Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run MSE [Solved]


  • This topic is locked This topic is locked

#31
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

Office is gone. I actually use Open Office myself anyway.


Acknowledged and thank you, lets proceed as follows shall we...

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a trained Anti-Malware helper.


Retrieve CF Uninstall List:

Click on Start(Windows 7 Orb) >> Run...(or launch the Run box via via depressing both the Windows Key and R together)

Copy and paste the following into the Run... box:-
C:\QooBox\Add-Remove Programs.txt
And click on OK, post the contents of the notepad file that appears in your next reply.

Next:

When completed the above, please post back the following in the order asked for:
  • How is the computer performing now, any other symptoms and or problems encountered ?
  • ComboFix Log.
  • The contents of Add-Remove Programs.txt.

  • 0

Advertisements


#32
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

Ok, ran combofix.  Combofix took a very long time to complete, approximately one hour.  I really haven't used the computer much, except to turn MSE back on after Combofix was finished.  But so far, it isn't exhibiting any signs of malfunction or other problems.

 

Here is the combofix log:

ComboFix 14-06-16.01 - Susan 06/18/2014   4:19.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3990.1766 [GMT -7:00]
Running from: c:\users\Susan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Susan\AppData\Roaming\azrul.dll
c:\users\Susan\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-18 to 2014-06-18  )))))))))))))))))))))))))))))))
.
.
2014-06-18 11:53 . 2014-06-18 11:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-18 11:11 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28CC07D3-8696-4F06-B781-4FE8BA4AB391}\mpengine.dll
2014-06-17 23:43 . 2014-06-17 23:43    --------    d-sh--w-    c:\users\Susan\AppData\Local\EmieUserList
2014-06-17 23:43 . 2014-06-17 23:43    --------    d-sh--w-    c:\users\Susan\AppData\Local\EmieSiteList
2014-06-17 13:11 . 2014-06-17 13:11    --------    d-----w-    c:\program files (x86)\ESET
2014-06-16 23:26 . 2014-04-30 23:20    10702536    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-16 11:04 . 2014-06-16 11:15    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-16 11:03 . 2014-06-16 11:03    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-16 11:03 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-16 11:03 . 2014-05-12 14:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-16 11:03 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-15 22:29 . 2014-06-15 22:29    --------    d-----w-    C:\RegBackup
2014-06-15 22:27 . 2014-06-15 22:27    --------    d-----w-    c:\program files (x86)\Tweaking.com
2014-06-15 22:25 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2014-06-15 22:25 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-06-15 22:25 . 2014-05-30 09:11    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-15 22:25 . 2013-12-24 23:09    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-06-15 22:25 . 2013-12-24 22:48    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-06-15 22:25 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-06-15 22:25 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-06-15 22:25 . 2014-02-04 02:32    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-06-15 22:25 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-06-14 20:03 . 2014-06-14 20:04    --------    d-----w-    c:\users\Administrator
2014-06-14 12:19 . 2014-06-17 12:42    --------    d-----w-    C:\FRST
2014-06-14 07:49 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-06-14 07:49 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2014-06-14 07:49 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2014-06-14 07:49 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2014-06-14 07:49 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2014-06-14 07:49 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2014-06-14 07:49 . 2014-03-25 02:43    14175744    ----a-w-    c:\windows\system32\shell32.dll
2014-06-14 07:49 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2014-06-14 07:49 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2014-06-14 07:48 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\SysWow64\dhcpcsvc6.dll
2014-06-14 07:48 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\SysWow64\dhcpcore6.dll
2014-06-14 07:48 . 2012-10-09 18:17    55296    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2014-06-14 07:48 . 2012-10-09 18:17    226816    ----a-w-    c:\windows\system32\dhcpcore6.dll
2014-06-14 07:48 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-06-14 07:48 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-06-14 07:44 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2014-06-14 07:44 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2014-06-14 07:44 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2014-06-14 07:44 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2014-06-14 07:44 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2014-06-14 07:44 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2014-06-14 07:44 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2014-06-14 07:44 . 2012-11-02 05:59    478208    ----a-w-    c:\windows\system32\dpnet.dll
2014-06-14 07:44 . 2012-11-02 05:11    376832    ----a-w-    c:\windows\SysWow64\dpnet.dll
2014-06-14 07:37 . 2014-06-14 07:37    --------    d-s---w-    c:\windows\system32\CompatTel
2014-06-14 07:29 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2014-06-14 07:29 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-06-14 07:28 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2014-06-14 07:28 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2014-06-14 07:28 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2014-06-14 07:11 . 2014-06-14 07:11    --------    d-----w-    c:\windows\Migration
2014-06-14 07:02 . 2013-10-15 01:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2014-06-14 06:55 . 2014-06-14 06:55    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-14 06:37 . 2012-07-26 04:55    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2014-06-14 06:37 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-06-14 06:37 . 2012-07-26 02:36    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2014-06-14 06:02 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-06-14 06:02 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-06-14 06:02 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-06-14 06:02 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-06-14 06:02 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-06-14 06:02 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2014-06-14 06:02 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-06-14 05:49 . 2014-06-14 05:49    --------    d-----w-    c:\program files\Microsoft Silverlight
2014-06-14 05:49 . 2014-06-14 05:49    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2014-06-14 05:05 . 2014-06-13 03:31    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-14 05:05 . 2014-06-13 03:31    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74050D04-C574-4C02-8B5D-6BCB0157B42F}\gapaengine.dll
2014-06-14 01:24 . 2014-06-14 04:44    --------    d-----w-    C:\b9ae1df7b3ca3ad0ce4e
2014-06-13 07:23 . 2014-06-14 04:46    --------    d-----w-    c:\users\Myer
2014-06-13 07:12 . 2014-01-28 02:32    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2014-06-13 07:12 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2014-06-13 07:12 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2014-06-13 07:12 . 2013-07-04 12:50    633856    ----a-w-    c:\windows\system32\comctl32.dll
2014-06-13 07:12 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2014-06-13 07:12 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
2014-06-13 07:11 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2014-06-13 07:11 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2014-06-13 07:11 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-06-13 07:11 . 2014-04-25 02:06    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2014-06-13 07:09 . 2013-09-28 01:09    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-06-13 07:08 . 2013-07-12 10:41    185344    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2014-06-13 07:08 . 2013-07-12 10:41    100864    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2014-06-13 07:08 . 2013-07-03 04:05    76800    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2014-06-13 07:08 . 2013-07-03 04:05    32896    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2014-06-13 07:01 . 2014-06-13 07:01    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-06-13 06:54 . 2013-08-29 02:16    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2014-06-13 06:54 . 2013-08-29 02:16    859648    ----a-w-    c:\windows\system32\tdh.dll
2014-06-13 06:54 . 2013-08-29 02:13    878080    ----a-w-    c:\windows\system32\advapi32.dll
2014-06-13 06:54 . 2013-08-29 01:50    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2014-06-13 06:54 . 2013-08-29 01:50    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2014-06-13 06:54 . 2013-08-29 01:48    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2014-06-13 06:21 . 2014-02-04 02:35    190912    ----a-w-    c:\windows\system32\drivers\storport.sys
2014-06-13 06:21 . 2014-02-04 02:35    274880    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2014-06-13 06:21 . 2014-02-04 02:35    27584    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2014-06-13 06:21 . 2014-02-04 02:28    2048    ----a-w-    c:\windows\system32\iologmsg.dll
2014-06-13 06:21 . 2014-02-04 02:00    2048    ----a-w-    c:\windows\SysWow64\iologmsg.dll
2014-06-13 06:21 . 2012-09-25 22:47    78336    ----a-w-    c:\windows\SysWow64\synceng.dll
2014-06-13 06:21 . 2012-09-25 22:46    95744    ----a-w-    c:\windows\system32\synceng.dll
2014-06-13 06:21 . 2013-07-26 02:24    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2014-06-13 06:19 . 2013-08-01 12:09    983488    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-06-13 06:19 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2014-06-13 06:19 . 2013-10-12 02:30    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2014-06-13 06:19 . 2013-10-12 02:29    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2014-06-13 06:19 . 2013-10-12 02:29    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2014-06-13 06:19 . 2013-10-12 02:03    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2014-06-13 06:19 . 2013-10-12 02:01    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2014-06-13 06:19 . 2013-08-28 01:12    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2014-06-13 03:26 . 2014-06-14 04:44    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-06-13 03:26 . 2014-06-14 04:46    --------    d-----w-    c:\program files\Microsoft Security Client
2014-06-04 22:44 . 2014-05-28 21:39    61128    ----a-w-    c:\windows\system32\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys
2014-05-29 03:24 . 2014-05-29 03:24    --------    d-----w-    c:\users\Susan\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-02 00:17 . 2012-08-29 15:49    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-15 00:42 . 2012-05-12 01:42    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 00:42 . 2012-05-12 01:42    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 00:42 . 2014-05-15 00:42    17938608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Intel AT Service signup"="c:\program files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe" [2012-02-16 382976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-9-21 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 {ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64;{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64;c:\windows\system32\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys;c:\windows\SYSNATIVE\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-17 12:40    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 00:42]
.
2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 02:12]
.
2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 02:12]
.
2014-06-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2014-05-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-13 12452968]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2012-04-12 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: mshq.com\portal
TCP: DhcpNameServer = 192.168.1.1
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://portal.mshq.com:444/+CSCOL+/cscopf.cab
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\85rx6ovw.default\
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-BatteryManager - c:\program files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3807464017-2434585226-1365397131-1001\Software\÷@*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-18  05:15:25
ComboFix-quarantined-files.txt  2014-06-18 12:15
.
Pre-Run: 54,067,695,616 bytes free
Post-Run: 54,179,389,440 bytes free
.
- - End Of File - - FDAB81995F702643B1F8BF933EE6D496
 

 

Here is the add/remove programs log:

Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X MUI
Apple Application Support
Apple Software Update
Best Buy pc app
D3DX10
Dropbox
ESET Online Scanner v3
Google Chrome
Google Update Helper
GoToMeeting 5.1.0.880
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® WiDi
Intel® AT Service signup
Junk Mail filter update
Keeper Password & Data Vault
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft Access database engine 2010 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2013
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
PlayReady PC Runtime x86
PokerStars.net
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
RICOH Media Driver v2.15.17.02
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Security Assist
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA User's Guide
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBARegistration
Tweaking.com - Registry Backup
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
 


  • 0

#33
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

Combofix took a very long time to complete, approximately one hour. I really haven't used the computer much, except to turn MSE back on after Combofix was finished. But so far, it isn't exhibiting any signs of malfunction or other problems.


Acknolwedged...

