213 2048 Bytes 03/06/2012 00:53:42

VBASE030.VDF : 7.11.31.214 2048 Bytes 03/06/2012 00:53:43

VBASE031.VDF : 7.11.31.218 2048 Bytes 03/06/2012 00:53:43

Engine version : 8.2.10.80

AEVDF.DLL : 8.1.2.8 106867 Bytes 04/06/2012 00:53:52

AESCRIPT.DLL : 8.1.4.24 450939 Bytes 04/06/2012 00:53:52

AESCN.DLL : 8.1.8.2 131444 Bytes 16/02/2012 22:11:36

AESBX.DLL : 8.2.5.10 606580 Bytes 04/06/2012 00:53:53

AERDL.DLL : 8.1.9.15 639348 Bytes 21/01/2012 05:22:40

AEPACK.DLL : 8.2.16.16 807288 Bytes 04/06/2012 00:53:51

AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26/04/2012 22:41:32

AEHEUR.DLL : 8.1.4.36 4874615 Bytes 04/06/2012 00:53:50

AEHELP.DLL : 8.1.21.0 254326 Bytes 04/06/2012 00:53:45

AEGEN.DLL : 8.1.5.28 422260 Bytes 26/04/2012 22:41:31

AEEXP.DLL : 8.1.0.44 82293 Bytes 04/06/2012 00:53:53

AEEMU.DLL : 8.1.3.0 393589 Bytes 21/01/2012 05:22:36

AECORE.DLL : 8.1.25.10 201080 Bytes 04/06/2012 00:53:44

AEBB.DLL : 8.1.1.0 53618 Bytes 21/01/2012 05:22:35

AVWINLL.DLL : 12.3.0.15 27344 Bytes 02/05/2012 04:59:21

AVPREF.DLL : 12.3.0.15 51920 Bytes 02/05/2012 04:44:31

AVREP.DLL : 12.3.0.15 179208 Bytes 02/05/2012 04:13:35

AVARKT.DLL : 12.3.0.15 211408 Bytes 02/05/2012 04:21:32

AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 02/05/2012 04:28:49

SQLITE3.DLL : 3.7.0.1 398288 Bytes 17/04/2012 03:11:02

AVSMTP.DLL : 12.3.0.15 63440 Bytes 02/05/2012 04:51:35

NETNT.DLL : 12.3.0.15 17104 Bytes 02/05/2012 05:33:29

RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 02/05/2012 06:03:52

RCTEXT.DLL : 12.3.0.15 96720 Bytes 02/05/2012 19:40:44

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20120603-210836-6E268005.avp

Logging.............................: default

Primary action......................: Interactive

Secondary action....................: Ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: extended

Start of the scan: June-03-12 21:14

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting search for hidden objects.

Hidden driver

[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started

Scan process 'avscan.exe' - '103' Module(s) have been scanned

Scan process 'ping.exe' - '22' Module(s) have been scanned

Scan process 'avscan.exe' - '83' Module(s) have been scanned

Scan process 'opera.exe' - '69' Module(s) have been scanned

Scan process 'UNS.exe' - '54' Module(s) have been scanned

Scan process 'mbamservice.exe' - '41' Module(s) have been scanned

Scan process 'CFSwMgr.exe' - '56' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '48' Module(s) have been scanned

Scan process 'avgnt.exe' - '77' Module(s) have been scanned

Scan process 'mbamgui.exe' - '35' Module(s) have been scanned

Scan process 'winampa.exe' - '22' Module(s) have been scanned

Scan process 'TSleepSrv.exe' - '28' Module(s) have been scanned

Scan process 'KeNotify.exe' - '24' Module(s) have been scanned

Scan process 'NDSTray.exe' - '78' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '55' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '27' Module(s) have been scanned

Scan process 'daemonu.exe' - '48' Module(s) have been scanned

Scan process 'LMS.exe' - '29' Module(s) have been scanned

Scan process 'BsMobileCS.exe' - '33' Module(s) have been scanned

Scan process 'BlueSoleilCS.exe' - '59' Module(s) have been scanned

Scan process 'avguard.exe' - '73' Module(s) have been scanned

Scan process 'sched.exe' - '43' Module(s) have been scanned

Starting to scan executable files (registry).

C:\Program Files (x86)\DOSBox-0.72\uninstall.exe

[WARNING] Invalid end of file

C:\Program Files (x86)\DOSBox-0.74\uninstall.exe

[WARNING] Invalid end of file

C:\Windows\Sysnative\drivers\sptd.sys

[WARNING] The file could not be opened!

The registry was scanned ( '3781' files ).

