0access, dropper.bcminer, maybe others

[bluephiyah]

Hi All,

Long time lurker, first time poster. My laptop has been infected with these viruses/trojans, maybe more. They disabled my firewall and Microsoft Security Essentials, though I was able to get MSE back on and scan to find some, it seems like they respawn with a reboot. I ran Malwarebytes' free version and it initially found 28 and cleaned 26. But I had to reboot, and when I did one more scan just to make sure things may have been clean, Malwarebytes found seven. Which sounds good, but I'm not sure. I've been following other posters who have these same problems, but I know that I can't copy and paste their solutions to my system. So, I'm here hoping that some one wiser than me at this would be able to help.

I'm attaching the DDS and Attach files as asked for in the "I'm infected - What do I do now?" pinned topic. There, the poster says that zipping the Attach can be ignored, while the Attach file itself says to zip it and not post unless requested. I'm following the pinned topic and including it unzipped. If this is wrong, my apologies.

Thanks for taking the time to read and offer help.

DDS.txt

Attach.txt

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[bluephiyah]

Hi MrC and thanks so much for your quick reply! Attached, please find the report from RogueKiller.

RKreport1.txt

[MrCharlie]

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.<--------

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:

• 
  
  • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    

  [*]Select Command Prompt

  [*]In the command window type in notepad and press Enter.

  [*]The notepad opens. Under File menu select Open.

  [*]Select "Computer" and find your flash drive letter and close the notepad.

  [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

  Note: Replace letter e with the drive letter of your flash drive.

  [*]The tool will start to run.

  [*]When the tool opens click Yes to disclaimer.

  [*]Press Scan button.

  [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

  services.exe

  [*]Now press the Search button

  [*]When the search is complete, search.txt will also be written to your USB

  [*]Type exit and reboot the computer normally

  [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[bluephiyah]

In hitting F8 and getting to the advanced options screen, an error message (F3-F100-0004) pops up and the only option given is to shut down the computer by hitting ok.

[MrCharlie]

Hey we're neighbors< i just noticed > where in NJ are you from?

Is this a toshiba?

MrC

[bluephiyah]

We are! I'm in Elizabeth, but frequently in Newark for work. And yeah, it's a Toshiba laptop.

[MrCharlie]

Try holding down the Ctrl key while it boots up.

If that doesn't work we'll try a different method to fix your problem, MrC

[bluephiyah]

After I select "repair" the same error message comes up, and I'm forced to shut down.

[MrCharlie]

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[bluephiyah]

I don't think it likes Combofix, as I've gotten two blue screens in just trying to install it. This isn't something that can be done in safe mode, is it?

[MrCharlie]

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[bluephiyah]

Alas, another blue screen.

[MrCharlie]

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[bluephiyah]

Ok, it scanned and there were two logs created. One immediately after the scan and the other after the reboot. They're listed below. Again, thanks for your help with this.

17:44:47.0993 5036 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

17:44:48.0239 5036 ============================================================

17:44:48.0239 5036 Current date / time: 2012/08/15 17:44:48.0239

17:44:48.0239 5036 SystemInfo:

17:44:48.0239 5036

17:44:48.0240 5036 OS Version: 6.1.7601 ServicePack: 1.0

17:44:48.0240 5036 Product type: Workstation

17:44:48.0240 5036 ComputerName: BASE

17:44:48.0240 5036 UserName: blue

17:44:48.0240 5036 Windows directory: C:\windows

17:44:48.0240 5036 System windows directory: C:\windows

17:44:48.0240 5036 Processor architecture: Intel x86

17:44:48.0240 5036 Number of processors: 1

17:44:48.0240 5036 Page size: 0x1000

17:44:48.0240 5036 Boot type: Normal boot

17:44:48.0240 5036 ============================================================

17:44:51.0157 5036 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:44:51.0159 5036 ============================================================

17:44:51.0159 5036 \Device\Harddisk0\DR0:

17:44:51.0159 5036 MBR partitions:

17:44:51.0159 5036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800

17:44:51.0159 5036 ============================================================

17:44:51.0196 5036 C: <-> \Device\Harddisk0\DR0\Partition1

17:44:51.0196 5036 ============================================================

17:44:51.0196 5036 Initialize success

17:44:51.0196 5036 ============================================================

17:45:11.0898 5840 ============================================================

17:45:11.0898 5840 Scan started

17:45:11.0898 5840 Mode: Manual; SigCheck; TDLFS;

17:45:11.0898 5840 ============================================================

17:45:14.0378 5840 ================ Scan services =============================

17:45:14.0612 5840 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

17:45:14.0721 5840 1394ohci - ok

17:45:14.0784 5840 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys

17:45:14.0799 5840 ACPI - ok

17:45:14.0877 5840 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

17:45:14.0955 5840 AcpiPmi - ok

17:45:15.0064 5840 [ 11a52cf7b265631deeb24c6149309eff ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

17:45:15.0080 5840 AdobeARMservice - ok

17:45:15.0142 5840 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

17:45:15.0158 5840 adp94xx - ok

17:45:15.0189 5840 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

17:45:15.0205 5840 adpahci - ok

17:45:15.0236 5840 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

17:45:15.0252 5840 adpu320 - ok

17:45:15.0283 5840 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

17:45:15.0345 5840 AeLookupSvc - ok

17:45:15.0408 5840 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\windows\system32\drivers\afd.sys

17:45:15.0454 5840 AFD - ok

17:45:15.0517 5840 [ 7e10e3bb9b258ad8a9300f91214d67b9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys

17:45:15.0564 5840 AgereSoftModem - ok

17:45:15.0610 5840 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\windows\system32\drivers\agp440.sys

17:45:15.0610 5840 agp440 - ok

17:45:15.0657 5840 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys

17:45:15.0673 5840 aic78xx - ok

17:45:15.0704 5840 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\windows\System32\alg.exe

17:45:15.0735 5840 ALG - ok

17:45:15.0782 5840 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\windows\system32\drivers\aliide.sys

17:45:15.0782 5840 aliide - ok

17:45:15.0844 5840 [ 0bc6704f6fb4c63cdcb85401e8263a1b ] AMD External Events Utility C:\windows\system32\atiesrxx.exe

17:45:15.0891 5840 AMD External Events Utility - ok

17:45:15.0938 5840 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\windows\system32\drivers\amdagp.sys

17:45:15.0954 5840 amdagp - ok

17:45:15.0985 5840 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\windows\system32\drivers\amdide.sys

17:45:16.0016 5840 amdide - ok

17:45:16.0047 5840 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

17:45:16.0094 5840 AmdK8 - ok

17:45:16.0141 5840 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

17:45:16.0188 5840 AmdPPM - ok

17:45:16.0281 5840 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\windows\system32\drivers\amdsata.sys

17:45:16.0297 5840 amdsata - ok

17:45:16.0344 5840 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

17:45:16.0359 5840 amdsbs - ok

17:45:16.0390 5840 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\windows\system32\drivers\amdxata.sys

17:45:16.0406 5840 amdxata - ok

17:45:16.0453 5840 [ aea177f783e20150ace5383ee368da19 ] AppID C:\windows\system32\drivers\appid.sys

17:45:16.0546 5840 AppID - ok

17:45:16.0593 5840 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\windows\System32\appidsvc.dll

17:45:16.0640 5840 AppIDSvc - ok

17:45:16.0687 5840 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\windows\System32\appinfo.dll

17:45:16.0734 5840 Appinfo - ok

17:45:16.0921 5840 [ d503df3aba595f551b98b9bae017a271 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:45:16.0936 5840 Apple Mobile Device - ok

17:45:16.0968 5840 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\windows\system32\DRIVERS\arc.sys

17:45:16.0983 5840 arc - ok

17:45:16.0999 5840 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

17:45:17.0030 5840 arcsas - ok

17:45:17.0077 5840 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

17:45:17.0202 5840 AsyncMac - ok

17:45:17.0233 5840 [ 338c86357871c167a96ab976519bf59e ] atapi C:\windows\system32\drivers\atapi.sys

17:45:17.0248 5840 atapi - ok

17:45:17.0420 5840 [ c97be8350fbcb1960b22fad2e6c2b514 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys

17:45:17.0592 5840 atikmdag - ok

17:45:17.0638 5840 [ b73c832088dd54b55e04ff6f9646ad8c ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys

17:45:18.0044 5840 AtiPcie - ok

17:45:18.0122 5840 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

17:45:18.0153 5840 AudioEndpointBuilder - ok

17:45:18.0169 5840 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\windows\System32\Audiosrv.dll

17:45:18.0200 5840 Audiosrv - ok

17:45:18.0262 5840 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\windows\System32\AxInstSV.dll