Custom ComboFix Script:
  • Please open Notepad and copy and paste the text present inside the code box below:
SkipFix::

DDS::
Trusted Zone: mshq.com\portal

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8E73359-3422-4384-8D27-4EA1B4C01232}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{B8E73359-3422-4384-8D27-4EA1B4C01232}]
"Compatibility Flags"=dword:00000400

RegNull::
[HKEY_USERS\S-1-5-21-3807464017-2434585226-1365397131-1001\Software\÷@*]

Reboot::
  • Ensure all security software is disabled again for the duration for the custom ComboFix script.
CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. >> ComboFix will now begin to process the custom script.
  • It will reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Scan with TDSSKiller:

Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
  • 0

#34
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

OK, here is the combofix log that was generated at the end of the scan:

 

ComboFix 14-06-19.01 - Susan 06/18/2014  19:34:19.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3990.1769 [GMT -7:00]
Running from: c:\users\Susan\Desktop\ComboFix.exe
Command switches used :: c:\users\Susan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-19 to 2014-06-19  )))))))))))))))))))))))))))))))
.
.
2014-06-19 02:38 . 2014-06-19 02:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-18 12:17 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DE26D9E-73D0-4005-A297-8941F4809741}\mpengine.dll
2014-06-17 23:43 . 2014-06-17 23:43    --------    d-sh--w-    c:\users\Susan\AppData\Local\EmieUserList
2014-06-17 23:43 . 2014-06-17 23:43    --------    d-sh--w-    c:\users\Susan\AppData\Local\EmieSiteList
2014-06-17 13:11 . 2014-06-17 13:11    --------    d-----w-    c:\program files (x86)\ESET
2014-06-16 23:26 . 2014-04-30 23:20    10702536    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-16 11:04 . 2014-06-16 11:15    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-16 11:03 . 2014-06-16 11:03    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-16 11:03 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-16 11:03 . 2014-05-12 14:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-16 11:03 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-15 22:29 . 2014-06-15 22:29    --------    d-----w-    C:\RegBackup
2014-06-15 22:27 . 2014-06-15 22:27    --------    d-----w-    c:\program files (x86)\Tweaking.com
2014-06-15 22:25 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2014-06-15 22:25 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-06-15 22:25 . 2014-05-30 09:11    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-15 22:25 . 2013-12-24 23:09    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-06-15 22:25 . 2013-12-24 22:48    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-06-15 22:25 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-06-15 22:25 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-06-15 22:25 . 2014-02-04 02:32    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-06-15 22:25 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-06-14 20:03 . 2014-06-14 20:04    --------    d-----w-    c:\users\Administrator
2014-06-14 12:19 . 2014-06-17 12:42    --------    d-----w-    C:\FRST
2014-06-14 07:49 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-06-14 07:49 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2014-06-14 07:49 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2014-06-14 07:49 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2014-06-14 07:49 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2014-06-14 07:49 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2014-06-14 07:49 . 2014-03-25 02:43    14175744    ----a-w-    c:\windows\system32\shell32.dll
2014-06-14 07:49 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2014-06-14 07:49 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2014-06-14 07:48 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\SysWow64\dhcpcsvc6.dll
2014-06-14 07:48 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\SysWow64\dhcpcore6.dll
2014-06-14 07:48 . 2012-10-09 18:17    55296    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2014-06-14 07:48 . 2012-10-09 18:17    226816    ----a-w-    c:\windows\system32\dhcpcore6.dll
2014-06-14 07:48 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-06-14 07:48 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-06-14 07:44 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2014-06-14 07:44 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2014-06-14 07:44 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2014-06-14 07:44 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2014-06-14 07:44 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2014-06-14 07:44 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2014-06-14 07:44 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2014-06-14 07:44 . 2012-11-02 05:59    478208    ----a-w-    c:\windows\system32\dpnet.dll
2014-06-14 07:44 . 2012-11-02 05:11    376832    ----a-w-    c:\windows\SysWow64\dpnet.dll
2014-06-14 07:37 . 2014-06-14 07:37    --------    d-s---w-    c:\windows\system32\CompatTel
2014-06-14 07:29 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2014-06-14 07:29 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-06-14 07:28 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2014-06-14 07:28 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2014-06-14 07:28 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2014-06-14 07:11 . 2014-06-14 07:11    --------    d-----w-    c:\windows\Migration
2014-06-14 07:02 . 2013-10-15 01:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2014-06-14 06:55 . 2014-06-14 06:55    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-14 06:37 . 2012-07-26 04:55    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2014-06-14 06:37 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-06-14 06:37 . 2012-07-26 02:36    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2014-06-14 06:02 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-06-14 06:02 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-06-14 06:02 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-06-14 06:02 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-06-14 06:02 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-06-14 06:02 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2014-06-14 06:02 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-06-14 05:49 . 2014-06-14 05:49    --------    d-----w-    c:\program files\Microsoft Silverlight
2014-06-14 05:49 . 2014-06-14 05:49    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2014-06-14 05:05 . 2014-06-13 03:31    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-14 05:05 . 2014-06-13 03:31    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74050D04-C574-4C02-8B5D-6BCB0157B42F}\gapaengine.dll
2014-06-14 01:24 . 2014-06-14 04:44    --------    d-----w-    C:\b9ae1df7b3ca3ad0ce4e
2014-06-13 07:23 . 2014-06-14 04:46    --------    d-----w-    c:\users\Myer
2014-06-13 07:12 . 2014-01-28 02:32    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2014-06-13 07:12 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2014-06-13 07:12 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2014-06-13 07:12 . 2013-07-04 12:50    633856    ----a-w-    c:\windows\system32\comctl32.dll
2014-06-13 07:12 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2014-06-13 07:12 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
2014-06-13 07:11 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2014-06-13 07:11 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2014-06-13 07:11 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-06-13 07:11 . 2014-04-25 02:06    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2014-06-13 07:09 . 2013-09-28 01:09    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-06-13 07:08 . 2013-07-12 10:41    185344    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2014-06-13 07:08 . 2013-07-12 10:41    100864    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2014-06-13 07:08 . 2013-07-03 04:05    76800    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2014-06-13 07:08 . 2013-07-03 04:05    32896    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2014-06-13 07:01 . 2014-06-13 07:01    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-06-13 06:54 . 2013-08-29 02:16    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2014-06-13 06:54 . 2013-08-29 02:16    859648    ----a-w-    c:\windows\system32\tdh.dll
2014-06-13 06:54 . 2013-08-29 02:13    878080    ----a-w-    c:\windows\system32\advapi32.dll
2014-06-13 06:54 . 2013-08-29 01:50    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2014-06-13 06:54 . 2013-08-29 01:50    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2014-06-13 06:54 . 2013-08-29 01:48    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2014-06-13 06:21 . 2014-02-04 02:35    190912    ----a-w-    c:\windows\system32\drivers\storport.sys
2014-06-13 06:21 . 2014-02-04 02:35    274880    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2014-06-13 06:21 . 2014-02-04 02:35    27584    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2014-06-13 06:21 . 2014-02-04 02:28    2048    ----a-w-    c:\windows\system32\iologmsg.dll
2014-06-13 06:21 . 2014-02-04 02:00    2048    ----a-w-    c:\windows\SysWow64\iologmsg.dll
2014-06-13 06:21 . 2012-09-25 22:47    78336    ----a-w-    c:\windows\SysWow64\synceng.dll
2014-06-13 06:21 . 2012-09-25 22:46    95744    ----a-w-    c:\windows\system32\synceng.dll
2014-06-13 06:21 . 2013-07-26 02:24    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2014-06-13 06:19 . 2013-08-01 12:09    983488    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-06-13 06:19 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2014-06-13 06:19 . 2013-10-12 02:30    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2014-06-13 06:19 . 2013-10-12 02:29    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2014-06-13 06:19 . 2013-10-12 02:29    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2014-06-13 06:19 . 2013-10-12 02:03    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2014-06-13 06:19 . 2013-10-12 02:01    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2014-06-13 06:19 . 2013-08-28 01:12    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2014-06-13 03:26 . 2014-06-14 04:44    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-06-13 03:26 . 2014-06-14 04:46    --------    d-----w-    c:\program files\Microsoft Security Client
2014-06-04 22:44 . 2014-05-28 21:39    61128    ----a-w-    c:\windows\system32\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys
2014-05-29 03:24 . 2014-05-29 03:24    --------    d-----w-    c:\users\Susan\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-02 00:17 . 2012-08-29 15:49    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-15 00:42 . 2012-05-12 01:42    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 00:42 . 2012-05-12 01:42    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 00:42 . 2014-05-15 00:42    17938608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Intel AT Service signup"="c:\program files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe" [2012-02-16 382976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-9-21 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 {ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64;{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64;c:\windows\system32\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys;c:\windows\SYSNATIVE\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-17 12:40    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 00:42]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 02:12]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 02:12]
.
2014-06-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2014-05-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Susan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-13 12452968]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"BatteryManager"="c:\program files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2012-04-12 710560]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://portal.mshq.com:444/+CSCOL+/cscopf.cab
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\85rx6ovw.default\
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3807464017-2434585226-1365397131-1001\Software\÷@*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-06-18  20:00:12 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-19 03:00
ComboFix2.txt  2014-06-18 12:15
.
Pre-Run: 54,181,986,304 bytes free
Post-Run: 54,379,700,224 bytes free
.
- - End Of File - - 153FE7284EA0058C87FAC5AE6431C390
 

 

TDSS Killer generated 2 logs, I am posting both of them:

 

log1:

TDSSKiller.3.0.0.39_18.06.2014_20.04.25_log.txt

20:04:25.0244 0x16bc  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
20:04:34.0605 0x16bc  ============================================================
20:04:34.0605 0x16bc  Current date / time: 2014/06/18 20:04:34.0605
20:04:34.0605 0x16bc  SystemInfo:
20:04:34.0605 0x16bc  
20:04:34.0605 0x16bc  OS Version: 6.1.7601 ServicePack: 1.0
20:04:34.0605 0x16bc  Product type: Workstation
20:04:34.0605 0x16bc  ComputerName: SUSAN-PC
20:04:34.0605 0x16bc  UserName: Susan
20:04:34.0605 0x16bc  Windows directory: C:\windows
20:04:34.0605 0x16bc  System windows directory: C:\windows
20:04:34.0605 0x16bc  Running under WOW64
20:04:34.0605 0x16bc  Processor architecture: Intel x64
20:04:34.0605 0x16bc  Number of processors: 4
20:04:34.0605 0x16bc  Page size: 0x1000
20:04:34.0605 0x16bc  Boot type: Normal boot
20:04:34.0605 0x16bc  ============================================================
20:04:34.0675 0x16bc  KLMD registered as C:\windows\system32\drivers\59748336.sys
20:04:34.0725 0x16bc  System UUID: {4A56293C-BE7C-B1E4-D422-89014F1F5E4A}
20:04:35.0105 0x16bc  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
20:04:35.0105 0x16bc  ============================================================
20:04:35.0105 0x16bc  \Device\Harddisk0\DR0:
20:04:35.0105 0x16bc  MBR partitions:
20:04:35.0105 0x16bc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xCA62800
20:04:35.0105 0x16bc  ============================================================
20:04:35.0105 0x16bc  C: <-> \Device\Harddisk0\DR0\Partition1
20:04:35.0105 0x16bc  ============================================================
20:05:18.0583 0x16bc  KLMD registered as C:\windows\system32\drivers\79287509.sys
20:05:18.0633 0x1768  Deinitialize success
 

 

Log #2:

TDSSKiller.3.0.0.39_18.06.2014_20.06.57_log.txt

20:06:57.0001 0x0cd0  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
20:06:57.0797 0x0cd0  ============================================================
20:06:57.0797 0x0cd0  Current date / time: 2014/06/18 20:06:57.0797
20:06:57.0797 0x0cd0  SystemInfo:
20:06:57.0797 0x0cd0  
20:06:57.0797 0x0cd0  OS Version: 6.1.7601 ServicePack: 1.0
20:06:57.0797 0x0cd0  Product type: Workstation
20:06:57.0797 0x0cd0  ComputerName: SUSAN-PC
20:06:57.0797 0x0cd0  UserName: Susan
20:06:57.0797 0x0cd0  Windows directory: C:\windows
20:06:57.0797 0x0cd0  System windows directory: C:\windows
20:06:57.0797 0x0cd0  Running under WOW64
20:06:57.0797 0x0cd0  Processor architecture: Intel x64
20:06:57.0797 0x0cd0  Number of processors: 4
20:06:57.0797 0x0cd0  Page size: 0x1000
20:06:57.0797 0x0cd0  Boot type: Normal boot
20:06:57.0797 0x0cd0  ============================================================
20:06:57.0797 0x0cd0  BG loaded
20:06:57.0843 0x0cd0  System UUID: {4A56293C-BE7C-B1E4-D422-89014F1F5E4A}
20:06:58.0124 0x0cd0  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:06:58.0124 0x0cd0  ============================================================
20:06:58.0124 0x0cd0  \Device\Harddisk0\DR0:
20:06:58.0124 0x0cd0  MBR partitions:
20:06:58.0124 0x0cd0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xCA62800
20:06:58.0124 0x0cd0  ============================================================
20:06:58.0124 0x0cd0  C: <-> \Device\Harddisk0\DR0\Partition1
20:06:58.0124 0x0cd0  ============================================================
20:06:58.0124 0x0cd0  Initialize success
20:06:58.0124 0x0cd0  ============================================================
20:08:44.0749 0x0b10  ============================================================
20:08:44.0749 0x0b10  Scan started
20:08:44.0749 0x0b10  Mode: Manual; SigCheck; TDLFS;
20:08:44.0749 0x0b10  ============================================================
20:08:44.0749 0x0b10  KSN ping started
20:08:47.0760 0x0b10  KSN ping finished: true
20:08:47.0960 0x0b10  ================ Scan system memory ========================
20:08:47.0960 0x0b10  System memory - ok
20:08:47.0970 0x0b10  ================ Scan services =============================
20:08:48.0010 0x0b10  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
20:08:48.0090 0x0b10  1394ohci - ok
20:08:48.0110 0x0b10  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
20:08:48.0140 0x0b10  ACPI - ok
20:08:48.0140 0x0b10  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
20:08:48.0160 0x0b10  AcpiPmi - ok
20:08:48.0180 0x0b10  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:08:48.0200 0x0b10  AdobeFlashPlayerUpdateSvc - ok
20:08:48.0210 0x0b10  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
20:08:48.0230 0x0b10  adp94xx - ok
20:08:48.0240 0x0b10  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
20:08:48.0260 0x0b10  adpahci - ok
20:08:48.0260 0x0b10  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
20:08:48.0270 0x0b10  adpu320 - ok
20:08:48.0280 0x0b10  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
20:08:48.0340 0x0b10  AeLookupSvc - ok
20:08:48.0350 0x0b10  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
20:08:48.0370 0x0b10  AFD - ok
20:08:48.0380 0x0b10  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
20:08:48.0390 0x0b10  agp440 - ok
20:08:48.0390 0x0b10  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
20:08:48.0410 0x0b10  ALG - ok
20:08:48.0410 0x0b10  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
20:08:48.0420 0x0b10  aliide - ok
20:08:48.0430 0x0b10  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
20:08:48.0430 0x0b10  amdide - ok
20:08:48.0440 0x0b10  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
20:08:48.0450 0x0b10  AmdK8 - ok
20:08:48.0450 0x0b10  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
20:08:48.0470 0x0b10  AmdPPM - ok
20:08:48.0470 0x0b10  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
20:08:48.0480 0x0b10  amdsata - ok
20:08:48.0490 0x0b10  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
20:08:48.0500 0x0b10  amdsbs - ok
20:08:48.0510 0x0b10  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
20:08:48.0520 0x0b10  amdxata - ok
20:08:48.0520 0x0b10  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
20:08:48.0580 0x0b10  AppID - ok
20:08:48.0590 0x0b10  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
20:08:48.0620 0x0b10  AppIDSvc - ok
20:08:48.0620 0x0b10  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
20:08:48.0640 0x0b10  Appinfo - ok
20:08:48.0640 0x0b10  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:08:48.0650 0x0b10  Apple Mobile Device - ok
20:08:48.0660 0x0b10  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
20:08:48.0670 0x0b10  arc - ok
20:08:48.0670 0x0b10  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
20:08:48.0680 0x0b10  arcsas - ok
20:08:48.0700 0x0b10  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:08:48.0710 0x0b10  aspnet_state - ok
20:08:48.0720 0x0b10  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
20:08:48.0750 0x0b10  AsyncMac - ok
20:08:48.0750 0x0b10  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
20:08:48.0760 0x0b10  atapi - ok
20:08:48.0770 0x0b10  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:08:48.0820 0x0b10  AudioEndpointBuilder - ok
20:08:48.0830 0x0b10  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
20:08:48.0870 0x0b10  AudioSrv - ok
20:08:48.0880 0x0b10  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
20:08:48.0900 0x0b10  AxInstSV - ok
20:08:48.0920 0x0b10  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
20:08:48.0940 0x0b10  b06bdrv - ok
20:08:48.0950 0x0b10  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
20:08:48.0960 0x0b10  b57nd60a - ok
20:08:48.0970 0x0b10  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
20:08:48.0980 0x0b10  BDESVC - ok
20:08:48.0990 0x0b10  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
20:08:49.0010 0x0b10  Beep - ok
20:08:49.0030 0x0b10  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
20:08:49.0060 0x0b10  BFE - ok
20:08:49.0080 0x0b10  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
20:08:49.0130 0x0b10  BITS - ok
20:08:49.0130 0x0b10  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
20:08:49.0140 0x0b10  blbdrive - ok
20:08:49.0150 0x0b10  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:08:49.0170 0x0b10  Bonjour Service - ok
20:08:49.0170 0x0b10  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
20:08:49.0180 0x0b10  bowser - ok
20:08:49.0190 0x0b10  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
20:08:49.0200 0x0b10  BrFiltLo - ok
20:08:49.0200 0x0b10  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
20:08:49.0220 0x0b10  BrFiltUp - ok
20:08:49.0220 0x0b10  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
20:08:49.0250 0x0b10  BridgeMP - ok
20:08:49.0260 0x0b10  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
20:08:49.0270 0x0b10  Browser - ok
20:08:49.0280 0x0b10  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
20:08:49.0300 0x0b10  Brserid - ok
20:08:49.0300 0x0b10  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
20:08:49.0320 0x0b10  BrSerWdm - ok
20:08:49.0320 0x0b10  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
20:08:49.0330 0x0b10  BrUsbMdm - ok
20:08:49.0340 0x0b10  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
20:08:49.0350 0x0b10  BrUsbSer - ok
20:08:49.0350 0x0b10  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
20:08:49.0370 0x0b10  BTHMODEM - ok
20:08:49.0370 0x0b10  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
20:08:49.0400 0x0b10  bthserv - ok
20:08:49.0410 0x0b10  catchme - ok
20:08:49.0410 0x0b10  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
20:08:49.0440 0x0b10  cdfs - ok
20:08:49.0450 0x0b10  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
20:08:49.0460 0x0b10  cdrom - ok
20:08:49.0470 0x0b10  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
20:08:49.0490 0x0b10  CertPropSvc - ok
20:08:49.0500 0x0b10  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
20:08:49.0510 0x0b10  circlass - ok
20:08:49.0520 0x0b10  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
20:08:49.0540 0x0b10  CLFS - ok
20:08:49.0550 0x0b10  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:08:49.0560 0x0b10  clr_optimization_v2.0.50727_32 - ok
20:08:49.0560 0x0b10  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:08:49.0570 0x0b10  clr_optimization_v2.0.50727_64 - ok
20:08:49.0580 0x0b10  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:08:49.0610 0x0b10  clr_optimization_v4.0.30319_32 - ok
20:08:49.0610 0x0b10  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:08:49.0630 0x0b10  clr_optimization_v4.0.30319_64 - ok
20:08:49.0640 0x0b10  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
20:08:49.0650 0x0b10  CmBatt - ok
20:08:49.0650 0x0b10  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
20:08:49.0660 0x0b10  cmdide - ok
20:08:49.0670 0x0b10  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
20:08:49.0700 0x0b10  CNG - ok
20:08:49.0700 0x0b10  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
20:08:49.0710 0x0b10  Compbatt - ok
20:08:49.0710 0x0b10  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
20:08:49.0720 0x0b10  CompositeBus - ok
20:08:49.0730 0x0b10  COMSysApp - ok
20:08:49.0740 0x0b10  [ 702E7510ADD9F64CD5DC3160EF804A97, 86FD47D16F2714B4E5EF4B72A88C208B8724880686A2F0E83D0ACF31DED73CFC ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
20:08:49.0760 0x0b10  cphs - ok
20:08:49.0760 0x0b10  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
20:08:49.0770 0x0b10  crcdisk - ok
20:08:49.0780 0x0b10  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
20:08:49.0790 0x0b10  CryptSvc - ok
20:08:49.0810 0x0b10  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
20:08:49.0840 0x0b10  DcomLaunch - ok
20:08:49.0850 0x0b10  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
20:08:49.0890 0x0b10  defragsvc - ok
20:08:49.0890 0x0b10  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
20:08:49.0920 0x0b10  DfsC - ok
20:08:49.0930 0x0b10  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
20:08:49.0950 0x0b10  Dhcp - ok
20:08:49.0950 0x0b10  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
20:08:49.0980 0x0b10  discache - ok
20:08:49.0980 0x0b10  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
20:08:49.0990 0x0b10  Disk - ok
20:08:50.0000 0x0b10  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
20:08:50.0010 0x0b10  Dnscache - ok
20:08:50.0020 0x0b10  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
20:08:50.0050 0x0b10  dot3svc - ok
20:08:50.0060 0x0b10  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
20:08:50.0090 0x0b10  DPS - ok
20:08:50.0090 0x0b10  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
20:08:50.0100 0x0b10  drmkaud - ok
20:08:50.0130 0x0b10  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
20:08:50.0150 0x0b10  DXGKrnl - ok
20:08:50.0160 0x0b10  [ 2E83CF60759CAEA3F0CEB26D58208CAB, 65C2140A2A376F9425D749EC5AE811028453734EAD94590D07EFECF7968150F4 ] e1cexpress      C:\windows\system32\DRIVERS\e1c62x64.sys
20:08:50.0180 0x0b10  e1cexpress - ok
20:08:50.0180 0x0b10  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
20:08:50.0210 0x0b10  EapHost - ok
20:08:50.0280 0x0b10  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
20:08:50.0370 0x0b10  ebdrv - ok
20:08:50.0370 0x0b10  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
20:08:50.0390 0x0b10  EFS - ok
20:08:50.0400 0x0b10  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
20:08:50.0430 0x0b10  ehRecvr - ok
20:08:50.0440 0x0b10  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
20:08:50.0450 0x0b10  ehSched - ok
20:08:50.0470 0x0b10  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
20:08:50.0490 0x0b10  elxstor - ok