Starting the file scan:

Begin scan in 'C:\' <S3A9104D008>

C:\dnload\Games\PC\Need.for.Speed.Underground.2\Keygen\nfsu2 keygen.exe

[DETECTION] Is the TR/Packed.22775 Trojan

C:\dnload\Program\Adobe DreamWeaver CS3.part1.rar

[WARNING] Error multiple volume

C:\dnload\Program\Adobe DreamWeaver CS3.part2.rar

[WARNING] Error multiple volume

C:\dnload\Program\Adobe DreamWeaver CS3.part3.rar

[WARNING] Error multiple volume

C:\dnload\Program\AntidoteHD.rar

[0] Archive type: RAR

--> AntidoteHD\Patch\AntidoteHD_v4.1_Patcher.exe

[DETECTION] Contains virus patterns of Adware ADWARE/Adseo.1.48

C:\dnload\Program\Cool_Edit_Pro_2.1.7z

[WARNING] Unsupported archive version

C:\dnload\Program\Sony Movie Studio HD Platinum.rar

[0] Archive type: RAR

--> New Folder\patch\vegas.movie.studio.hd.platinum.10.0-mpt.exe

[DETECTION] Is the TR/Gendal.2.802 Trojan

C:\dnload\Program\Xilisoft.Video.Converter.Ultimate.v7.0.0.1219.Incl.Keygen-Lz0.rar

[0] Archive type: RAR

--> Xilisoft.Video.Converter.Ultimate.v7.0.0.1219.Incl.Keygen-Lz0\Lz0\Keygen.exe

[DETECTION] Is the TR/Kazy.32449.1 Trojan

C:\Program Files (x86)\coolpro2\coolpro2.chm

[WARNING] Invalid compressed data

C:\Program Files (x86)\DOSBox-0.72\uninstall.exe

[WARNING] Invalid end of file

C:\Program Files (x86)\DOSBox-0.74\uninstall.exe

[WARNING] Invalid end of file

C:\Program Files (x86)\Winrar\rarnew.dat

[WARNING] Error no files to extract

C:\ProgramData\MFAData\pack\bins\w10idata1209fp.bin

[WARNING] The file is password protected

C:\Users\shinyaku\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\3aa5201d-4a8efd92

[0] Archive type: ZIP

--> b.class

[DETECTION] Contains recognition pattern of the EXP/12-0507.CH.1 exploit

--> main.class

[DETECTION] Contains recognition pattern of the EXP/12-0507.BI.4 exploit

C:\Users\shinyaku\Desktop\avira_free_antivirus_en.exe

[WARNING] The file is password protected

C:\Users\shinyaku\Desktop\RK_Quarantine\mandh.dll.vir

[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan

C:\Users\shinyaku\Downloads\Silk.Road1 - www.alexdang.com.part1.rar

[WARNING] Error multiple volume

C:\Users\shinyaku\Downloads\Silk.Road1 - www.alexdang.com.part2.rar

[WARNING] Error multiple volume

C:\Windows\assembly\GAC_32\Desktop.ini

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

C:\Windows\assembly\GAC_64\Desktop.ini

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\000000cb.@

[DETECTION] Is the TR/Small.FI Trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000000.@

[DETECTION] Is the TR/ATRAPS.Gen Trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000032.@

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000064.@

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

Beginning disinfection:

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000064.@

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '4a7c9bc2.qua'.

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000032.@

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '52ebb466.qua'.

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\80000000.@

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '00b4ee8e.qua'.

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\U\000000cb.@

[DETECTION] Is the TR/Small.FI Trojan

[NOTE] The file was moved to the quarantine directory under the name '6683a14c.qua'.

C:\Windows\Installer\{2b2f1e3f-3eba-e768-7501-387a192c6460}\n

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

[WARNING] The file could not be copied to quarantine!

[WARNING] The file could not be deleted!

[NOTE] The file is scheduled for deleting after reboot.

[NOTE] For the final repair, a restart of the computer is instigated.

C:\Windows\assembly\GAC_64\Desktop.ini

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

[WARNING] The file could not be copied to quarantine!

[WARNING] The file could not be deleted!

[NOTE] For the final repair, a restart of the computer is instigated.

[NOTE] The file is scheduled for deleting after reboot.

[NOTE] For the final repair, a restart of the computer is instigated.

C:\Windows\assembly\GAC_32\Desktop.ini

[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

[WARNING] The file could not be copied to quarantine!

[WARNING] The file could not be deleted!

[NOTE] For the final repair, a restart of the computer is instigated.

[NOTE] The file is scheduled for deleting after reboot.

[NOTE] For the final repair, a restart of the computer is instigated.

C:\Users\shinyaku\Desktop\RK_Quarantine\mandh.dll.vir

[DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5e20feb3.qua'.

C:\Users\shinyaku\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\3aa5201d-4a8efd92

[DETECTION] Contains recognition pattern of the EXP/12-0507.BI.4 exploit

[NOTE] The file was moved to the quarantine directory under the name '475fc529.qua'.