17:45:18.0309 5840 AxInstSV - ok

17:45:18.0356 5840 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys

17:45:18.0387 5840 b06bdrv - ok

17:45:18.0418 5840 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys

17:45:18.0450 5840 b57nd60x - ok

17:45:18.0481 5840 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\windows\System32\bdesvc.dll

17:45:18.0543 5840 BDESVC - ok

17:45:18.0559 5840 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\windows\system32\drivers\Beep.sys

17:45:18.0606 5840 Beep - ok

17:45:18.0637 5840 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

17:45:18.0652 5840 blbdrive - ok

17:45:18.0793 5840 [ ebad0f51d8d4dade7660b1851addbd07 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:45:18.0808 5840 Bonjour Service - ok

17:45:18.0871 5840 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys

17:45:18.0886 5840 bowser - ok

17:45:18.0918 5840 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

17:45:18.0964 5840 BrFiltLo - ok

17:45:19.0027 5840 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

17:45:19.0058 5840 BrFiltUp - ok

17:45:19.0105 5840 [ 6e11f33d14d020f58d5e02e4d67dfa19 ] Browser C:\windows\System32\browser.dll

17:45:19.0167 5840 Browser - ok

17:45:19.0198 5840 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\windows\System32\Drivers\Brserid.sys

17:45:19.0230 5840 Brserid - ok

17:45:19.0245 5840 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

17:45:19.0276 5840 BrSerWdm - ok

17:45:19.0323 5840 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

17:45:19.0370 5840 BrUsbMdm - ok

17:45:19.0386 5840 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

17:45:19.0417 5840 BrUsbSer - ok

17:45:19.0448 5840 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

17:45:19.0479 5840 BTHMODEM - ok

17:45:19.0526 5840 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\windows\system32\bthserv.dll

17:45:19.0573 5840 bthserv - ok

17:45:19.0604 5840 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

17:45:19.0666 5840 cdfs - ok

17:45:19.0713 5840 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

17:45:19.0760 5840 cdrom - ok

17:45:19.0854 5840 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\windows\System32\certprop.dll

17:45:19.0900 5840 CertPropSvc - ok

17:45:20.0056 5840 [ 1f8a319d29394f9ce1b7ae020df2ebbf ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

17:45:20.0072 5840 cfWiMAXService - ok

17:45:20.0134 5840 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys

17:45:20.0181 5840 circlass - ok

17:45:20.0244 5840 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\windows\system32\CLFS.sys

17:45:20.0259 5840 CLFS - ok

17:45:20.0368 5840 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:45:20.0368 5840 clr_optimization_v2.0.50727_32 - ok

17:45:20.0509 5840 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:45:20.0524 5840 clr_optimization_v4.0.30319_32 - ok

17:45:20.0571 5840 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

17:45:20.0618 5840 CmBatt - ok

17:45:20.0649 5840 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\windows\system32\drivers\cmdide.sys

17:45:20.0649 5840 cmdide - ok

17:45:20.0680 5840 [ 1b675691ed940766149c93e8f4488d68 ] CNG C:\windows\system32\Drivers\cng.sys

17:45:20.0712 5840 CNG - ok

17:45:20.0743 5840 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

17:45:20.0758 5840 Compbatt - ok

17:45:20.0805 5840 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

17:45:20.0836 5840 CompositeBus - ok

17:45:20.0852 5840 COMSysApp - ok

17:45:20.0899 5840 [ cab0eeaf5295fc96ddd3e19dce27e131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

17:45:20.0899 5840 ConfigFree Service - ok

17:45:20.0930 5840 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

17:45:20.0946 5840 crcdisk - ok

17:45:20.0992 5840 [ a585bebf7d054bd9618eda0922d5484a ] CryptSvc C:\windows\system32\cryptsvc.dll

17:45:21.0039 5840 CryptSvc - ok

17:45:21.0086 5840 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\windows\system32\rpcss.dll

17:45:21.0133 5840 DcomLaunch - ok

17:45:21.0180 5840 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\windows\System32\defragsvc.dll

17:45:21.0226 5840 defragsvc - ok

17:45:21.0289 5840 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\windows\system32\Drivers\dfsc.sys

17:45:21.0320 5840 DfsC - ok

17:45:21.0382 5840 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\windows\system32\dhcpcore.dll

17:45:21.0445 5840 Dhcp - ok

17:45:21.0476 5840 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\windows\system32\drivers\discache.sys

17:45:21.0538 5840 discache - ok

17:45:21.0570 5840 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\windows\system32\DRIVERS\disk.sys

17:45:21.0570 5840 Disk - ok

17:45:21.0632 5840 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\windows\System32\dnsrslvr.dll

17:45:21.0648 5840 Dnscache - ok

17:45:21.0694 5840 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\windows\System32\dot3svc.dll

17:45:21.0741 5840 dot3svc - ok

17:45:21.0804 5840 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\windows\system32\dps.dll

17:45:21.0897 5840 DPS - ok

17:45:21.0944 5840 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

17:45:21.0975 5840 drmkaud - ok

17:45:22.0053 5840 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

17:45:22.0069 5840 DXGKrnl - ok

17:45:22.0131 5840 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\windows\System32\eapsvc.dll

17:45:22.0225 5840 EapHost - ok

17:45:22.0396 5840 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys

17:45:22.0521 5840 ebdrv - ok

17:45:22.0584 5840 [ f42309c4191c506b71db5d1126d26318 ] EFS C:\windows\System32\lsass.exe

17:45:22.0630 5840 EFS - ok

17:45:22.0740 5840 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe

17:45:22.0771 5840 ehRecvr - ok

17:45:22.0802 5840 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\windows\ehome\ehsched.exe

17:45:22.0849 5840 ehSched - ok

17:45:22.0927 5840 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

17:45:22.0958 5840 elxstor - ok

17:45:23.0005 5840 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\windows\system32\drivers\errdev.sys

17:45:23.0036 5840 ErrDev - ok

17:45:23.0098 5840 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\windows\system32\es.dll

17:45:23.0145 5840 EventSystem - ok

17:45:23.0176 5840 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\windows\system32\drivers\exfat.sys

17:45:23.0208 5840 exfat - ok

17:45:23.0239 5840 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\windows\system32\drivers\fastfat.sys

17:45:23.0286 5840 fastfat - ok

17:45:23.0364 5840 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\windows\system32\fxssvc.exe

17:45:23.0410 5840 Fax - ok

17:45:23.0442 5840 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\windows\system32\DRIVERS\fdc.sys

17:45:23.0457 5840 fdc - ok

17:45:23.0488 5840 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\windows\system32\fdPHost.dll

17:45:23.0535 5840 fdPHost - ok

17:45:23.0566 5840 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\windows\system32\fdrespub.dll

17:45:23.0613 5840 FDResPub - ok

17:45:23.0660 5840 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

17:45:23.0676 5840 FileInfo - ok

17:45:23.0722 5840 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\windows\system32\drivers\filetrace.sys

17:45:23.0769 5840 Filetrace - ok

17:45:23.0878 5840 [ abedfd48ac042c6aaad32452e77217a1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:45:23.0925 5840 FLEXnet Licensing Service - ok

17:45:23.0956 5840 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

17:45:23.0972 5840 flpydisk - ok

17:45:24.0003 5840 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

17:45:24.0019 5840 FltMgr - ok

17:45:24.0081 5840 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\windows\system32\FntCache.dll

17:45:24.0128 5840 FontCache - ok

17:45:24.0222 5840 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

17:45:24.0237 5840 FontCache3.0.0.0 - ok

17:45:24.0268 5840 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\windows\system32\drivers\FsDepends.sys

17:45:24.0284 5840 FsDepends - ok

17:45:24.0300 5840 [ a574b4360e438977038aae4bf60d79a2 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

17:45:24.0315 5840 Fs_Rec - ok

17:45:24.0362 5840 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

17:45:24.0378 5840 fvevol - ok

17:45:24.0409 5840 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

17:45:24.0424 5840 gagp30kx - ok

17:45:24.0471 5840 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

17:45:24.0487 5840 GEARAspiWDM - ok

17:45:24.0549 5840 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\windows\System32\gpsvc.dll

17:45:24.0596 5840 gpsvc - ok

17:45:24.0674 5840 [ 51fa91bb463b15fd8eacd5045c3f2fa6 ] hcmon C:\windows\system32\drivers\hcmon.sys