20:08:50.0490 0x0b10  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
20:08:50.0500 0x0b10  ErrDev - ok
20:08:50.0520 0x0b10  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
20:08:50.0550 0x0b10  EventSystem - ok
20:08:50.0570 0x0b10  [ 23D401A43DADED10A153B9F3A7E66C91, 3B6466108FFB04EC07CA07D2EAAA9F6537CBE1F2D800AAADE9C1E0C8DBADDFB5 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:08:50.0590 0x0b10  EvtEng - ok
20:08:50.0590 0x0b10  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
20:08:50.0630 0x0b10  exfat - ok
20:08:50.0630 0x0b10  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
20:08:50.0670 0x0b10  fastfat - ok
20:08:50.0680 0x0b10  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
20:08:50.0710 0x0b10  Fax - ok
20:08:50.0710 0x0b10  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
20:08:50.0730 0x0b10  fdc - ok
20:08:50.0730 0x0b10  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
20:08:50.0760 0x0b10  fdPHost - ok
20:08:50.0760 0x0b10  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
20:08:50.0790 0x0b10  FDResPub - ok
20:08:50.0800 0x0b10  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
20:08:50.0810 0x0b10  FileInfo - ok
20:08:50.0810 0x0b10  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
20:08:50.0840 0x0b10  Filetrace - ok
20:08:50.0840 0x0b10  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
20:08:50.0850 0x0b10  flpydisk - ok
20:08:50.0860 0x0b10  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
20:08:50.0880 0x0b10  FltMgr - ok
20:08:50.0900 0x0b10  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
20:08:50.0940 0x0b10  FontCache - ok
20:08:50.0940 0x0b10  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:08:50.0950 0x0b10  FontCache3.0.0.0 - ok
20:08:50.0960 0x0b10  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
20:08:50.0970 0x0b10  FsDepends - ok
20:08:50.0970 0x0b10  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
20:08:50.0980 0x0b10  Fs_Rec - ok
20:08:50.0980 0x0b10  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
20:08:51.0000 0x0b10  fvevol - ok
20:08:51.0000 0x0b10  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
20:08:51.0010 0x0b10  gagp30kx - ok
20:08:51.0020 0x0b10  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:08:51.0030 0x0b10  GEARAspiWDM - ok
20:08:51.0040 0x0b10  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
20:08:51.0090 0x0b10  gpsvc - ok
20:08:51.0100 0x0b10  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:08:51.0100 0x0b10  gupdate - ok
20:08:51.0110 0x0b10  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:08:51.0120 0x0b10  gupdatem - ok
20:08:51.0120 0x0b10  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
20:08:51.0130 0x0b10  hcw85cir - ok
20:08:51.0140 0x0b10  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:08:51.0160 0x0b10  HdAudAddService - ok
20:08:51.0170 0x0b10  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
20:08:51.0180 0x0b10  HDAudBus - ok
20:08:51.0180 0x0b10  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
20:08:51.0200 0x0b10  HidBatt - ok
20:08:51.0200 0x0b10  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
20:08:51.0210 0x0b10  HidBth - ok
20:08:51.0220 0x0b10  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
20:08:51.0230 0x0b10  HidIr - ok
20:08:51.0240 0x0b10  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
20:08:51.0260 0x0b10  hidserv - ok
20:08:51.0270 0x0b10  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
20:08:51.0280 0x0b10  HidUsb - ok
20:08:51.0280 0x0b10  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
20:08:51.0310 0x0b10  hkmsvc - ok
20:08:51.0320 0x0b10  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:08:51.0330 0x0b10  HomeGroupListener - ok
20:08:51.0340 0x0b10  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:08:51.0350 0x0b10  HomeGroupProvider - ok
20:08:51.0360 0x0b10  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
20:08:51.0370 0x0b10  HpSAMD - ok
20:08:51.0390 0x0b10  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
20:08:51.0430 0x0b10  HTTP - ok
20:08:51.0430 0x0b10  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
20:08:51.0440 0x0b10  hwpolicy - ok
20:08:51.0450 0x0b10  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
20:08:51.0460 0x0b10  i8042prt - ok
20:08:51.0470 0x0b10  [ C804D8F257A9C695E69F113C385F9E68, 4C33357E61EA87A5D047BE247EF314678B35E75B9FDF63C92E1CBD0B9D7B128E ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
20:08:51.0480 0x0b10  Suspicious file ( Forged ): C:\windows\system32\DRIVERS\iaStor.sys. Real md5: C804D8F257A9C695E69F113C385F9E68, sha256: 4C33357E61EA87A5D047BE247EF314678B35E75B9FDF63C92E1CBD0B9D7B128E, fake md5: C224331A54571C8C9162F7714400BBBD, fake sha256: C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA
20:08:51.0480 0x0b10  iaStor - detected ForgedFile.Multi.Generic ( 1 )
20:08:54.0551 0x0b10  iaStor ( ForgedFile.Multi.Generic ) - warning
20:08:54.0551 0x0b10  Force sending object to P2P due to detect: iaStor
20:08:58.0001 0x0b10  Object send P2P result: true
20:09:00.0902 0x0b10  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
20:09:00.0932 0x0b10  iaStorV - ok
20:09:00.0972 0x0b10  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:09:01.0012 0x0b10  idsvc - ok
20:09:01.0022 0x0b10  IEEtwCollectorService - ok
20:09:01.0432 0x0b10  [ 3FB253E8059A1AAC3A8B83A31D094CC5, 4D4988BF7D81FB6D75CDB65E1E42AC72DA76D3F84712AA1A27428A6490E342D0 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
20:09:01.0912 0x0b10  igfx - ok
20:09:01.0932 0x0b10  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
20:09:01.0942 0x0b10  iirsp - ok
20:09:01.0962 0x0b10  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
20:09:01.0992 0x0b10  IKEEXT - ok
20:09:02.0002 0x0b10  [ CADDF0927DAC63EDAE48F5C35A61D87D, C46006461311B1563C1D149B9D60B202F30147265B9D93069B084D03A09D2BEC ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
20:09:02.0002 0x0b10  intaud_WaveExtensible - ok
20:09:02.0112 0x0b10  [ 21F54139C93FC595902B58ED947D47D5, B48FA18BD273AAB965C06D9F6F74EC7A8D318411293E06B407A38AC4A31E3F02 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:09:02.0212 0x0b10  IntcAzAudAddService - ok
20:09:02.0222 0x0b10  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
20:09:02.0242 0x0b10  IntcDAud - ok
20:09:02.0252 0x0b10  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:09:02.0272 0x0b10  Intel® Capability Licensing Service Interface - ok
20:09:02.0282 0x0b10  [ 896AA2F1D79662B17D5DBBE588E24E30, 834257B3C247ECA0130A55FB8E5F906F54B94A124FBB842DB7D679C030BD439B ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
20:09:02.0292 0x0b10  Intel® ME Service - ok
20:09:02.0292 0x0b10  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
20:09:02.0302 0x0b10  intelide - ok
20:09:02.0302 0x0b10  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
20:09:02.0312 0x0b10  intelppm - ok
20:09:02.0322 0x0b10  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
20:09:02.0352 0x0b10  IPBusEnum - ok
20:09:02.0352 0x0b10  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
20:09:02.0382 0x0b10  IpFilterDriver - ok
20:09:02.0402 0x0b10  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
20:09:02.0422 0x0b10  iphlpsvc - ok
20:09:02.0432 0x0b10  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
20:09:02.0442 0x0b10  IPMIDRV - ok
20:09:02.0442 0x0b10  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
20:09:02.0472 0x0b10  IPNAT - ok
20:09:02.0502 0x0b10  [ 6E50CFA46527B39015B750AAD161C5CC, 93F99EF7771C56EBE41FBC0C668F686644FBDF94E31456D3F5A9A8AE2F70EAB6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:09:02.0522 0x0b10  iPod Service - ok
20:09:02.0532 0x0b10  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
20:09:02.0542 0x0b10  IRENUM - ok
20:09:02.0552 0x0b10  [ 6DC22BDAA595BE00F19696E72F2F3312, B46B50395100D3A23663C56CC395A874130B72E314997AAD6C52F0C5C23364C4 ] irstrtdv        C:\windows\system32\DRIVERS\irstrtdv.sys
20:09:02.0562 0x0b10  irstrtdv - ok
20:09:02.0562 0x0b10  [ 49869B871F6DB76021D0E9B5DF1CC2CB, 81B6FF4E7A2F984E190458AF0E2308B0227AE9CDD83EB2629BF084B8B1BFB76E ] irstrtsv        C:\windows\SysWOW64\irstrtsv.exe
20:09:02.0572 0x0b10  irstrtsv - ok
20:09:02.0582 0x0b10  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
20:09:02.0592 0x0b10  isapnp - ok
20:09:02.0602 0x0b10  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
20:09:02.0612 0x0b10  iScsiPrt - ok
20:09:02.0612 0x0b10  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\windows\system32\DRIVERS\iusb3hcs.sys
20:09:02.0622 0x0b10  iusb3hcs - ok
20:09:02.0642 0x0b10  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\windows\system32\DRIVERS\iusb3hub.sys
20:09:02.0652 0x0b10  iusb3hub - ok
20:09:02.0672 0x0b10  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\windows\system32\DRIVERS\iusb3xhc.sys
20:09:02.0702 0x0b10  iusb3xhc - ok
20:09:02.0702 0x0b10  [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus          C:\windows\system32\DRIVERS\iwdbus.sys
20:09:02.0712 0x0b10  iwdbus - ok
20:09:02.0722 0x0b10  [ 3C6630473DD42FFC57D9F5564F533127, 1B2BBB8CF7AD5BF3F99565DA49F51B1E15D4B35698C105C0597DDBEB2DA61A83 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
20:09:02.0732 0x0b10  jhi_service - ok
20:09:02.0742 0x0b10  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
20:09:02.0742 0x0b10  kbdclass - ok
20:09:02.0752 0x0b10  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
20:09:02.0762 0x0b10  kbdhid - ok
20:09:02.0772 0x0b10  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
20:09:02.0782 0x0b10  KeyIso - ok
20:09:02.0782 0x0b10  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
20:09:02.0792 0x0b10  KSecDD - ok
20:09:02.0822 0x0b10  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
20:09:02.0832 0x0b10  KSecPkg - ok
20:09:02.0832 0x0b10  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
20:09:02.0882 0x0b10  ksthunk - ok
20:09:02.0892 0x0b10  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
20:09:02.0942 0x0b10  KtmRm - ok
20:09:02.0952 0x0b10  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
20:09:03.0002 0x0b10  LanmanServer - ok
20:09:03.0002 0x0b10  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:09:03.0042 0x0b10  LanmanWorkstation - ok
20:09:03.0042 0x0b10  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
20:09:03.0092 0x0b10  lltdio - ok
20:09:03.0102 0x0b10  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
20:09:03.0152 0x0b10  lltdsvc - ok
20:09:03.0152 0x0b10  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
20:09:03.0192 0x0b10  lmhosts - ok
20:09:03.0202 0x0b10  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5, 7CEF2455D21A355542B290F4F18EDBC444F3704A31E569652D96A0A3E6799826 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:09:03.0222 0x0b10  LMS - ok
20:09:03.0232 0x0b10  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
20:09:03.0252 0x0b10  LSI_FC - ok
20:09:03.0252 0x0b10  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
20:09:03.0272 0x0b10  LSI_SAS - ok
20:09:03.0272 0x0b10  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
20:09:03.0282 0x0b10  LSI_SAS2 - ok
20:09:03.0292 0x0b10  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
20:09:03.0302 0x0b10  LSI_SCSI - ok
20:09:03.0312 0x0b10  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
20:09:03.0342 0x0b10  luafv - ok
20:09:03.0352 0x0b10  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
20:09:03.0362 0x0b10  Mcx2Svc - ok
20:09:03.0372 0x0b10  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
20:09:03.0382 0x0b10  megasas - ok
20:09:03.0392 0x0b10  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
20:09:03.0402 0x0b10  MegaSR - ok
20:09:03.0412 0x0b10  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
20:09:03.0422 0x0b10  MEIx64 - ok
20:09:03.0422 0x0b10  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
20:09:03.0462 0x0b10  MMCSS - ok