C:\dnload\Program\Xilisoft.Video.Converter.Ultimate.v7.0.0.1219.Incl.Keygen-Lz0.rar

[DETECTION] Is the TR/Kazy.32449.1 Trojan

[NOTE] The file was moved to the quarantine directory under the name '2b16e902.qua'.

C:\dnload\Program\Sony Movie Studio HD Platinum.rar

[DETECTION] Is the TR/Gendal.2.802 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5aadd09f.qua'.

C:\dnload\Program\AntidoteHD.rar

[DETECTION] Contains virus patterns of Adware ADWARE/Adseo.1.48

[NOTE] The file was moved to the quarantine directory under the name '54cde02d.qua'.

C:\dnload\Games\PC\Need.for.Speed.Underground.2\Keygen\nfsu2 keygen.exe

[DETECTION] Is the TR/Packed.22775 Trojan

[NOTE] The file was moved to the quarantine directory under the name '119b9975.qua'.

Link to post
Share on other sites

Okay, drag ComboFix to the recycle bin and grab the latest version before trying to scan again (use the same link and instructions as the first time you ran ComboFix)

Note:

give it at least 30 minutes to start to run.

Link to post
Share on other sites

Hi, good news, Combofix works now :) So here's the log of Combofix:

ComboFix 12-06-04.02 - shinyaku 04/06/2012 19:08:02.1.8 - x64

Running from: c:\users\shinyaku\Desktop\Combo-Fix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\shinyaku\AppData\Roaming\explorateur

c:\users\shinyaku\AppData\Roaming\explorateur\ICSharpCode.SharpZipLib.dll

c:\users\shinyaku\AppData\Roaming\inst.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))

.

.

2012-06-04 00:58 . 2012-06-04 00:58 -------- d-----w- c:\users\shinyaku\AppData\Roaming\Avira

2012-06-04 00:52 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-06-04 00:52 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-06-04 00:52 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-06-04 00:52 . 2012-06-04 00:52 -------- d-----w- c:\programdata\Avira

2012-06-04 00:52 . 2012-06-04 00:52 -------- d-----w- c:\program files (x86)\Avira

2012-06-03 22:51 . 2012-06-03 22:51 -------- d-----w- C:\_OTM

2012-05-30 02:38 . 2012-05-30 02:38 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-05-24 02:00 . 2012-05-24 02:00 -------- d-----w- c:\users\shinyaku\AppData\Roaming\MozillaFirefox4.0

2012-05-21 02:21 . 2012-05-21 02:56 -------- d-----w- c:\program files (x86)\Eusing Free Registry Defrag

2012-05-21 02:19 . 2012-05-21 02:21 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2012-05-19 00:28 . 2012-05-19 00:28 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-19 00:28 . 2012-05-19 00:28 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-12 00:22 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-12 00:22 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-12 00:22 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-12 00:22 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-12 00:22 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-12 00:22 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-12 00:22 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-12 00:22 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-12 00:22 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-12 00:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-12 00:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 00:22 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-07 23:21 . 2012-05-24 04:07 -------- d-----w- c:\users\shinyaku\AppData\Roaming\Ohqu

2012-05-07 23:21 . 2012-05-21 20:49 -------- d-----w- c:\users\shinyaku\AppData\Roaming\Atoc

2012-05-05 23:56 . 2012-05-05 23:55 544032 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-05 23:56 . 2012-05-05 23:55 525600 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-05 23:55 . 2012-05-05 23:55 -------- d-----w- c:\program files\Java

2012-05-05 23:46 . 2012-05-19 03:05 -------- d-----w- c:\users\shinyaku\AppData\Roaming\.minecraft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-08 17:02 . 2012-05-30 01:04 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{217F587F-3C72-4EC5-BB64-5A42CE4B1B56}\mpengine.dll

2012-04-17 11:38 . 2012-04-17 11:38 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-17 11:38 . 2011-10-08 03:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 19:56 . 2010-11-09 14:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 12:22 . 2012-03-31 12:22 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-03-31 12:22 . 2012-03-31 12:22 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-03-31 12:22 . 2012-03-31 12:22 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-10 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 136176]

R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 136176]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]

S2 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-04-13 147563]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPNAT

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 11:38]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 04:26]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 04:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-bcwext - c:\users\shinyaku\AppData\Local\Temp\bcwext.dll

HKLM-Run-mandh - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

.

**************************************************************************

.

Completion time: 2012-06-04 19:28:41 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-04 23:28

.

Pre-Run: 63,551,836,160 bytes free

Post-Run: 63,474,655,232 bytes free

.

- - End Of File - - 35A841C6A70E5991354D51404D27E282

Link to post
Share on other sites

Smile we are getting closer. Good job you done there!

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::
ClearJavaCache::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Be sure to save the ComboFix log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Next

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Post the contents of Combofix.txt and the Malwarebytes in your next reply. Also, let me know how your PC is doing?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.