17:45:24.0690 5840 hcmon - ok

17:45:24.0721 5840 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

17:45:24.0752 5840 hcw85cir - ok

17:45:24.0830 5840 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

17:45:24.0877 5840 HdAudAddService - ok

17:45:24.0924 5840 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

17:45:24.0955 5840 HDAudBus - ok

17:45:25.0002 5840 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

17:45:25.0033 5840 HidBatt - ok

17:45:25.0064 5840 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

17:45:25.0111 5840 HidBth - ok

17:45:25.0142 5840 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\windows\system32\DRIVERS\hidir.sys

17:45:25.0189 5840 HidIr - ok

17:45:25.0236 5840 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\windows\system32\hidserv.dll

17:45:25.0282 5840 hidserv - ok

17:45:25.0329 5840 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

17:45:25.0360 5840 HidUsb - ok

17:45:25.0407 5840 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\windows\system32\kmsvc.dll

17:45:25.0438 5840 hkmsvc - ok

17:45:25.0485 5840 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\windows\system32\ListSvc.dll

17:45:25.0516 5840 HomeGroupListener - ok

17:45:25.0563 5840 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\windows\system32\provsvc.dll

17:45:25.0594 5840 HomeGroupProvider - ok

17:45:25.0641 5840 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

17:45:25.0657 5840 HpSAMD - ok

17:45:25.0719 5840 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\windows\system32\drivers\HTTP.sys

17:45:25.0750 5840 HTTP - ok

17:45:25.0813 5840 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

17:45:25.0828 5840 hwpolicy - ok

17:45:25.0906 5840 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys

17:45:25.0922 5840 i8042prt - ok

17:45:25.0984 5840 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\windows\system32\drivers\iaStorV.sys

17:45:26.0000 5840 iaStorV - ok

17:45:26.0094 5840 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:45:26.0109 5840 idsvc - ok

17:45:26.0156 5840 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

17:45:26.0172 5840 iirsp - ok

17:45:26.0250 5840 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\windows\System32\ikeext.dll

17:45:26.0328 5840 IKEEXT - ok

17:45:26.0437 5840 [ e4a2e810cb2607c9c159c0dfb0bd4c88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys

17:45:26.0546 5840 IntcAzAudAddService - ok

17:45:26.0593 5840 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\windows\system32\drivers\intelide.sys

17:45:26.0608 5840 intelide - ok

17:45:26.0640 5840 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

17:45:26.0655 5840 intelppm - ok

17:45:26.0702 5840 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\windows\system32\ipbusenum.dll

17:45:26.0764 5840 IPBusEnum - ok

17:45:26.0796 5840 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

17:45:26.0842 5840 IpFilterDriver - ok

17:45:26.0889 5840 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

17:45:26.0920 5840 IPMIDRV - ok

17:45:26.0952 5840 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\windows\system32\drivers\ipnat.sys

17:45:26.0998 5840 IPNAT - ok

17:45:27.0076 5840 [ 3c30491045dbbd44a42876b3d6f3917d ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

17:45:27.0092 5840 iPod Service - ok

17:45:27.0108 5840 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\windows\system32\drivers\irenum.sys

17:45:27.0170 5840 IRENUM - ok

17:45:27.0217 5840 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\windows\system32\drivers\isapnp.sys

17:45:27.0232 5840 isapnp - ok

17:45:27.0295 5840 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

17:45:27.0310 5840 iScsiPrt - ok

17:45:27.0373 5840 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

17:45:27.0388 5840 kbdclass - ok

17:45:27.0435 5840 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

17:45:27.0466 5840 kbdhid - ok

17:45:27.0498 5840 [ f42309c4191c506b71db5d1126d26318 ] KeyIso C:\windows\system32\lsass.exe

17:45:27.0513 5840 KeyIso - ok

17:45:27.0685 5840 [ 162a5e3a691b903111526147c8d29e6d ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

17:45:27.0700 5840 Kodak AiO Network Discovery Service - ok

17:45:27.0825 5840 [ b5e53fca219a6491e9a1ba146a5d2452 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

17:45:27.0872 5840 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning

17:45:27.0872 5840 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)

17:45:27.0919 5840 [ 412cea1aa78cc02a447f5c9e62b32ff1 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

17:45:27.0934 5840 KSecDD - ok

17:45:27.0966 5840 [ 26c046977e85b95036453d7b88ba1820 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

17:45:27.0981 5840 KSecPkg - ok

17:45:28.0028 5840 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\windows\system32\msdtckrm.dll

17:45:28.0090 5840 KtmRm - ok

17:45:28.0137 5840 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\windows\system32\srvsvc.dll

17:45:28.0184 5840 LanmanServer - ok

17:45:28.0231 5840 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll

17:45:28.0293 5840 LanmanWorkstation - ok

17:45:28.0340 5840 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

17:45:28.0371 5840 lltdio - ok

17:45:28.0402 5840 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\windows\System32\lltdsvc.dll

17:45:28.0496 5840 lltdsvc - ok

17:45:28.0527 5840 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\windows\System32\lmhsvc.dll

17:45:28.0574 5840 lmhosts - ok

17:45:28.0621 5840 [ 6e3d3816749e107883eec5734ce44493 ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys

17:45:28.0636 5840 LPCFilter - ok

17:45:28.0668 5840 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

17:45:28.0683 5840 LSI_FC - ok

17:45:28.0730 5840 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

17:45:28.0746 5840 LSI_SAS - ok

17:45:28.0792 5840 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

17:45:28.0824 5840 LSI_SAS2 - ok

17:45:28.0824 5840 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

17:45:28.0839 5840 LSI_SCSI - ok

17:45:28.0886 5840 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\windows\system32\drivers\luafv.sys

17:45:28.0948 5840 luafv - ok

17:45:28.0995 5840 lvpopflt - ok

17:45:29.0042 5840 LVRS - ok

17:45:29.0214 5840 [ 37e57c48af530df01cdd4e8a2ad77b51 ] LVUVC C:\windows\system32\DRIVERS\lvuvc.sys

17:45:29.0385 5840 LVUVC - ok

17:45:29.0448 5840 [ 8fd868e32459ece2a1bb0169f513d31e ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys

17:45:29.0463 5840 mcdbus ( UnsignedFile.Multi.Generic ) - warning

17:45:29.0463 5840 mcdbus - detected UnsignedFile.Multi.Generic (1)

17:45:29.0510 5840 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

17:45:29.0541 5840 Mcx2Svc - ok

17:45:29.0572 5840 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\windows\system32\DRIVERS\megasas.sys

17:45:29.0588 5840 megasas - ok

17:45:29.0604 5840 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

17:45:29.0619 5840 MegaSR - ok

17:45:29.0666 5840 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\windows\system32\mmcss.dll

17:45:29.0713 5840 MMCSS - ok

17:45:29.0791 5840 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\windows\system32\drivers\modem.sys

17:45:29.0838 5840 Modem - ok

17:45:29.0853 5840 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\windows\system32\DRIVERS\monitor.sys

17:45:29.0884 5840 monitor - ok

17:45:29.0947 5840 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

17:45:29.0962 5840 mouclass - ok

17:45:30.0040 5840 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

17:45:30.0072 5840 mouhid - ok

17:45:30.0103 5840 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\windows\system32\drivers\mountmgr.sys

17:45:30.0118 5840 mountmgr - ok

17:45:30.0212 5840 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

17:45:30.0228 5840 MozillaMaintenance - ok

17:45:30.0274 5840 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\windows\system32\drivers\mpio.sys

17:45:30.0290 5840 mpio - ok

17:45:30.0337 5840 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

17:45:30.0415 5840 mpsdrv - ok

17:45:30.0446 5840 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

17:45:30.0493 5840 MRxDAV - ok

17:45:30.0540 5840 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

17:45:30.0586 5840 mrxsmb - ok

17:45:30.0649 5840 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

17:45:30.0664 5840 mrxsmb10 - ok

17:45:30.0711 5840 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

17:45:30.0758 5840 mrxsmb20 - ok

17:45:30.0805 5840 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\windows\system32\drivers\msahci.sys

17:45:30.0820 5840 msahci - ok

17:45:30.0852 5840 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\windows\system32\drivers\msdsm.sys

17:45:30.0867 5840 msdsm - ok

17:45:30.0898 5840 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\windows\System32\msdtc.exe

17:45:30.0930 5840 MSDTC - ok

17:45:31.0008 5840 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\windows\system32\drivers\Msfs.sys