20:09:03.0472 0x0b10  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
20:09:03.0512 0x0b10  Modem - ok
20:09:03.0512 0x0b10  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
20:09:03.0532 0x0b10  monitor - ok
20:09:03.0532 0x0b10  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
20:09:03.0542 0x0b10  mouclass - ok
20:09:03.0552 0x0b10  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\drivers\mouhid.sys
20:09:03.0562 0x0b10  mouhid - ok
20:09:03.0572 0x0b10  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
20:09:03.0582 0x0b10  mountmgr - ok
20:09:03.0592 0x0b10  [ 46297FA8E30A6007F14118FC2B942FBC, 40785B7121DBFA411EA922ECF6008BA4A94BC742662E271BFD6B31288ECC1BA4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:09:03.0602 0x0b10  MozillaMaintenance - ok
20:09:03.0612 0x0b10  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
20:09:03.0632 0x0b10  MpFilter - ok
20:09:03.0642 0x0b10  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
20:09:03.0653 0x0b10  mpio - ok
20:09:03.0663 0x0b10  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
20:09:03.0693 0x0b10  mpsdrv - ok
20:09:03.0723 0x0b10  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
20:09:03.0783 0x0b10  MpsSvc - ok
20:09:03.0793 0x0b10  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
20:09:03.0803 0x0b10  MRxDAV - ok
20:09:03.0813 0x0b10  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
20:09:03.0833 0x0b10  mrxsmb - ok
20:09:03.0843 0x0b10  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
20:09:03.0863 0x0b10  mrxsmb10 - ok
20:09:03.0873 0x0b10  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
20:09:03.0883 0x0b10  mrxsmb20 - ok
20:09:03.0883 0x0b10  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
20:09:03.0893 0x0b10  msahci - ok
20:09:03.0903 0x0b10  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
20:09:03.0913 0x0b10  msdsm - ok
20:09:03.0913 0x0b10  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
20:09:03.0933 0x0b10  MSDTC - ok
20:09:03.0933 0x0b10  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
20:09:03.0963 0x0b10  Msfs - ok
20:09:03.0963 0x0b10  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
20:09:03.0993 0x0b10  mshidkmdf - ok
20:09:04.0003 0x0b10  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
20:09:04.0013 0x0b10  msisadrv - ok
20:09:04.0013 0x0b10  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
20:09:04.0053 0x0b10  MSiSCSI - ok
20:09:04.0053 0x0b10  msiserver - ok
20:09:04.0053 0x0b10  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
20:09:04.0083 0x0b10  MSKSSRV - ok
20:09:04.0093 0x0b10  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:09:04.0103 0x0b10  MsMpSvc - ok
20:09:04.0103 0x0b10  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
20:09:04.0133 0x0b10  MSPCLOCK - ok
20:09:04.0133 0x0b10  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
20:09:04.0163 0x0b10  MSPQM - ok
20:09:04.0173 0x0b10  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
20:09:04.0193 0x0b10  MsRPC - ok
20:09:04.0203 0x0b10  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
20:09:04.0213 0x0b10  mssmbios - ok
20:09:04.0213 0x0b10  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
20:09:04.0243 0x0b10  MSTEE - ok
20:09:04.0243 0x0b10  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
20:09:04.0253 0x0b10  MTConfig - ok
20:09:04.0263 0x0b10  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
20:09:04.0273 0x0b10  Mup - ok
20:09:04.0283 0x0b10  [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3, 9CAFFECB0F59CC758C646F886D7A9A276A152B94EE58564BD03FBB48C4C7E396 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:09:04.0293 0x0b10  MyWiFiDHCPDNS - ok
20:09:04.0313 0x0b10  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
20:09:04.0363 0x0b10  napagent - ok
20:09:04.0373 0x0b10  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
20:09:04.0393 0x0b10  NativeWifiP - ok
20:09:04.0423 0x0b10  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
20:09:04.0453 0x0b10  NDIS - ok
20:09:04.0463 0x0b10  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
20:09:04.0493 0x0b10  NdisCap - ok
20:09:04.0493 0x0b10  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
20:09:04.0523 0x0b10  NdisTapi - ok
20:09:04.0533 0x0b10  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
20:09:04.0563 0x0b10  Ndisuio - ok
20:09:04.0563 0x0b10  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
20:09:04.0593 0x0b10  NdisWan - ok
20:09:04.0603 0x0b10  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
20:09:04.0633 0x0b10  NDProxy - ok
20:09:04.0633 0x0b10  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
20:09:04.0663 0x0b10  NetBIOS - ok
20:09:04.0673 0x0b10  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
20:09:04.0703 0x0b10  NetBT - ok
20:09:04.0713 0x0b10  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
20:09:04.0723 0x0b10  Netlogon - ok
20:09:04.0733 0x0b10  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
20:09:04.0773 0x0b10  Netman - ok
20:09:04.0783 0x0b10  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:04.0793 0x0b10  NetMsmqActivator - ok
20:09:04.0793 0x0b10  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:04.0813 0x0b10  NetPipeActivator - ok
20:09:04.0823 0x0b10  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
20:09:04.0863 0x0b10  netprofm - ok
20:09:04.0863 0x0b10  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:04.0883 0x0b10  NetTcpActivator - ok
20:09:04.0893 0x0b10  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:04.0903 0x0b10  NetTcpPortSharing - ok
20:09:05.0203 0x0b10  [ 079F133C8BF1CF5DE310DEB467CA6AA6, 3EA1ECC74832F1D91B937EAB8DCC965C43514ACB8F70E694C8F954CA860B8930 ] NETwNs64        C:\windows\system32\DRIVERS\Netwsw00.sys
20:09:05.0463 0x0b10  NETwNs64 - ok
20:09:05.0483 0x0b10  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
20:09:05.0493 0x0b10  nfrd960 - ok
20:09:05.0493 0x0b10  [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:09:05.0503 0x0b10  NisDrv - ok
20:09:05.0513 0x0b10  [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:09:05.0533 0x0b10  NisSrv - ok
20:09:05.0543 0x0b10  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
20:09:05.0563 0x0b10  NlaSvc - ok
20:09:05.0563 0x0b10  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
20:09:05.0593 0x0b10  Npfs - ok
20:09:05.0593 0x0b10  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
20:09:05.0623 0x0b10  nsi - ok
20:09:05.0623 0x0b10  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
20:09:05.0653 0x0b10  nsiproxy - ok
20:09:05.0693 0x0b10  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
20:09:05.0733 0x0b10  Ntfs - ok
20:09:05.0743 0x0b10  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
20:09:05.0763 0x0b10  Null - ok
20:09:05.0773 0x0b10  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
20:09:05.0783 0x0b10  nvraid - ok
20:09:05.0793 0x0b10  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
20:09:05.0803 0x0b10  nvstor - ok
20:09:05.0813 0x0b10  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
20:09:05.0823 0x0b10  nv_agp - ok
20:09:05.0823 0x0b10  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
20:09:05.0833 0x0b10  ohci1394 - ok
20:09:05.0843 0x0b10  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:09:05.0853 0x0b10  ose - ok
20:09:05.0863 0x0b10  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
20:09:05.0883 0x0b10  p2pimsvc - ok
20:09:05.0893 0x0b10  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
20:09:05.0913 0x0b10  p2psvc - ok
20:09:05.0923 0x0b10  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
20:09:05.0933 0x0b10  Parport - ok
20:09:05.0933 0x0b10  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
20:09:05.0943 0x0b10  partmgr - ok
20:09:05.0953 0x0b10  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
20:09:05.0973 0x0b10  PcaSvc - ok
20:09:05.0973 0x0b10  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
20:09:05.0993 0x0b10  pci - ok
20:09:05.0993 0x0b10  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
20:09:06.0003 0x0b10  pciide - ok
20:09:06.0003 0x0b10  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
20:09:06.0023 0x0b10  pcmcia - ok
20:09:06.0023 0x0b10  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
20:09:06.0033 0x0b10  pcw - ok
20:09:06.0053 0x0b10  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
20:09:06.0093 0x0b10  PEAUTH - ok
20:09:06.0103 0x0b10  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
20:09:06.0113 0x0b10  PerfHost - ok
20:09:06.0123 0x0b10  [ 91111CEBBDE8015E822C46120ED9537C, 255B85FEF663C2E0652CECF3F9B67B12B576F924A34415DEE13F0F5137E1E7F7 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
20:09:06.0123 0x0b10  PGEffect - ok
20:09:06.0163 0x0b10  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
20:09:06.0223 0x0b10  pla - ok
20:09:06.0233 0x0b10  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
20:09:06.0253 0x0b10  PlugPlay - ok
20:09:06.0253 0x0b10  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
20:09:06.0263 0x0b10  PNRPAutoReg - ok
20:09:06.0273 0x0b10  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
20:09:06.0293 0x0b10  PNRPsvc - ok
20:09:06.0303 0x0b10  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
20:09:06.0343 0x0b10  PolicyAgent - ok
20:09:06.0353 0x0b10  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\windows\system32\umpo.dll
20:09:06.0363 0x0b10  Power - ok
20:09:06.0373 0x0b10  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
20:09:06.0403 0x0b10  PptpMiniport - ok
20:09:06.0403 0x0b10  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
20:09:06.0423 0x0b10  Processor - ok
20:09:06.0423 0x0b10  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
20:09:06.0443 0x0b10  ProfSvc - ok
20:09:06.0443 0x0b10  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
20:09:06.0453 0x0b10  ProtectedStorage - ok
20:09:06.0463 0x0b10  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
20:09:06.0493 0x0b10  Psched - ok
20:09:06.0523 0x0b10  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
20:09:06.0563 0x0b10  ql2300 - ok
20:09:06.0573 0x0b10  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
20:09:06.0583 0x0b10  ql40xx - ok
20:09:06.0593 0x0b10  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
20:09:06.0613 0x0b10  QWAVE - ok
20:09:06.0613 0x0b10  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
20:09:06.0633 0x0b10  QWAVEdrv - ok
20:09:06.0633 0x0b10  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
20:09:06.0663 0x0b10  RasAcd - ok
20:09:06.0673 0x0b10  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
20:09:06.0703 0x0b10  RasAgileVpn - ok
20:09:06.0703 0x0b10  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
20:09:06.0743 0x0b10  RasAuto - ok
20:09:06.0743 0x0b10  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
20:09:06.0773 0x0b10  Rasl2tp - ok
20:09:06.0783 0x0b10  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
20:09:06.0823 0x0b10  RasMan - ok
20:09:06.0823 0x0b10  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
20:09:06.0853 0x0b10  RasPppoe - ok
20:09:06.0863 0x0b10  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
20:09:06.0893 0x0b10  RasSstp - ok
20:09:06.0903 0x0b10  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
20:09:06.0933 0x0b10  rdbss - ok
20:09:06.0933 0x0b10  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
20:09:06.0953 0x0b10  rdpbus - ok
20:09:06.0953 0x0b10  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
20:09:06.0983 0x0b10  RDPCDD - ok
20:09:06.0983 0x0b10  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
20:09:07.0013 0x0b10  RDPENCDD - ok
20:09:07.0023 0x0b10  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
20:09:07.0053 0x0b10  RDPREFMP - ok
20:09:07.0053 0x0b10  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
20:09:07.0073 0x0b10  RDPWD - ok
20:09:07.0083 0x0b10  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