17:45:31.0039 5840 Msfs - ok

17:45:31.0054 5840 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

17:45:31.0101 5840 mshidkmdf - ok

17:45:31.0148 5840 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys

17:45:31.0164 5840 msisadrv - ok

17:45:31.0195 5840 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll

17:45:31.0242 5840 MSiSCSI - ok

17:45:31.0257 5840 msiserver - ok

17:45:31.0320 5840 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

17:45:31.0366 5840 MSKSSRV - ok

17:45:31.0413 5840 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

17:45:31.0460 5840 MSPCLOCK - ok

17:45:31.0491 5840 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

17:45:31.0538 5840 MSPQM - ok

17:45:31.0569 5840 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys

17:45:31.0585 5840 MsRPC - ok

17:45:31.0632 5840 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

17:45:31.0647 5840 mssmbios - ok

17:45:31.0678 5840 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

17:45:31.0710 5840 MSTEE - ok

17:45:31.0741 5840 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

17:45:31.0772 5840 MTConfig - ok

17:45:31.0803 5840 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\windows\system32\Drivers\mup.sys

17:45:31.0819 5840 Mup - ok

17:45:31.0897 5840 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\windows\system32\qagentRT.dll

17:45:31.0944 5840 napagent - ok

17:45:31.0990 5840 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

17:45:32.0022 5840 NativeWifiP - ok

17:45:32.0053 5840 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\windows\system32\drivers\ndis.sys

17:45:32.0084 5840 NDIS - ok

17:45:32.0115 5840 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

17:45:32.0162 5840 NdisCap - ok

17:45:32.0193 5840 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

17:45:32.0240 5840 NdisTapi - ok

17:45:32.0287 5840 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

17:45:32.0318 5840 Ndisuio - ok

17:45:32.0380 5840 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

17:45:32.0427 5840 NdisWan - ok

17:45:32.0474 5840 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

17:45:32.0505 5840 NDProxy - ok

17:45:32.0536 5840 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

17:45:32.0583 5840 NetBIOS - ok

17:45:32.0630 5840 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

17:45:32.0661 5840 NetBT - ok

17:45:32.0692 5840 [ f42309c4191c506b71db5d1126d26318 ] Netlogon C:\windows\system32\lsass.exe

17:45:32.0708 5840 Netlogon - ok

17:45:32.0755 5840 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\windows\System32\netman.dll

17:45:32.0802 5840 Netman - ok

17:45:32.0833 5840 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\windows\System32\netprofm.dll

17:45:32.0880 5840 netprofm - ok

17:45:32.0926 5840 [ f476ec40033cdb91efbe73eb99b8362d ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:45:32.0942 5840 NetTcpPortSharing - ok

17:45:32.0989 5840 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

17:45:32.0989 5840 nfrd960 - ok

17:45:33.0051 5840 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\windows\System32\nlasvc.dll

17:45:33.0098 5840 NlaSvc - ok

17:45:33.0129 5840 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\windows\system32\drivers\Npfs.sys

17:45:33.0176 5840 Npfs - ok

17:45:33.0207 5840 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\windows\system32\nsisvc.dll

17:45:33.0238 5840 nsi - ok

17:45:33.0285 5840 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

17:45:33.0316 5840 nsiproxy - ok

17:45:33.0394 5840 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\windows\system32\drivers\Ntfs.sys

17:45:33.0426 5840 Ntfs - ok

17:45:33.0472 5840 [ f9756a98d69098dca8945d62858a812c ] Null C:\windows\system32\drivers\Null.sys

17:45:33.0519 5840 Null - ok

17:45:33.0582 5840 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\windows\system32\drivers\nvraid.sys

17:45:33.0597 5840 nvraid - ok

17:45:33.0613 5840 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\windows\system32\drivers\nvstor.sys

17:45:33.0628 5840 nvstor - ok

17:45:33.0675 5840 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\windows\system32\drivers\nv_agp.sys

17:45:33.0691 5840 nv_agp - ok

17:45:33.0722 5840 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

17:45:33.0753 5840 ohci1394 - ok

17:45:33.0831 5840 opdbcijb - ok

17:45:33.0878 5840 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\windows\system32\pnrpsvc.dll

17:45:33.0909 5840 p2pimsvc - ok

17:45:33.0940 5840 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\windows\system32\p2psvc.dll

17:45:33.0972 5840 p2psvc - ok

17:45:34.0003 5840 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\windows\system32\DRIVERS\parport.sys

17:45:34.0018 5840 Parport - ok

17:45:34.0034 5840 [ bf8f6af06da75b336f07e23aef97d93b ] partmgr C:\windows\system32\drivers\partmgr.sys

17:45:34.0050 5840 partmgr - ok

17:45:34.0081 5840 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys

17:45:34.0112 5840 Parvdm - ok

17:45:34.0143 5840 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\windows\System32\pcasvc.dll

17:45:34.0174 5840 PcaSvc - ok

17:45:34.0252 5840 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\windows\system32\drivers\pci.sys

17:45:34.0268 5840 pci - ok

17:45:34.0299 5840 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\windows\system32\drivers\pciide.sys

17:45:34.0315 5840 pciide - ok

17:45:34.0362 5840 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

17:45:34.0377 5840 pcmcia - ok

17:45:34.0393 5840 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\windows\system32\drivers\pcw.sys

17:45:34.0408 5840 pcw - ok

17:45:34.0471 5840 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\windows\system32\drivers\peauth.sys

17:45:34.0502 5840 PEAUTH - ok

17:45:34.0611 5840 [ edffbc067c9321d2076b3d6f33e0d4c6 ] PenCommService C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe

17:45:34.0642 5840 PenCommService ( UnsignedFile.Multi.Generic ) - warning

17:45:34.0642 5840 PenCommService - detected UnsignedFile.Multi.Generic (1)

17:45:34.0798 5840 [ bd24e98e6546adf6a31a41485483eb6c ] Pharos Systems ComTaskMaster C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe

17:45:34.0845 5840 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - warning

17:45:34.0845 5840 Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic (1)

17:45:34.0939 5840 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\windows\system32\pla.dll

17:45:35.0001 5840 pla - ok

17:45:35.0048 5840 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\windows\system32\umpnpmgr.dll

17:45:35.0079 5840 PlugPlay - ok

17:45:35.0126 5840 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

17:45:35.0157 5840 PNRPAutoReg - ok

17:45:35.0188 5840 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\windows\system32\pnrpsvc.dll

17:45:35.0204 5840 PNRPsvc - ok

17:45:35.0251 5840 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\windows\System32\ipsecsvc.dll

17:45:35.0298 5840 PolicyAgent - ok

17:45:35.0344 5840 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\windows\system32\umpo.dll

17:45:35.0391 5840 Power - ok

17:45:35.0438 5840 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

17:45:35.0500 5840 PptpMiniport - ok

17:45:35.0532 5840 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\windows\system32\DRIVERS\processr.sys

17:45:35.0547 5840 Processor - ok

17:45:35.0594 5840 [ 43ca4ccc22d52fb58e8988f0198851d0 ] ProfSvc C:\windows\system32\profsvc.dll

17:45:35.0625 5840 ProfSvc - ok

17:45:35.0656 5840 [ f42309c4191c506b71db5d1126d26318 ] ProtectedStorage C:\windows\system32\lsass.exe

17:45:35.0672 5840 ProtectedStorage - ok

17:45:35.0703 5840 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\windows\system32\DRIVERS\pacer.sys

17:45:35.0766 5840 Psched - ok

17:45:35.0875 5840 [ 82749a87e49fdc46e6d1b9627507dd75 ] PulseUsb C:\windows\system32\DRIVERS\PulseUsb.sys

17:45:35.0890 5840 PulseUsb ( UnsignedFile.Multi.Generic ) - warning

17:45:35.0890 5840 PulseUsb - detected UnsignedFile.Multi.Generic (1)

17:45:35.0953 5840 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

17:45:35.0984 5840 ql2300 - ok

17:45:36.0031 5840 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

17:45:36.0046 5840 ql40xx - ok

17:45:36.0078 5840 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\windows\system32\qwave.dll

17:45:36.0109 5840 QWAVE - ok

17:45:36.0140 5840 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

17:45:36.0171 5840 QWAVEdrv - ok

17:45:36.0202 5840 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

17:45:36.0249 5840 RasAcd - ok

17:45:36.0296 5840 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

17:45:36.0312 5840 RasAgileVpn - ok

17:45:36.0374 5840 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\windows\System32\rasauto.dll

17:45:36.0405 5840 RasAuto - ok

17:45:36.0452 5840 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

17:45:36.0499 5840 Rasl2tp - ok

17:45:36.0561 5840 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\windows\System32\rasmans.dll

17:45:36.0624 5840 RasMan - ok

17:45:36.0670 5840 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

17:45:36.0702 5840 RasPppoe - ok

17:45:36.0717 5840 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

17:45:36.0780 5840 RasSstp - ok

17:45:36.0826 5840 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

17:45:36.0889 5840 rdbss - ok

17:45:36.0920 5840 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

17:45:36.0936 5840 rdpbus - ok

17:45:36.0998 5840 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

17:45:37.0029 5840 RDPCDD - ok

17:45:37.0092 5840 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

17:45:37.0138 5840 RDPENCDD - ok

17:45:37.0185 5840 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

17:45:37.0232 5840 RDPREFMP - ok

17:45:37.0294 5840 [ 288b06960d78428ff89e811632684e20 ] RDPWD C:\windows\system32\drivers\RDPWD.sys

17:45:37.0341 5840 RDPWD - ok

17:45:37.0388 5840 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

17:45:37.0404 5840 rdyboost - ok

17:45:37.0435 5840 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\windows\System32\mprdim.dll

17:45:37.0466 5840 RemoteAccess - ok

17:45:37.0528 5840 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\windows\system32\regsvc.dll

17:45:37.0575 5840 RemoteRegistry - ok

17:45:37.0622 5840 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

17:45:37.0684 5840 RpcEptMapper - ok

17:45:37.0747 5840 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\windows\system32\locator.exe

17:45:37.0778 5840 RpcLocator - ok

17:45:37.0809 5840 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\windows\system32\rpcss.dll

17:45:37.0872 5840 RpcSs - ok

17:45:37.0903 5840 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

17:45:37.0950 5840 rspndr - ok

17:45:37.0996 5840 [ ef8b2afc3c0751c5e5a59983c8893260 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

17:45:38.0043 5840 RSUSBSTOR - ok

17:45:38.0090 5840 [ 26a9d6227d12b9d9da5a81bb9b55d810 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys

17:45:38.0121 5840 RTL8167 - ok

17:45:38.0184 5840 [ e48daf453d773a89a44134ce4ba9af44 ] RTL8187Se C:\windows\system32\DRIVERS\RTL8187Se.sys

17:45:38.0230 5840 RTL8187Se - ok

17:45:38.0246 5840 RtsUIR - ok

17:45:38.0277 5840 [ f42309c4191c506b71db5d1126d26318 ] SamSs C:\windows\system32\lsass.exe

17:45:38.0293 5840 SamSs - ok

17:45:38.0340 5840 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\windows\system32\drivers\sbp2port.sys

17:45:38.0340 5840 sbp2port - ok

17:45:38.0386 5840 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\windows\System32\SCardSvr.dll

17:45:38.0418 5840 SCardSvr - ok

17:45:38.0464 5840 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

17:45:38.0511 5840 scfilter - ok

17:45:38.0574 5840 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\windows\system32\schedsvc.dll

17:45:38.0652 5840 Schedule - ok

17:45:38.0667 5840 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\windows\System32\certprop.dll

17:45:38.0714 5840 SCPolicySvc - ok

17:45:38.0776 5840 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\windows\System32\SDRSVC.dll

17:45:38.0839 5840 SDRSVC - ok

17:45:38.0886 5840 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\windows\system32\drivers\secdrv.sys

17:45:38.0932 5840 secdrv - ok

17:45:38.0964 5840 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\windows\system32\seclogon.dll

17:45:39.0026 5840 seclogon - ok

17:45:39.0057 5840 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\windows\System32\sens.dll

17:45:39.0088 5840 SENS - ok

17:45:39.0104 5840 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\windows\system32\sensrsvc.dll

17:45:39.0135 5840 SensrSvc - ok

17:45:39.0182 5840 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys

17:45:39.0182 5840 Serenum - ok

17:45:39.0213 5840 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\windows\system32\DRIVERS\serial.sys

17:45:39.0229 5840 Serial - ok

17:45:39.0291 5840 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

17:45:39.0291 5840 sermouse - ok

17:45:39.0354 5840 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\windows\system32\sessenv.dll

17:45:39.0400 5840 SessionEnv - ok

17:45:39.0447 5840 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\windows\system32\drivers\sffdisk.sys

17:45:39.0463 5840 sffdisk - ok

17:45:39.0494 5840 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

17:45:39.0510 5840 sffp_mmc - ok

17:45:39.0525 5840 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

17:45:39.0556 5840 sffp_sd - ok

17:45:39.0588 5840 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

17:45:39.0634 5840 sfloppy - ok

17:45:39.0697 5840 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll

17:45:39.0744 5840 ShellHWDetection - ok

17:45:39.0822 5840 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\windows\system32\drivers\sisagp.sys

17:45:39.0837 5840 sisagp - ok

17:45:39.0900 5840 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

17:45:39.0915 5840 SiSRaid2 - ok

17:45:39.0946 5840 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

17:45:39.0962 5840 SiSRaid4 - ok

17:45:39.0978 5840 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\windows\system32\DRIVERS\smb.sys

17:45:40.0009 5840 Smb - ok

17:45:40.0071 5840 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\windows\System32\snmptrap.exe

17:45:40.0087 5840 SNMPTRAP - ok

17:45:40.0134 5840 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\windows\system32\drivers\spldr.sys

17:45:40.0149 5840 spldr - ok

17:45:40.0196 5840 [ 866a43013535dc8587c258e43579c764 ] Spooler C:\windows\System32\spoolsv.exe

17:45:40.0227 5840 Spooler - ok

17:45:40.0352 5840 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\windows\system32\sppsvc.exe

17:45:40.0492 5840 sppsvc - ok

17:45:40.0539 5840 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\windows\system32\sppuinotify.dll

17:45:40.0586 5840 sppuinotify - ok

17:45:40.0633 5840 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\windows\system32\DRIVERS\srv.sys

17:45:40.0664 5840 srv - ok

17:45:40.0726 5840 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\windows\system32\DRIVERS\srv2.sys

17:45:40.0758 5840 srv2 - ok

17:45:40.0789 5840 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

17:45:40.0804 5840 srvnet - ok

17:45:40.0882 5840 [ 64e44acd8c238fcbbb78f0ba4bdc4b05 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys

17:45:40.0914 5840 ssadbus - ok

17:45:40.0960 5840 [ 1a5a397bc459f346ab56492b61ef79f6 ] ssadserd C:\windows\system32\DRIVERS\ssadserd.sys

17:45:40.0992 5840 ssadserd - ok

17:45:41.0070 5840 [ d5dffeaa1e15d4effabb9d9a3068ac5b ] sscdbus C:\windows\system32\DRIVERS\sscdbus.sys

17:45:41.0101 5840 sscdbus - ok

17:45:41.0163 5840 [ 8a1be0c347814f482f493aea619d57f6 ] sscdmdfl C:\windows\system32\DRIVERS\sscdmdfl.sys

17:45:41.0179 5840 sscdmdfl - ok

17:45:41.0226 5840 [ 5ab0b1987f682a59b15b78f84c6ad7d0 ] sscdmdm C:\windows\system32\DRIVERS\sscdmdm.sys

17:45:41.0272 5840 sscdmdm - ok

17:45:41.0350 5840 [ 751e66eb32efa80633b80f5d7ff0a1d8 ] sscdserd C:\windows\system32\DRIVERS\sscdserd.sys

17:45:41.0382 5840 sscdserd - ok

17:45:41.0444 5840 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

17:45:41.0475 5840 SSDPSRV - ok

17:45:41.0491 5840 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\windows\system32\sstpsvc.dll

17:45:41.0553 5840 SstpSvc - ok

17:45:41.0600 5840 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

17:45:41.0600 5840 stexstor - ok

17:45:41.0678 5840 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\windows\System32\wiaservc.dll

17:45:41.0725 5840 StiSvc - ok

17:45:41.0772 5840 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\windows\system32\drivers\swenum.sys

17:45:41.0787 5840 swenum - ok

17:45:41.0881 5840 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\windows\System32\swprv.dll

17:45:41.0943 5840 swprv - ok

17:45:41.0974 5840 [ 8bd10dc8809dc69a1c5a795cb10add76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

17:45:42.0068 5840 SynTP - ok

17:45:42.0177 5840 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\windows\system32\sysmain.dll

17:45:42.0208 5840 SysMain - ok

17:45:42.0286 5840 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\windows\System32\TabSvc.dll

17:45:42.0333 5840 TabletInputService - ok

17:45:42.0396 5840 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\windows\System32\tapisrv.dll

17:45:42.0458 5840 TapiSrv - ok

17:45:42.0489 5840 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\windows\System32\tbssvc.dll

17:45:42.0536 5840 TBS - ok

17:45:42.0630 5840 [ 04e4a7d53a7ace02e8c55b17a498f631 ] Tcpip C:\windows\system32\drivers\tcpip.sys

17:45:42.0661 5840 Tcpip - ok

17:45:42.0692 5840 [ 04e4a7d53a7ace02e8c55b17a498f631 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

17:45:42.0723 5840 TCPIP6 - ok

17:45:42.0817 5840 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

17:45:42.0864 5840 tcpipreg - ok

17:45:42.0926 5840 [ 4084ea00d50c858d6f9038f86ae2e2d0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