20:09:07.0093 0x0b10  rdyboost - ok
20:09:07.0103 0x0b10  [ 0C2B4C3B10D183BE116A38353E937F62, 2523E6FAB400EA1F9B4A634C1CC427D1D6FDE4B36018FF469470961EB8E432FA ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:09:07.0113 0x0b10  RegSrvc - ok
20:09:07.0113 0x0b10  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
20:09:07.0143 0x0b10  RemoteAccess - ok
20:09:07.0153 0x0b10  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
20:09:07.0183 0x0b10  RemoteRegistry - ok
20:09:07.0193 0x0b10  [ 5A227511ED22DDFEDF7EF7323C8F7D2F, 5056DED32432E192268BE8214B6152A488807357D1BBB769171843E589BF4320 ] risdxc          C:\windows\system32\DRIVERS\risdxc64.sys
20:09:07.0203 0x0b10  risdxc - ok
20:09:07.0213 0x0b10  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
20:09:07.0243 0x0b10  RpcEptMapper - ok
20:09:07.0243 0x0b10  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
20:09:07.0253 0x0b10  RpcLocator - ok
20:09:07.0273 0x0b10  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
20:09:07.0303 0x0b10  RpcSs - ok
20:09:07.0313 0x0b10  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
20:09:07.0343 0x0b10  rspndr - ok
20:09:07.0343 0x0b10  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
20:09:07.0353 0x0b10  SamSs - ok
20:09:07.0363 0x0b10  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
20:09:07.0373 0x0b10  sbp2port - ok
20:09:07.0373 0x0b10  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
20:09:07.0413 0x0b10  SCardSvr - ok
20:09:07.0413 0x0b10  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
20:09:07.0443 0x0b10  scfilter - ok
20:09:07.0463 0x0b10  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
20:09:07.0523 0x0b10  Schedule - ok
20:09:07.0523 0x0b10  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
20:09:07.0553 0x0b10  SCPolicySvc - ok
20:09:07.0563 0x0b10  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
20:09:07.0573 0x0b10  SDRSVC - ok
20:09:07.0583 0x0b10  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
20:09:07.0613 0x0b10  secdrv - ok
20:09:07.0613 0x0b10  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
20:09:07.0643 0x0b10  seclogon - ok
20:09:07.0643 0x0b10  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
20:09:07.0683 0x0b10  SENS - ok
20:09:07.0683 0x0b10  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
20:09:07.0693 0x0b10  SensrSvc - ok
20:09:07.0703 0x0b10  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
20:09:07.0713 0x0b10  Serenum - ok
20:09:07.0713 0x0b10  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
20:09:07.0723 0x0b10  Serial - ok
20:09:07.0733 0x0b10  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
20:09:07.0743 0x0b10  sermouse - ok
20:09:07.0753 0x0b10  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
20:09:07.0783 0x0b10  SessionEnv - ok
20:09:07.0783 0x0b10  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
20:09:07.0803 0x0b10  sffdisk - ok
20:09:07.0803 0x0b10  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
20:09:07.0813 0x0b10  sffp_mmc - ok
20:09:07.0823 0x0b10  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
20:09:07.0833 0x0b10  sffp_sd - ok
20:09:07.0833 0x0b10  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
20:09:07.0843 0x0b10  sfloppy - ok
20:09:07.0863 0x0b10  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
20:09:07.0893 0x0b10  SharedAccess - ok
20:09:07.0903 0x0b10  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:09:07.0943 0x0b10  ShellHWDetection - ok
20:09:07.0943 0x0b10  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
20:09:07.0953 0x0b10  SiSRaid2 - ok
20:09:07.0953 0x0b10  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
20:09:07.0973 0x0b10  SiSRaid4 - ok
20:09:07.0973 0x0b10  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
20:09:08.0003 0x0b10  Smb - ok
20:09:08.0013 0x0b10  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
20:09:08.0023 0x0b10  SNMPTRAP - ok
20:09:08.0023 0x0b10  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
20:09:08.0033 0x0b10  spldr - ok
20:09:08.0053 0x0b10  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
20:09:08.0073 0x0b10  Spooler - ok
20:09:08.0153 0x0b10  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
20:09:08.0263 0x0b10  sppsvc - ok
20:09:08.0273 0x0b10  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
20:09:08.0303 0x0b10  sppuinotify - ok
20:09:08.0313 0x0b10  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
20:09:08.0333 0x0b10  srv - ok
20:09:08.0343 0x0b10  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
20:09:08.0363 0x0b10  srv2 - ok
20:09:08.0373 0x0b10  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
20:09:08.0383 0x0b10  srvnet - ok
20:09:08.0393 0x0b10  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
20:09:08.0423 0x0b10  SSDPSRV - ok
20:09:08.0423 0x0b10  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
20:09:08.0453 0x0b10  SstpSvc - ok
20:09:08.0463 0x0b10  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
20:09:08.0473 0x0b10  stexstor - ok
20:09:08.0473 0x0b10  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\drivers\serscan.sys
20:09:08.0483 0x0b10  StillCam - ok
20:09:08.0503 0x0b10  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
20:09:08.0523 0x0b10  stisvc - ok
20:09:08.0533 0x0b10  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
20:09:08.0543 0x0b10  swenum - ok
20:09:08.0553 0x0b10  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
20:09:08.0593 0x0b10  swprv - ok
20:09:08.0603 0x0b10  [ 772493A8945495F1A287BF6C4CA25B48, D27BF0480ED94B24268714565CA848A099CFCEDE0D344A897DB5D779C3284A33 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
20:09:08.0623 0x0b10  SynTP - ok
20:09:08.0663 0x0b10  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
20:09:08.0713 0x0b10  SysMain - ok
20:09:08.0723 0x0b10  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
20:09:08.0743 0x0b10  TabletInputService - ok
20:09:08.0753 0x0b10  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
20:09:08.0783 0x0b10  TapiSrv - ok
20:09:08.0793 0x0b10  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
20:09:08.0823 0x0b10  TBS - ok
20:09:08.0863 0x0b10  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
20:09:08.0913 0x0b10  Tcpip - ok
20:09:08.0953 0x0b10  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
20:09:08.0993 0x0b10  TCPIP6 - ok
20:09:09.0003 0x0b10  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
20:09:09.0013 0x0b10  tcpipreg - ok
20:09:09.0023 0x0b10  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
20:09:09.0033 0x0b10  tdcmdpst - ok
20:09:09.0033 0x0b10  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
20:09:09.0043 0x0b10  TDPIPE - ok
20:09:09.0043 0x0b10  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
20:09:09.0053 0x0b10  TDTCP - ok
20:09:09.0063 0x0b10  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
20:09:09.0093 0x0b10  tdx - ok
20:09:09.0093 0x0b10  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
20:09:09.0103 0x0b10  TermDD - ok
20:09:09.0123 0x0b10  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
20:09:09.0163 0x0b10  TermService - ok
20:09:09.0173 0x0b10  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
20:09:09.0183 0x0b10  Themes - ok
20:09:09.0193 0x0b10  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
20:09:09.0223 0x0b10  THREADORDER - ok
20:09:09.0223 0x0b10  [ 521C21E7F6EAB98679F90CA4E135FB95, 16BC5D25955E744AEAADD7338B946ED88870F37841B8C6C24F93EC65BF526DF8 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:09:09.0233 0x0b10  TMachInfo - ok
20:09:09.0243 0x0b10  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\windows\system32\TODDSrv.exe
20:09:09.0253 0x0b10  TODDSrv - ok
20:09:09.0273 0x0b10  [ DDFB839074FA7980726D24495AEB25E3, AB8F0B559157094E4E4907DBF4F4ACD0DBE7C3DB7CF6E5B92B3BD73021CF6F40 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:09:09.0283 0x0b10  TosCoSrv - ok
20:09:09.0293 0x0b10  [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46, 3D3F68DC994C99436E31B72AEE15F4F46437AC3F2C2CD1D477C738E16397CB50 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
20:09:09.0303 0x0b10  TOSHIBA Bluetooth Service - ok
20:09:09.0323 0x0b10  [ 18CC3B3DB8840C6776A69E758A2B8A77, B90A6858ECE8EB9E7AE07B0DF00565315EA1022C47602D083B47940B89D45F3E ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:09:09.0333 0x0b10  TOSHIBA eco Utility Service - ok
20:09:09.0343 0x0b10  [ 7C33EF3DD1A861010AE0E614A06439D1, 72785C545A773D69E22AAE20A08F156FE8435E01086FB621D3DD5B755325AA67 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:09:09.0343 0x0b10  TOSHIBA HDD SSD Alert Service - ok
20:09:09.0353 0x0b10  Tosrfcom - ok
20:09:09.0353 0x0b10  [ A4DDAD3BF13F370EC392BE243E334EBA, DB4F33DB2B9692AB4087E408AAEC2AB4046278BBD696213089E2D931C04E966B ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys
20:09:09.0363 0x0b10  tosrfec - ok
20:09:09.0373 0x0b10  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
20:09:09.0393 0x0b10  tos_sps64 - ok
20:09:09.0413 0x0b10  [ ED53F965168AFB40DB9068092349AD64, D31D3E4ED9A5E56A1BCDBFA7CFBC1C9621557C3EA821B84A99039A611C93943E ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:09:09.0433 0x0b10  TPCHSrv - ok
20:09:09.0443 0x0b10  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
20:09:09.0473 0x0b10  TrkWks - ok
20:09:09.0483 0x0b10  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:09:09.0513 0x0b10  TrustedInstaller - ok
20:09:09.0513 0x0b10  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
20:09:09.0533 0x0b10  tssecsrv - ok
20:09:09.0533 0x0b10  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
20:09:09.0543 0x0b10  TsUsbFlt - ok
20:09:09.0553 0x0b10  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
20:09:09.0563 0x0b10  TsUsbGD - ok
20:09:09.0563 0x0b10  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
20:09:09.0593 0x0b10  tunnel - ok
20:09:09.0593 0x0b10  [ EFFCE6E033EBDD0F3C0F14A413558F65, 576E7C8F1FBE874A0F8F7AA97FC19F472474CFD4A6F663034341E98FF5A28BB5 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ.SYS
20:09:09.0603 0x0b10  TVALZ - ok
20:09:09.0603 0x0b10  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
20:09:09.0613 0x0b10  TVALZFL - ok
20:09:09.0623 0x0b10  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
20:09:09.0623 0x0b10  uagp35 - ok
20:09:09.0643 0x0b10  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
20:09:09.0673 0x0b10  udfs - ok
20:09:09.0683 0x0b10  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
20:09:09.0693 0x0b10  UI0Detect - ok
20:09:09.0703 0x0b10  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
20:09:09.0703 0x0b10  uliagpkx - ok
20:09:09.0713 0x0b10  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
20:09:09.0723 0x0b10  umbus - ok
20:09:09.0723 0x0b10  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
20:09:09.0733 0x0b10  UmPass - ok
20:09:09.0743 0x0b10  [ 3C5405EF78576E8E4D791EB18F6856A8, 18FD6A5C0ACD045B324F46C7C596D537D52F43B7F2896F0D54CEBEFF4886CAEC ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:09:09.0763 0x0b10  UNS - ok
20:09:09.0773 0x0b10  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
20:09:09.0803 0x0b10  upnphost - ok
20:09:09.0813 0x0b10  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
20:09:09.0823 0x0b10  usbccgp - ok
20:09:09.0833 0x0b10  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
20:09:09.0843 0x0b10  usbcir - ok
20:09:09.0843 0x0b10  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
20:09:09.0853 0x0b10  usbehci - ok
20:09:09.0863 0x0b10  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
20:09:09.0883 0x0b10  usbhub - ok
20:09:09.0883 0x0b10  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
20:09:09.0893 0x0b10  usbohci - ok
20:09:09.0903 0x0b10  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\drivers\usbprint.sys
20:09:09.0913 0x0b10  usbprint - ok
20:09:09.0913 0x0b10  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