17:45:42.0926 5840 tdcmdpst - ok

17:45:42.0973 5840 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

17:45:43.0004 5840 TDPIPE - ok

17:45:43.0035 5840 [ 2c10395baa4847f83042813c515cc289 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

17:45:43.0082 5840 TDTCP - ok

17:45:43.0129 5840 [ b459575348c20e8121d6039da063c704 ] tdx C:\windows\system32\DRIVERS\tdx.sys

17:45:43.0191 5840 tdx - ok

17:45:43.0222 5840 [ 04dbf4b01ea4bf25a9a3e84affac9b20 ] TermDD C:\windows\system32\drivers\termdd.sys

17:45:43.0238 5840 TermDD - ok

17:45:43.0300 5840 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\windows\System32\termsrv.dll

17:45:43.0363 5840 TermService - ok

17:45:43.0410 5840 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\windows\system32\themeservice.dll

17:45:43.0441 5840 Themes - ok

17:45:43.0472 5840 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\windows\system32\mmcss.dll

17:45:43.0503 5840 THREADORDER - ok

17:45:43.0550 5840 [ 32577b987ae5401038451bb392cb8d89 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

17:45:43.0566 5840 TMachInfo - ok

17:45:43.0597 5840 [ fe65d33b7d4ff07dd1d29526a48df810 ] TODDSrv C:\Windows\system32\TODDSrv.exe

17:45:43.0612 5840 TODDSrv - ok

17:45:43.0675 5840 [ 451b09ba1a0d019ba0b5a27229559d55 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

17:45:43.0690 5840 TosCoSrv - ok

17:45:43.0737 5840 [ 94ecabe1ba3559214fe6c3ce6c9677eb ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

17:45:43.0753 5840 TOSHIBA HDD SSD Alert Service - ok

17:45:43.0846 5840 [ 969377943fe7284609babbab4e06b93c ] tos_sps32 C:\windows\system32\DRIVERS\tos_sps32.sys

17:45:43.0862 5840 tos_sps32 - ok

17:45:43.0971 5840 [ 8d83c60de67c2db212452d8ebe7ca196 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe

17:45:44.0003 5840 TouchServicePen - ok

17:45:44.0034 5840 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\windows\System32\trkwks.dll

17:45:44.0096 5840 TrkWks - ok

17:45:44.0159 5840 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

17:45:44.0237 5840 TrustedInstaller - ok

17:45:44.0268 5840 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

17:45:44.0315 5840 tssecsrv - ok

17:45:44.0393 5840 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

17:45:44.0424 5840 TsUsbFlt - ok

17:45:44.0502 5840 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

17:45:44.0549 5840 tunnel - ok

17:45:44.0580 5840 [ fc24015b4052600c324c43e3a79c0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

17:45:44.0611 5840 TVALZ - ok

17:45:44.0642 5840 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

17:45:44.0658 5840 uagp35 - ok

17:45:44.0705 5840 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\windows\system32\DRIVERS\udfs.sys

17:45:44.0751 5840 udfs - ok

17:45:44.0907 5840 [ 215462ae7e6a897d675e84dd1e3b3b56 ] ufad-ws60 C:\Program Files\VMware\VMware Player\vmware-ufad.exe

17:45:44.0939 5840 ufad-ws60 - ok

17:45:44.0985 5840 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\windows\system32\UI0Detect.exe

17:45:45.0032 5840 UI0Detect - ok

17:45:45.0079 5840 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

17:45:45.0095 5840 uliagpkx - ok

17:45:45.0141 5840 [ d295bed4b898f0fd999fcfa9b32b071b ] umbus C:\windows\system32\drivers\umbus.sys

17:45:45.0173 5840 umbus - ok

17:45:45.0204 5840 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\windows\system32\DRIVERS\umpass.sys

17:45:45.0235 5840 UmPass - ok

17:45:45.0344 5840 [ 927754abf077aeb5504be4e0f2c60c1b ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

17:45:45.0391 5840 UMVPFSrv - ok

17:45:45.0422 5840 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\windows\System32\upnphost.dll

17:45:45.0469 5840 upnphost - ok

17:45:45.0547 5840 [ 1d9f2bd026e8e2d45033a4df3f16b78c ] usbaudio C:\windows\system32\drivers\usbaudio.sys

17:45:45.0578 5840 usbaudio - ok

17:45:45.0656 5840 [ bd9c55d7023c5de374507acc7a14e2ac ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

17:45:45.0672 5840 usbccgp - ok

17:45:45.0703 5840 USBCCID - ok

17:45:45.0750 5840 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\windows\system32\drivers\usbcir.sys

17:45:45.0781 5840 usbcir - ok

17:45:45.0843 5840 [ f92de757e4b7ce9c07c5e65423f3ae3b ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

17:45:45.0859 5840 usbehci - ok

17:45:45.0890 5840 [ 8dc94aec6a7e644a06135ae7506dc2e9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

17:45:45.0921 5840 usbhub - ok

17:45:45.0968 5840 [ e185d44fac515a18d9deddc23c2cdf44 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys

17:45:45.0999 5840 usbohci - ok

17:45:46.0031 5840 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

17:45:46.0062 5840 usbprint - ok

17:45:46.0109 5840 [ 576096ccbc07e7c4ea4f5e6686d6888f ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

17:45:46.0124 5840 usbscan - ok

17:45:46.0155 5840 [ f991ab9cc6b908db552166768176896a ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

17:45:46.0187 5840 USBSTOR - ok

17:45:46.0233 5840 [ 68df884cf41cdada664beb01daf67e3d ] usbuhci C:\windows\system32\drivers\usbuhci.sys

17:45:46.0249 5840 usbuhci - ok

17:45:46.0311 5840 [ 45f4e7bf43db40a6c6b4d92c76cbc3f2 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

17:45:46.0343 5840 usbvideo - ok

17:45:46.0421 5840 [ d82f43d15fdaa666856c0190cb73e7c9 ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys

17:45:46.0452 5840 usb_rndisx - ok

17:45:46.0483 5840 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\windows\System32\uxsms.dll

17:45:46.0514 5840 UxSms - ok

17:45:46.0545 5840 [ f42309c4191c506b71db5d1126d26318 ] VaultSvc C:\windows\system32\lsass.exe

17:45:46.0561 5840 VaultSvc - ok

17:45:46.0592 5840 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

17:45:46.0608 5840 vdrvroot - ok

17:45:46.0670 5840 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\windows\System32\vds.exe

17:45:46.0701 5840 vds - ok

17:45:46.0748 5840 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys

17:45:46.0779 5840 vga - ok

17:45:46.0857 5840 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\windows\System32\drivers\vga.sys

17:45:46.0889 5840 VgaSave - ok

17:45:46.0935 5840 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys

17:45:46.0935 5840 vhdmp - ok

17:45:46.0967 5840 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\windows\system32\drivers\viaagp.sys

17:45:46.0982 5840 viaagp - ok

17:45:47.0013 5840 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys

17:45:47.0045 5840 ViaC7 - ok

17:45:47.0091 5840 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\windows\system32\drivers\viaide.sys

17:45:47.0107 5840 viaide - ok

17:45:47.0154 5840 [ 11dcd7a2a0b1f8532b80f5aa98f9903e ] VMAuthdService C:\Program Files\VMware\VMware Player\vmware-authd.exe

17:45:47.0169 5840 VMAuthdService - ok

17:45:47.0247 5840 [ 6f5d703bf312cb6cda78948763cb1e0d ] vmci C:\windows\system32\Drivers\vmci.sys

17:45:47.0247 5840 vmci - ok

17:45:47.0294 5840 [ 27df4aece721961f9c9064a31790f2ea ] vmkbd C:\windows\system32\drivers\VMkbd.sys

17:45:47.0310 5840 vmkbd - ok

17:45:47.0357 5840 [ e41704d8149992107b333cc7a52c07cc ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys

17:45:47.0372 5840 VMnetAdapter - ok

17:45:47.0403 5840 [ 462f2a31ea8b87a28962aca998df1869 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys

17:45:47.0419 5840 VMnetBridge - ok

17:45:47.0466 5840 [ b823d0dedc66ef6e7d1e8984539a5249 ] VMnetDHCP C:\windows\system32\vmnetdhcp.exe

17:45:47.0497 5840 VMnetDHCP - ok

17:45:47.0528 5840 [ ea10f0c9333388d2ecc4068efb8c366d ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys

17:45:47.0528 5840 VMnetuserif - ok

17:45:47.0591 5840 [ afb10ad9aa91d2f70c9f0e6bda0d119b ] vmusb C:\windows\system32\Drivers\vmusb.sys

17:45:47.0591 5840 vmusb - ok

17:45:47.0669 5840 [ 19368f7c4dc6ef444b826249fc8a0e30 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

17:45:47.0700 5840 VMUSBArbService - ok

17:45:47.0762 5840 [ a89db7acf2175b677de750470cd72228 ] VMware NAT Service C:\windows\system32\vmnat.exe

17:45:47.0809 5840 VMware NAT Service - ok

17:45:47.0903 5840 [ 35dc7079a413484423750db5d40b8ea6 ] vmx86 C:\windows\system32\Drivers\vmx86.sys

17:45:47.0949 5840 vmx86 - ok

17:45:47.0981 5840 [ 4c63e00f2f4b5f86ab48a58cd990f212 ] volmgr C:\windows\system32\drivers\volmgr.sys

17:45:47.0996 5840 volmgr - ok

17:45:48.0043 5840 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys

17:45:48.0074 5840 volmgrx - ok

17:45:48.0105 5840 [ f497f67932c6fa693d7de2780631cfe7 ] volsnap C:\windows\system32\drivers\volsnap.sys

17:45:48.0121 5840 volsnap - ok

17:45:48.0168 5840 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

17:45:48.0183 5840 vsmraid - ok

17:45:48.0246 5840 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\windows\system32\vssvc.exe

17:45:48.0324 5840 VSS - ok

17:45:48.0355 5840 [ 98929c5c5314c4c048e2f60492c26723 ] vstor2-ws60 C:\Program Files\VMware\VMware Player\vstor2-ws60.sys

17:45:48.0371 5840 vstor2-ws60 - ok

17:45:48.0402 5840 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

17:45:48.0433 5840 vwifibus - ok

17:45:48.0464 5840 [ 7090d3436eeb4e7da3373090a23448f7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

17:45:48.0480 5840 vwififlt - ok

17:45:48.0527 5840 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\windows\system32\w32time.dll

17:45:48.0605 5840 W32Time - ok

17:45:48.0636 5840 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

17:45:48.0667 5840 WacomPen - ok

17:45:48.0698 5840 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

17:45:48.0745 5840 WANARP - ok

17:45:48.0761 5840 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

17:45:48.0792 5840 Wanarpv6 - ok

17:45:48.0932 5840 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

17:45:48.0979 5840 WatAdminSvc - ok

17:45:49.0041 5840 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\windows\system32\wbengine.exe

17:45:49.0088 5840 wbengine - ok

17:45:49.0119 5840 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

17:45:49.0166 5840 WbioSrvc - ok

17:45:49.0213 5840 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\windows\System32\wcncsvc.dll

17:45:49.0244 5840 wcncsvc - ok

17:45:49.0275 5840 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

17:45:49.0307 5840 WcsPlugInService - ok

17:45:49.0353 5840 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\windows\system32\DRIVERS\wd.sys

17:45:49.0369 5840 Wd - ok

17:45:49.0431 5840 [ d6efaf429fd30c5df613d220e344cce7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam.sys

17:45:49.0447 5840 WDC_SAM - ok

17:45:49.0494 5840 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

17:45:49.0509 5840 Wdf01000 - ok

17:45:49.0572 5840 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\windows\system32\wdi.dll

17:45:49.0587 5840 WdiServiceHost - ok

17:45:49.0603 5840 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\windows\system32\wdi.dll

17:45:49.0619 5840 WdiSystemHost - ok

17:45:49.0665 5840 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\windows\System32\webclnt.dll

17:45:49.0712 5840 WebClient - ok

17:45:49.0759 5840 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\windows\system32\wecsvc.dll

17:45:49.0790 5840 Wecsvc - ok

17:45:49.0837 5840 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\windows\System32\wercplsupport.dll

17:45:49.0884 5840 wercplsupport - ok

17:45:49.0915 5840 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\windows\System32\WerSvc.dll

17:45:49.0946 5840 WerSvc - ok

17:45:49.0993 5840 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

17:45:50.0024 5840 WfpLwf - ok

17:45:50.0055 5840 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\windows\system32\drivers\wimmount.sys

17:45:50.0071 5840 WIMMount - ok

17:45:50.0087 5840 WinHttpAutoProxySvc - ok

17:45:50.0165 5840 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

17:45:50.0196 5840 Winmgmt - ok

17:45:50.0258 5840 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\windows\system32\WsmSvc.dll

17:45:50.0336 5840 WinRM - ok

17:45:50.0414 5840 [ a67e5f9a400f3bd1be3d80613b45f708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

17:45:50.0445 5840 WinUsb - ok

17:45:50.0523 5840 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\windows\System32\wlansvc.dll

17:45:50.0555 5840 Wlansvc - ok

17:45:50.0726 5840 [ 0a70f4022ec2e14c159efc4f69aa2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:45:50.0773 5840 wlidsvc - ok

17:45:50.0804 5840 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

17:45:50.0820 5840 WmiAcpi - ok

17:45:50.0851 5840 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

17:45:50.0882 5840 wmiApSrv - ok

17:45:50.0976 5840 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

17:45:51.0038 5840 WMPNetworkSvc - ok

17:45:51.0085 5840 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\windows\System32\wpcsvc.dll

17:45:51.0101 5840 WPCSvc - ok

17:45:51.0147 5840 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

17:45:51.0179 5840 WPDBusEnum - ok

17:45:51.0210 5840 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

17:45:51.0257 5840 ws2ifsl - ok

17:45:51.0288 5840 WSearch - ok

17:45:51.0335 5840 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\windows\system32\drivers\WudfPf.sys

17:45:51.0381 5840 WudfPf - ok

17:45:51.0444 5840 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

17:45:51.0475 5840 WUDFRd - ok

17:45:51.0522 5840 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\windows\System32\WUDFSvc.dll

17:45:51.0553 5840 wudfsvc - ok

17:45:51.0600 5840 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\windows\System32\wwansvc.dll

17:45:51.0647 5840 WwanSvc - ok

17:45:51.0725 5840 ================ Scan global ===============================

17:45:51.0818 5840 (dab748ae0439955ed2fa22357533dddb) C:\windows\system32\basesrv.dll

17:45:51.0865 5840 (183b4188d5d91b271613ec3efd1b3cef) C:\windows\system32\winsrv.dll

17:45:51.0881 5840 (183b4188d5d91b271613ec3efd1b3cef) C:\windows\system32\winsrv.dll

17:45:51.0927 5840 (364455805e64882844ee9acb72522830) C:\windows\system32\sxssrv.dll

17:45:51.0974 5840 (a302bbff2a7278c0e239ee5d471d86a9) C:\windows\system32\services.exe

17:45:51.0974 5840 C:\windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected

17:45:51.0974 5840 C:\windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)

17:45:51.0990 5840 ================ Scan MBR ==================================

17:45:51.0990 5840 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

17:45:51.0990 5840 Suspicious mbr (Forged): \Device\Harddisk0\DR0

17:45:52.0083 5840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

17:45:52.0083 5840 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

17:45:52.0208 5840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:45:52.0208 5840 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:45:52.0208 5840 ================ Scan VBR ==================================

17:45:52.0224 5840 Boot (0x1200) (3e2d8ff930a548fe6bfa83167efb82c4) \Device\Harddisk0\DR0\Partition1

17:45:52.0239 5840 \Device\Harddisk0\DR0\Partition1 - ok

17:45:52.0239 5840 ============================================================

17:45:52.0239 5840 Scan finished

17:45:52.0239 5840 ============================================================

17:45:52.0255 5832 Detected object count: 8

17:45:52.0255 5832 Actual detected object count: 8

17:47:00.0630 5832 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:47:00.0630 5832 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:47:00.0645 5832 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

17:47:00.0645 5832 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:47:00.0645 5832 PenCommService ( UnsignedFile.Multi.Generic ) - skipped by user

17:47:00.0645 5832 PenCommService ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:47:00.0645 5832 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - skipped by user

17:47:00.0645 5832 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:47:00.0661 5832 PulseUsb ( UnsignedFile.Multi.Generic ) - skipped by user

17:47:00.0661 5832 PulseUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:47:00.0786 5832 C:\windows\system32\services.exe - copied to quarantine

17:47:02.0439 5832 C:\windows\assembly\GAC\desktop.ini - copied to quarantine

17:47:02.0595 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\@ - copied to quarantine

17:47:02.0595 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\L\00000004.@ - copied to quarantine

17:47:02.0611 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\L\201d3dde - copied to quarantine

17:47:02.0627 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\00000004.@ - copied to quarantine

17:47:02.0627 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\00000008.@ - copied to quarantine

17:47:02.0627 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\000000cb.@ - copied to quarantine

17:47:02.0627 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\80000000.@ - copied to quarantine

17:47:02.0642 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\80000032.@ - copied to quarantine

17:47:14.0093 5832 Backup copy found, using it..