20:09:09.0933 0x0b10  USBSTOR - ok
20:09:09.0953 0x0b10  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
20:09:09.0963 0x0b10  usbuhci - ok
20:09:09.0973 0x0b10  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
20:09:09.0983 0x0b10  usbvideo - ok
20:09:09.0983 0x0b10  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
20:09:10.0013 0x0b10  UxSms - ok
20:09:10.0023 0x0b10  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
20:09:10.0033 0x0b10  VaultSvc - ok
20:09:10.0033 0x0b10  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
20:09:10.0043 0x0b10  vdrvroot - ok
20:09:10.0053 0x0b10  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
20:09:10.0103 0x0b10  vds - ok
20:09:10.0103 0x0b10  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
20:09:10.0123 0x0b10  vga - ok
20:09:10.0123 0x0b10  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
20:09:10.0153 0x0b10  VgaSave - ok
20:09:10.0153 0x0b10  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
20:09:10.0173 0x0b10  vhdmp - ok
20:09:10.0173 0x0b10  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
20:09:10.0183 0x0b10  viaide - ok
20:09:10.0183 0x0b10  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
20:09:10.0193 0x0b10  volmgr - ok
20:09:10.0213 0x0b10  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
20:09:10.0223 0x0b10  volmgrx - ok
20:09:10.0233 0x0b10  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
20:09:10.0253 0x0b10  volsnap - ok
20:09:10.0253 0x0b10  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
20:09:10.0273 0x0b10  vsmraid - ok
20:09:10.0303 0x0b10  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
20:09:10.0373 0x0b10  VSS - ok
20:09:10.0373 0x0b10  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
20:09:10.0383 0x0b10  vwifibus - ok
20:09:10.0393 0x0b10  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
20:09:10.0403 0x0b10  vwififlt - ok
20:09:10.0413 0x0b10  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
20:09:10.0423 0x0b10  vwifimp - ok
20:09:10.0433 0x0b10  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
20:09:10.0473 0x0b10  W32Time - ok
20:09:10.0483 0x0b10  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
20:09:10.0493 0x0b10  WacomPen - ok
20:09:10.0493 0x0b10  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
20:09:10.0523 0x0b10  WANARP - ok
20:09:10.0523 0x0b10  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
20:09:10.0553 0x0b10  Wanarpv6 - ok
20:09:10.0583 0x0b10  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
20:09:10.0623 0x0b10  WatAdminSvc - ok
20:09:10.0663 0x0b10  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
20:09:10.0703 0x0b10  wbengine - ok
20:09:10.0713 0x0b10  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
20:09:10.0733 0x0b10  WbioSrvc - ok
20:09:10.0743 0x0b10  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
20:09:10.0773 0x0b10  wcncsvc - ok
20:09:10.0773 0x0b10  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:09:10.0783 0x0b10  WcsPlugInService - ok
20:09:10.0783 0x0b10  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
20:09:10.0793 0x0b10  Wd - ok
20:09:10.0813 0x0b10  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
20:09:10.0843 0x0b10  Wdf01000 - ok
20:09:10.0843 0x0b10  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
20:09:10.0873 0x0b10  WdiServiceHost - ok
20:09:10.0883 0x0b10  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
20:09:10.0893 0x0b10  WdiSystemHost - ok
20:09:10.0903 0x0b10  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
20:09:10.0923 0x0b10  WebClient - ok
20:09:10.0923 0x0b10  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
20:09:10.0963 0x0b10  Wecsvc - ok
20:09:10.0963 0x0b10  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
20:09:10.0993 0x0b10  wercplsupport - ok
20:09:11.0003 0x0b10  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
20:09:11.0033 0x0b10  WerSvc - ok
20:09:11.0033 0x0b10  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
20:09:11.0063 0x0b10  WfpLwf - ok
20:09:11.0063 0x0b10  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
20:09:11.0073 0x0b10  WIMMount - ok
20:09:11.0083 0x0b10  WinDefend - ok
20:09:11.0083 0x0b10  WinHttpAutoProxySvc - ok
20:09:11.0093 0x0b10  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
20:09:11.0133 0x0b10  Winmgmt - ok
20:09:11.0173 0x0b10  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
20:09:11.0253 0x0b10  WinRM - ok
20:09:11.0263 0x0b10  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
20:09:11.0273 0x0b10  WinUsb - ok
20:09:11.0303 0x0b10  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
20:09:11.0333 0x0b10  Wlansvc - ok
20:09:11.0333 0x0b10  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:09:11.0343 0x0b10  wlcrasvc - ok
20:09:11.0393 0x0b10  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:09:11.0443 0x0b10  wlidsvc - ok
20:09:11.0453 0x0b10  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
20:09:11.0463 0x0b10  WmiAcpi - ok
20:09:11.0473 0x0b10  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
20:09:11.0483 0x0b10  wmiApSrv - ok
20:09:11.0493 0x0b10  WMPNetworkSvc - ok
20:09:11.0493 0x0b10  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
20:09:11.0503 0x0b10  WPCSvc - ok
20:09:11.0513 0x0b10  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
20:09:11.0523 0x0b10  WPDBusEnum - ok
20:09:11.0523 0x0b10  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
20:09:11.0553 0x0b10  ws2ifsl - ok
20:09:11.0563 0x0b10  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
20:09:11.0583 0x0b10  wscsvc - ok
20:09:11.0583 0x0b10  WSearch - ok
20:09:11.0643 0x0b10  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
20:09:11.0693 0x0b10  wuauserv - ok
20:09:11.0703 0x0b10  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
20:09:11.0713 0x0b10  WudfPf - ok
20:09:11.0723 0x0b10  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
20:09:11.0733 0x0b10  WUDFRd - ok
20:09:11.0743 0x0b10  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
20:09:11.0753 0x0b10  wudfsvc - ok
20:09:11.0763 0x0b10  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
20:09:11.0773 0x0b10  WwanSvc - ok
20:09:11.0843 0x0b10  [ D2FE4103450E52CB248D842501F84B90, 0775E540B5ACEE6FA90FC7BE87F45EB005F6593CDA252D64EBC509A350DDA038 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
20:09:11.0893 0x0b10  ZeroConfigService - ok
20:09:11.0913 0x0b10  [ AF678D20874BD4573132253A17E61E8A, E19289C4D2430BB4644356AEE7A93A7ACC4E88E7CE91FF4A6CA018F78A003929 ] {ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64 C:\windows\system32\drivers\{ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64.sys
20:09:11.0923 0x0b10  {ecd9aca0-5b2e-4438-a6f3-ccc0a75afe0b}w64 - ok
20:09:11.0923 0x0b10  ================ Scan global ===============================
20:09:11.0923 0x0b10  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
20:09:11.0933 0x0b10  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
20:09:11.0943 0x0b10  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
20:09:11.0953 0x0b10  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
20:09:11.0963 0x0b10  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
20:09:11.0963 0x0b10  [ Global ] - ok
20:09:11.0963 0x0b10  ================ Scan MBR ==================================
20:09:11.0963 0x0b10  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
20:09:12.0073 0x0b10  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
20:09:12.0073 0x0b10  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:09:15.0004 0x0b10  ================ Scan VBR ==================================
20:09:15.0004 0x0b10  [ D537D46E2FDEA58BB3573626CE86C9D3 ] \Device\Harddisk0\DR0\Partition1
20:09:15.0014 0x0b10  \Device\Harddisk0\DR0\Partition1 - ok
20:09:15.0014 0x0b10  ================ Scan generic autorun ======================
20:09:15.0024 0x0b10  [ 4E3BC9A65C8F9075A33675E7A19A5CE9, B1412CC00A4CCE1A4C542BB95C6D6E143C1FCEBA71C5C5D217D04091CE8F5EEF ] C:\windows\system32\igfxtray.exe
20:09:15.0054 0x0b10  IgfxTray - ok
20:09:15.0084 0x0b10  [ 752E236B4EEDCAAF528662D6F263A7FD, 1A178F9E8AF38A8B2A2357CF43208161B0E06C7D3E85CA308DB6DE914DF4090D ] C:\windows\system32\hkcmd.exe
20:09:15.0134 0x0b10  HotKeysCmds - ok
20:09:15.0194 0x0b10  [ 5D9827D1A6DEC35EC9233A1360512EF4, 154A00CAB165BB29FA76C35F301979AB0FCAEFF3FB88EE50934E7F6AFF94F9C1 ] C:\windows\system32\igfxpers.exe
20:09:15.0224 0x0b10  Persistence - ok
20:09:15.0524 0x0b10  [ AB1B47B949264CF55C9B980FF2BE1F97, 142EBB797251D3CC8949C47A4D4B6F6D275C56FB8255A0BF617A02D3F893B771 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:09:15.0764 0x0b10  RtHDVCpl - ok
20:09:15.0824 0x0b10  [ B31453AE19EB461D99BA65BFAFC8D403, 3A2127B8EAAEADE1E1FAF49930B8B5362489083F2394C4987B6ECDA93091E266 ] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
20:09:15.0864 0x0b10  SRS Premium Sound 3D - ok
20:09:15.0874 0x0b10  SynTPEnh - ok
20:09:15.0874 0x0b10  TPwrMain - ok
20:09:15.0874 0x0b10  TCrdMain - ok
20:09:15.0874 0x0b10  BatteryManager - ok
20:09:15.0874 0x0b10  Teco - ok
20:09:15.0894 0x0b10  [ 97D0894AFD72494870A4943B2145E658, 0E1270DF78822FEFE3C0B86459F77D4BE0DE04B8B2174F43F83309AE27857AA9 ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
20:09:15.0914 0x0b10  TosSENotify - ok
20:09:15.0914 0x0b10  TosWaitSrv - ok
20:09:15.0924 0x0b10  [ F82483A80D49ACCA81193A294FB233CD, 7EEA9E7F62A92AD98569B1A4F4809D91D7ED671821A738EB75BC6E469DB44494 ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
20:09:15.0924 0x0b10  TosVolRegulator - ok
20:09:15.0924 0x0b10  TosNC - ok
20:09:15.0924 0x0b10  TosReelTimeMonitor - ok
20:09:15.0954 0x0b10  [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] c:\Program Files\Microsoft Security Client\msseces.exe
20:09:15.0994 0x0b10  MSC - ok
20:09:15.0994 0x0b10  [ C8AEBDDAAD605E68DBCCD41CD58FC841, 97243EB73BD358D23E74AEEA8998A45B2DF23637282E892D39FDA0EFCB2EFB69 ] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
20:09:16.0004 0x0b10  ITSecMng - ok
20:09:16.0014 0x0b10  [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
20:09:16.0024 0x0b10  USB3MON - ok
20:09:16.0034 0x0b10  [ CFFA0B185396455C7553DFCC01D267FE, 9FF5EF675997EB7694DFBA058DEBBCDF334034BF73995D0C264E9BC850887844 ] C:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe
20:09:16.0054 0x0b10  Intel AT Service signup - detected UnsignedFile.Multi.Generic ( 1 )
20:09:22.0494 0x0b10  Detect skipped due to KSN trusted
20:09:22.0494 0x0b10  Intel AT Service signup - ok
20:09:22.0594 0x0b10  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
20:09:22.0644 0x0b10  HP Officejet 6600 (NET) - ok
20:09:22.0654 0x0b10  [ 48A57A37F7852FA7DD70BA02D69CD09A, 588B006396F42107DEEE7A85D61DA786AE8BE181327C4896337A19849D7C7285 ] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
20:09:22.0674 0x0b10  Best Buy pc app - detected UnsignedFile.Multi.Generic ( 1 )
20:09:25.0515 0x0b10  Best Buy pc app ( UnsignedFile.Multi.Generic ) - warning
20:09:28.0565 0x0b10  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated )
20:09:28.0715 0x0b10  Win FW state via NFP2: enabled
20:09:31.0806 0x0b10  ============================================================
20:09:31.0806 0x0b10  Scan finished
20:09:31.0806 0x0b10  ============================================================
20:09:31.0816 0x06d0  Detected object count: 3
20:09:31.0816 0x06d0  Actual detected object count: 3
20:10:19.0642 0x06d0  iaStor ( ForgedFile.Multi.Generic ) - skipped by user
20:10:19.0642 0x06d0  iaStor ( ForgedFile.Multi.Generic ) - User select action: Skip
20:10:19.0652 0x06d0  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:10:19.0652 0x06d0  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:10:19.0652 0x06d0  Best Buy pc app ( UnsignedFile.Multi.Generic ) - skipped by user
20:10:19.0652 0x06d0  Best Buy pc app ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:55.0862 0x0ea4  Deinitialize success
 