17:47:14.0139 5832 C:\windows\assembly\GAC\desktop.ini - will be deleted on reboot

17:47:14.0139 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\@ - will be deleted on reboot

17:47:14.0139 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\00000004.@ - will be deleted on reboot

17:47:14.0139 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\00000008.@ - will be deleted on reboot

17:47:14.0139 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\000000cb.@ - will be deleted on reboot

17:47:14.0139 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\80000000.@ - will be deleted on reboot

17:47:14.0139 5832 C:\windows\installer\{32bf8f5f-1309-7800-106f-306c78257dcb}\U\80000032.@ - will be deleted on reboot

17:47:14.0155 5832 C:\windows\system32\services.exe - will be cured on reboot

17:47:14.0155 5832 C:\windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure

17:47:15.0278 5832 \Device\Harddisk0\DR0\# - copied to quarantine

17:47:15.0294 5832 \Device\Harddisk0\DR0 - copied to quarantine

17:47:16.0292 5832 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

17:47:16.0745 5832 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

17:47:16.0745 5832 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

17:47:16.0760 5832 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

17:47:16.0823 5832 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

17:47:16.0823 5832 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

17:47:16.0838 5832 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

17:47:16.0838 5832 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

17:47:16.0838 5832 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

17:47:16.0854 5832 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

17:47:16.0854 5832 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

17:47:16.0869 5832 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

17:47:16.0869 5832 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

17:47:16.0869 5832 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

17:47:16.0947 5832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

17:47:16.0947 5832 \Device\Harddisk0\DR0 - ok

17:47:17.0275 5832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

17:47:17.0275 5832 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:47:17.0275 5832 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:47:35.0137 5032 Deinitialize success

17:49:30.0720 3000 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

17:49:31.0142 3000 ============================================================

17:49:31.0142 3000 Current date / time: 2012/08/15 17:49:31.0142

17:49:31.0142 3000 SystemInfo:

17:49:31.0142 3000

17:49:31.0142 3000 OS Version: 6.1.7601 ServicePack: 1.0

17:49:31.0142 3000 Product type: Workstation

17:49:31.0142 3000 ComputerName: BASE

17:49:31.0142 3000 UserName: blue

17:49:31.0142 3000 Windows directory: C:\windows

17:49:31.0142 3000 System windows directory: C:\windows

17:49:31.0142 3000 Processor architecture: Intel x86

17:49:31.0142 3000 Number of processors: 1

17:49:31.0142 3000 Page size: 0x1000

17:49:31.0142 3000 Boot type: Normal boot

17:49:31.0142 3000 ============================================================

17:49:34.0324 3000 BG loaded

17:49:34.0901 3000 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:49:34.0901 3000 ============================================================

17:49:34.0901 3000 \Device\Harddisk0\DR0:

17:49:34.0901 3000 MBR partitions:

17:49:34.0901 3000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800

17:49:34.0901 3000 ============================================================

17:49:35.0026 3000 C: <-> \Device\Harddisk0\DR0\Partition1

17:49:35.0026 3000 ============================================================

17:49:35.0026 3000 Initialize success

17:49:35.0026 3000 ============================================================

[MrCharlie]

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

17:47:17.0275 5832 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:47:17.0275 5832 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

````````````````````````````````````````

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[bluephiyah]

Below, please find the log from Combofix. Since I've run it, some pop up keeps happening saying that "Video Channel Moniter has stopped working." Seeing as monitor is misspelled, I'm not sure if I should ignore it or not.

ComboFix 12-08-15.01 - blue 08/15/2012 18:13:56.1.1 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.992 [GMT -4:00]

Running from: c:\users\blue\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\blue\g2mdlhlpx.exe

c:\users\Default\AppData\Roaming\DPInst.exe

c:\users\Default\AppData\Roaming\gacutil.exe

c:\users\Default\AppData\Roaming\PnPutil.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))

.

.

2012-08-14 17:20 . 2012-08-14 17:33 -------- d-----w- c:\users\blue\AppData\Roaming\QuickScan

2012-08-14 14:07 . 2012-08-15 21:19 -------- d-----w- c:\program files\ESET

2012-08-14 14:07 . 2012-08-14 14:07 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-08-14 13:39 . 2012-08-15 22:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-14 02:54 . 2012-08-14 02:54 -------- d-----w- C:\$WINDOWS.~BT

2012-08-14 01:57 . 2012-08-14 01:57 43480 ----a-w- c:\windows\system32\drivers\ihvhcksy.sys

2012-08-14 01:14 . 2012-08-14 01:14 -------- d-----w- C:\3f2447fede6d5a54ee2069a85d544908

2012-08-14 00:57 . 2012-08-14 00:57 -------- d-----w- c:\windows\Sun

2012-07-27 19:07 . 2012-08-07 23:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-07-27 19:07 . 2012-08-07 23:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-07-21 02:34 . 2012-07-21 02:38 -------- d-----w- c:\users\blue\AppData\Roaming\.minecraft

2012-07-21 00:37 . 2012-07-21 00:37 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center1833656302

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 21:48 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe

2012-08-03 18:07 . 2012-06-21 06:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-03 18:07 . 2011-05-22 13:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-07 23:05 . 2012-05-01 16:20 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avichannel"="c:\program files\Evaer\videochannel.exe" [2011-10-10 1686016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2010-07-09 1548288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]

.

c:\users\blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-6-19 576000]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 opdbcijb;opdbcijb;c:\windows\system32\drivers\opdbcijb.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]

S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [x]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mchInjDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3532443513-3417597334-448426190-1000Core.job

- c:\users\blue\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-12 05:05]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3532443513-3417597334-448426190-1000UA.job

- c:\users\blue\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-12 05:05]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = *.local

LSP: c:\program files\VMware\VMware Player\vsocklib.dll

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1

FF - ProfilePath - c:\users\blue\AppData\Roaming\Mozilla\Firefox\Profiles\tpa6dvby.default\

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-Conime - c:\windows\system32\conime.exe

SafeBoot-22981090.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3532443513-3417597334-448426190-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3532443513-3417597334-448426190-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\progra~1\PHAROS~1\Core\CTskMstr.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\windows\system32\vmnat.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\taskhost.exe

c:\program files\VMware\VMware Player\vmware-authd.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\vmnetdhcp.exe

c:\windows\system32\conhost.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\WerFault.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

c:\users\blue\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe

c:\users\blue\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe

c:\windows\system32\sppsvc.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-08-15 18:29:51 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-15 22:29

.

Pre-Run: 179,832,651,776 bytes free

Post-Run: 180,260,745,216 bytes free

.

- - End Of File - - 5CDAE4811562524C8DFDF25B0603FDBE

[MrCharlie]

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)

c:\windows\system32\drivers\opdbcijb.sys

http://www.virustotal.com/

MrC

[bluephiyah]

Searched for the file, system says no dice. There is a ohci1394.sys in that drivers folder, however. Is there another place I should look?

[MrCharlie]

Lets make sure.......

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  
  :Filefind
  opdbcijb.sys
  

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

[bluephiyah]

Below, please find the log from SystemLook.

SystemLook 30.07.11 by jpshortstuff

Log created at 20:14 on 15/08/2012 by blue

Administrator - Elevation successful

========== Filefind ==========

Searching for "opdbcijb.sys"

No files found.

-= EOF =-

[MrCharlie]

OK.................

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[bluephiyah]

Hey MrC, below, please find the log from the Malwarebytes' Quick Scan. Also, is it a bad thing that my system folder doesn't have that file? And again, thank you so, so very much for your dedicated help! You've been rocking with me for hours, and I'm not sure even Microsoft would do that. So far, system is running like a dream. Will reboot to see how it acts upon startup, but I think you've knocked out whatever was messing me up.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.09

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

blue :: BASE [administrator]

8/15/2012 8:49:31 PM

mbam-log-2012-08-15 (20-49-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218684

Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

OK, let me know....MrC

[bluephiyah]

Reboots with no problems. But for whatever reason, Open Office says the following:

Either another instance of OpenOffice.org is accessing your personal settings or your personal settings are locked. Simultaneous access can lead to inconsistencies in your personal settings. Before continuing, you should make sure user "closes OpenOffice.org on host". Do you really want to continue?

I usually say no and it goes away. This has only recently popped up after you asked me to run Combofix. But, Google searches don't get redirected and it doesn't shut down after a minute and it's running like it did out of the box. Should I uninstall OpenOffice and reinstall? Is this negligible?