  • 0

#35
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

TDSS Killer generated 2 logs, I am posting both of them


That is because you did not quite run the scan per my instructions as in you selected the option Loaded Modules, no harm done however and or a cause for concern.

Anyway lets proceed as follows shall we...

Custom ComboFix Script:
  • Please download the attached CFScript.txt(see belwo) to the desktop.
  • Ensure all security software is disabled again for the duration for the custom ComboFix script.
CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. >> ComboFix will now begin to process the custom script.
  • It will reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log into your next reply.
Re-scan with TDSSKiller:

Please re-run TDSSKiller as outlined prior and use the Delete option for this entry/line only if it appears:

\Device\Harddisk0\DR0 ( TDSS File System )

Reboot your machine if not prompted to do so and post the new log created in your next reply.

Submit a File for Analysis:

Please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: cut and paste in the below:-

http://www.geekstogo.com/forum/topic/339872-cant-run-mse/
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\windows\system32\DRIVERS\iaStor.sys

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.
  • 0

#36
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

Wellllllll

 

I had intended to perform each step in sequence and then post everything at the same time.  I ran combofix as instructed, and rebooted.

 

I ran TDSSKiller as instructed, and selected to delete the line, "\Device\Harddisk0\DR0 ( TDSS File System )".  After the window closed, I closed TDSSKiller and rebooted the machine.

 

Only problem is, the machine will not reboot.  It will not warm boot, it will not cold boot, and it will not boot into safe mode.  It gets stuck right at the beginning with the blinking cursor at the top left of the screen.  It will not access the hard drive.

 

I am stuck.


Edited by gomyr, 19 June 2014 - 05:41 AM.

  • 0

#37
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

Update:  I can access the BIOS, but that's it.  Nothing else will work.  I ordered the replacement OS on USB from Toshiba a few days ago, so I know I'll be able to reinstall factory OS and settings when that arrives.

 

I'm not really worried, but as a technical exercise I would like to see what you recommend to regain access to the computer without it.


  • 0

#38
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

I ran TDSSKiller as instructed, and selected to delete the line, "\Device\Harddisk0\DR0 ( TDSS File System )". After the window closed, I closed TDSSKiller and rebooted the machine.

Only problem is, the machine will not reboot. It will not warm boot, it will not cold boot, and it will not boot into safe mode. It gets stuck right at the beginning with the blinking cursor at the top left of the screen.


Hmmm most unfortunate and whilst not exactly a rare occurrence does happen now and again.
 

I ordered the replacement OS on USB from Toshiba a few days ago, so I know I'll be able to reinstall factory OS and settings when that arrives.


Good.
 

I'm not really worried, but as a technical exercise I would like to see what you recommend to regain access to the computer without it.


Aye we may be able to rectify this.

Next:

Reboot the machine into the Advanced Boot Options menu and try:-

Last Know Good Configuration (advanced)

A bit of a long shot but just may work. If not merely inform myself and check in the Advanced Boot Options if there is a option for:-

Repair Your Computer or not ? If so take no action and again merely inform myself.
  • 0

#39
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

Unless it's in the BIOS, I can't access the Advanced Boot Options Menu.  I have tried f8, esc, del, 0, and f2.  Only f2 works, getting into BIOS.


  • 0

#40
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

Unless it's in the BIOS, I can't access the Advanced Boot Options Menu. I have tried f8, esc, del, 0, and f2. Only f2 works, getting into BIOS.


Acknowledged, please bare with myself as I wish to confer/double check something with my colleagues.

Also can you recall when I asked you to re-scan with TDSSKiller did you just select what I advised for deletion or did you also include iaStor ? Please do not be alarmed as I merely trying to narrow down what exactly occurred so I am better able to resolve this current issue regardless you have ordered the reinstalltion media etc.
  • 0

Advertisements


#41
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

Nope, just \Device\Harddisk0\DR0 ( TDSS File System ).

 

I did not get to the part where I submit iastor for analysis, as I was going to do that after completing the TDSSKiller operation.

 

Also, I reread what you wrote about me checking the box for selecting the option Loaded Modules the first time I ran the scan (post#35).  I did not check this box, it was unchecked by default, and I did not check it either time.


Edited by gomyr, 20 June 2014 - 04:30 AM.

  • 0

#42
gomyr

gomyr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 240 posts

Hello, and thank you for all your help.  First, I have to apologize for my earlier post, I thought about it and I realized that I DID in fact check the Loaded Modules option the first time I ran the TDSS scan.  The USB factory reset media from Toshiba arrived today, and I was able to reset the computer to factory condition.  At this point, the computer is in perfect working order.  I have installed both MSE and MBAM, and also Team Viewer so that I can log into the computer and run MBAM manually from time to time.  I MBAM database was 183 days out of date.  Are MSE and MBAM (with the default Windows 7 firewall) still the G2G recommended combination of free security software for Windows 7?

 

Once again, I thank you for all your patience and hard work.


  • 0

#43
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

My sincere apologies for the delay re a response on my behalf as I have been addressing some personal issues. So my time online is limited for the present...
 

First, I have to apologize for my earlier post, I thought about it and I realized that I DID in fact check the Loaded Modules option the first time I ran the TDSS scan.


Not a problem.
 

The USB factory reset media from Toshiba arrived today, and I was able to reset the computer to factory condition.


Good.
 

Once again, I thank you for all your patience and hard work.


You're most welcome!
 

At this point, the computer is in perfect working order. I have installed both MSE and MBAM, and also Team Viewer so that I can log into the computer and run MBAM manually from time to time. I MBAM database was 183 days out of date. Are MSE and MBAM (with the default Windows 7 firewall) still the G2G recommended combination of free security software for


I will provide some further advice as follows...

Most new machines when shipped by the vendors tend to come with all kinds of dross pre-installed and if the recovery software invoked like you just did with the Toshiba, basically it is back as was when first booted up etc.

So this application here is worth both downloading and running.

--------------

Install all critical updates and relevant service packs via Windows Update. For Windows 7 the latest is SP1.

I would also ensure Internet Explorer is up-to date also. For Windows 7 based machines it is IE11. Reason being even if you opt not to use IE as your main browser having a out of date version installed can leave any one machine vulnerable to malware.

The aforementioned should be available via Windows Update, if not can be downloaded from here.

This web-page is worth bookmarking/reading for future reference:-

Securing Your Web Browser

Once the machine is updated and fully patched, I do advise visiting Windows Update periodically as Microsoft releases patches for Windows and other products regularly.

Plus check Automatic Updates is enabled.

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings & Securing Your Router

--------------

Tweaking.com - Registry Backup:

I advise you consider installing this, as a means to keep a complete backup of the registry and restore it when needed. Instructions can be read here.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

--------------

Consider the below extra/layered security for the machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to the computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

--------------

Finally ensure all third party software is upto date. As many such as Adobe and Java related applications for example if out of date can be exploited by malware.

So consider the download/install and use of FileHippo Update Checker...

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#44
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP