WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Mutiple computer issues [Solved]

Started by thesopranosaurus , Dec 20 2013 01:32 PM

This topic is locked

32 replies to this topic

#1 thesopranosaurus

New Member

Authentic Member
17 posts

Interests:video games, making video games, Guitar/singing, yummy food

Posted 20 December 2013 - 01:32 PM

Hello all,

I have recently begun the daunting task of trying to fix this laptop's issues. Here are all the issues that I know of currently (I don't know what exactly is causing all of them).

1. We use firefox as our primary browser. Every time a new page is loaded, we get internet explorer popups that are "seemingly" the same website, but I know are not. I'm not sure if my wife clicked on one by accident, but now they wont go away. Its very annoying and causes the browser to run very slowly, regardless of what pop-up blocking addon we have enabled.

2. Every time the computer starts up or comes out of sleep, the dialup runner tries to start multiple times (at least 6-9 times). Sometimes even when I shut it down manually through task manager it just opens itself again.

3. the list of startup programs is very high, but I'm not sure which ones I can safely remove. Currently at startup the computer runs at 60-70% CPU usage and sounds like a rocket going into orbit.

4. I downloaded the OTL as suggested on my desktop and attempted to run it as you showed. When it gets about 1/2 way through the scan, it just stops responding and I have to close it. Suggestions?

5. I just really want to clean this whole computer off so I can start working on my video game design projects, but its just running unnaturally slow and incorrectly. Any and all help with the above issues or any others you find would be much appreciated!!!

Advertisements

Register to Remove

#2 thesopranosaurus

New Member

Authentic Member
17 posts

Interests:video games, making video games, Guitar/singing, yummy food

Posted 20 December 2013 - 01:56 PM

I still cannot get OTL to run, however, Hijack this did finish. Here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:53:41 PM, on 12/20/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\GorillaPrice\GorillaPrice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ayla\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: BHO_PROJECT - {517E0D3E-17A4-4592-926E-A082DB43B7D3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [GorillaPrice] "C:\Program Files\GorillaPrice\GorillaPrice.exe"
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ayla\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Ayla\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=8f8c48706eef47d0983ed157754e1082-45c385af3f98b467775595ec90a22f71b666ebc2 /CMPID=1113a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WatGorp - Unknown owner - C:\ProgramData\GorillaPrice\WatGorp.exe

--
End of file - 9342 bytes

#3 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 22 December 2013 - 01:58 PM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Please download TDSSKiller

Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
Attach the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------

#4 thesopranosaurus

New Member

Authentic Member
17 posts

Interests:video games, making video games, Guitar/singing, yummy food

Posted 23 December 2013 - 06:34 PM

Hi, Jeff! :adios: Sorry about the delay in response. It was my birthday yesterday

Here are the the following logs you requested in order below (RPG Maker, Unity, Project 64 are programs that should be there. there are also some old DOS Roms saved somewhere, otherwise I have no idea how to read any of this scripting lol):

DDS -- DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by Ayla at 18:20:24 on 2013-12-23
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1915.733 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\ProgramData\GorillaPrice\WatGorp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\GorillaPrice\GorillaPrice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {517E0D3E-17A4-4592-926E-A082DB43B7D3} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Akamai NetSession Interface] "c:\users\ayla\appdata\local\akamai\netsession_win.exe"
uRun: [AVG-Secure-Search-Update_1113a] c:\users\ayla\appdata\roaming\avg 1113a campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=8f8c48706eef47d0983ed157754e1082-45c385af3f98b467775595ec90a22f71b666ebc2 /CMPID=1113a
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Skytel] Skytel.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [GorillaPrice] "c:\program files\gorillaprice\GorillaPrice.exe"
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{84F14505-E4E2-4DA4-897C-D90A70F99D04} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ayla\appdata\roaming\mozilla\firefox\profiles\bcq7neg4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-adknowledgeaol-chromesbox-en-us&tb_uuid=20121029222916671&tb_oid=29-10-2012&tb_mrud=29-10-2012
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\ayla\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-11 11:33; adblockpopups@jessehakanen.net; c:\users\ayla\appdata\roaming\mozilla\firefox\profiles\bcq7neg4.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: !HIDDEN! 2013-05-18 14:48; {a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}; c:\users\ayla\appdata\roaming\mozilla\firefox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 367a9d480000000000000024d23508f7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15855
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:48:55
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119842&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-3-19 20384]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2012-12-3 1270744]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 WatGorp;WatGorp;c:\programdata\gorillaprice\watgorp.exe -service --> c:\programdata\gorillaprice\WatGorp.exe -service [?]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2012-3-19 954368]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-2-6 181784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2013-12-24 00:17:03   --------   d-----w-   c:\program files\iPod
2013-12-24 00:16:56   --------   d-----w-   c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-24 00:16:56   --------   d-----w-   c:\program files\iTunes
2013-12-24 00:11:16   --------   d-----w-   c:\program files\Bonjour
2013-12-22 19:41:00   --------   d-----w-   c:\program files\common files\Enterbrain
2013-12-22 19:39:16   --------   d-----w-   c:\programdata\Logs
2013-12-22 19:35:49   --------   d-----w-   c:\program files\Enterbrain
2013-12-21 22:16:08   62576   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{3ba285f6-12eb-46cb-af77-1df8caa4f9ca}\offreg.dll
2013-12-21 00:33:43   --------   d-----w-   c:\users\ayla\appdata\local\Unity
2013-12-21 00:25:15   --------   d-----w-   c:\program files\Unity
2013-12-20 18:52:12   7760024   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{3ba285f6-12eb-46cb-af77-1df8caa4f9ca}\mpengine.dll
2013-12-12 23:25:27   --------   d-----w-   c:\windows\Migration
2013-12-11 12:49:50   --------   d-----w-   C:\854fdb00f5f5b5de281f17f64cb3
2013-12-11 01:52:07   632656   ----a-w-   c:\windows\system32\msvcr80.dll
2013-12-11 01:52:07   554832   ----a-w-   c:\windows\system32\msvcp80.dll
2013-12-11 01:52:07   479232   ----a-w-   c:\windows\system32\msvcm80.dll
2013-12-11 01:49:33   2050560   ----a-w-   c:\windows\system32\win32k.sys
2013-12-11 01:49:32   335360   ----a-w-   c:\windows\system32\SysFxUI.dll
2013-12-11 01:49:32   167936   ----a-w-   c:\windows\system32\drivers\portcls.sys
2013-12-11 01:49:31   130048   ----a-w-   c:\windows\system32\drivers\drmk.sys
2013-12-11 01:49:28   36864   ----a-w-   c:\windows\system32\wshcon.dll
2013-12-11 01:49:28   172032   ----a-w-   c:\windows\system32\scrrun.dll
2013-12-11 01:49:28   155648   ----a-w-   c:\windows\system32\wscript.exe
2013-12-11 01:49:28   135168   ----a-w-   c:\windows\system32\cscript.exe
2013-12-11 01:49:28   131072   ----a-w-   c:\windows\system32\wshom.ocx
2013-12-11 01:49:25   158208   ----a-w-   c:\windows\system32\imagehlp.dll
2013-12-11 01:34:46   9293192   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-12-20 18:29:16   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-12-20 18:29:15   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-26 18:25:54   230048   ------w-   c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50   1806848   ----a-w-   c:\windows\system32\jscript9.dll
2013-11-14 22:42:41   1129472   ----a-w-   c:\windows\system32\wininet.dll
2013-11-14 22:42:32   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16   420864   ----a-w-   c:\windows\system32\vbscript.dll
2013-11-14 22:35:52   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2013-11-06 03:50:48   120600   ----a-w-   c:\windows\system32\drivers\avgdiskx.sys
2013-11-05 03:57:30   209176   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-01 05:00:28   176952   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2013-11-01 04:30:08   222520   ----a-w-   c:\windows\system32\drivers\avglogx.sys
2013-10-30 02:13:01   1304064   ----a-w-   c:\windows\system32\WMALFXGFXDSP.dll
2013-10-25 04:28:32   147768   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
2013-10-11 02:08:02   444928   ----a-w-   c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57   596480   ----a-w-   c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45:50   297984   ----a-w-   c:\windows\system32\gdi32.dll
2013-10-03 12:45:45   993792   ----a-w-   c:\windows\system32\crypt32.dll
.
============= FINISH: 18:21:05.66 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 3/19/2012 11:12:09 PM
System Uptime: 12/23/2013 4:36:12 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 158.122 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP439: 12/12/2013 4:39:37 PM - Removed Apple Mobile Device Support
RP440: 12/12/2013 4:50:40 PM - Removed Google Earth.
RP441: 12/12/2013 5:00:15 PM - Removed Microsoft Office Suite Activation Assistant.
RP442: 12/12/2013 5:01:32 PM - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
RP443: 12/12/2013 5:23:25 PM - Windows Update
RP444: 12/19/2013 5:24:04 PM - Scheduled Checkpoint
RP445: 12/20/2013 12:51:29 PM - Windows Update
RP446: 12/21/2013 7:08:39 PM - Scheduled Checkpoint
RP447: 12/22/2013 2:10:29 PM - Scheduled Checkpoint
RP448: 12/23/2013 6:09:48 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP449: 12/23/2013 6:10:28 PM - Device Driver Package Install: Apple Network adapters
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AVG 2014
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG2100 series MP Drivers
Canon MG2100 series On-screen Manual
Canon MG2100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco NAC Agent
Cisco PEAP Module
D-Fend Reloaded 1.3.3 (deinstall)
DVD MovieFactory for TOSHIBA
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 6
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2000 Premium
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Project64 1.6
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RPG Maker VX Ace
RPG MAKER VX Ace RTP
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Windows Media Encoder (KB2447961)
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Unity
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual Studio 2012 x86 Redistributables
Windows Media Encoder 9 Series
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
12/22/2013 1:25:07 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Ayla\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
12/22/2013 1:24:00 PM, Error: EventLog [6008] - The previous system shutdown at 1:21:43 PM on 12/22/2013 was unexpected.
12/20/2013 12:27:37 PM, Error: EventLog [6008] - The previous system shutdown at 1:24:30 AM on 12/20/2013 was unexpected.
.
==== End Of File ===========================

AdwCleaner

# AdwCleaner v3.016 - Report created 23/12/2013 at 18:24:45
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Ayla - AYLA-PC
# Running from : C:\Users\Ayla\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Ayla\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Ayla\AppData\Roaming\Mozilla\Firefox\Profiles\bcq7neg4.default\searchplugins\avg-secure-search.xml
File Found : C:\Users\Ayla\AppData\Roaming\Mozilla\Firefox\Profiles\bcq7neg4.default\searchplugins\conduit-search.xml
File Found : C:\Users\Ayla\AppData\Roaming\Mozilla\Firefox\Profiles\bcq7neg4.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Ayla\AppData\Roaming\Mozilla\Firefox\Profiles\bcq7neg4.default\searchplugins\web-search.xml
File Found : C:\Users\Ayla\AppData\Roaming\Mozilla\Firefox\Profiles\bcq7neg4.default\user.js
Folder Found : C:\Users\Ayla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmiggnfmiifpmfdbnddleidkohbgloap
Folder Found : C:\Users\Ayla\AppData\Roaming\Mozilla\Firefox\Profiles\bcq7neg4.default\Extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}
Folder Found C:\Program Files\wxDownload
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\wxDownload
Folder Found C:\Users\Ayla\AppData\LocalLow\Delta

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\580d988bd68e849
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fmiggnfmiifpmfdbnddleidkohbgloap
Key Found : HKLM\Software\InstalledThirdPartyPrograms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Tarma Installer
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Ayla\AppData\Roaming\Mozilla\Firefox\Profiles\bcq7neg4.default\prefs.js ]

Line Found : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-adknowledgeaol-chromesbox-en-us&tb_uuid=20121029222916671&tb_oid=29-10-2012&tb_mr[...]
Line Found : user_pref("browser.search.order.1", "Delta Search");
Line Found : user_pref("extensions.50b7c59d2deb4.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
Line Found : user_pref("extensions.booly.shopping_supporteddoms", "amazon.co.uk,amazon.com,ebay.co.uk,ebay.com,groupon.co.uk,groupon.com,blackfriday,cybermonday,08direct.co.uk,1-acp.com,1000bulbs.com,101inks.com,1[...]
Line Found : user_pref("extensions.crossrider.bic", "142df59b7a039d4757a87ec8c509ab2b");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.bbDpng", "30");
Line Found : user_pref("extensions.delta.cntry", "US");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.hdrMd5", "E5C029422EAB1A36E66F55B34D6B34B4");
Line Found : user_pref("extensions.delta.id", "367a9d480000000000000024d23508f7");
Line Found : user_pref("extensions.delta.instlDay", "15855");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.lastVrsnTs", "1.8.21.514:48:55");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.sg", "tzb");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.514:48:55");
Line Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119842&tt=gc_");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extensions.sahtb.searchEngineNameCurrent", "Web Search");
Line Found : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
Line Found : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]
Line Found : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\[...]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Ayla\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8248 octets] - [23/12/2013 18:24:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8308 octets] ##########

TDSSKiller

18:29:15.0684 0x140c TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
18:29:23.0183 0x140c ============================================================
18:29:23.0183 0x140c Current date / time: 2013/12/23 18:29:23.0183
18:29:23.0183 0x140c SystemInfo:
18:29:23.0183 0x140c
18:29:23.0183 0x140c OS Version: 6.0.6002 ServicePack: 2.0
18:29:23.0183 0x140c Product type: Workstation
18:29:23.0183 0x140c ComputerName: AYLA-PC
18:29:23.0184 0x140c UserName: Ayla
18:29:23.0184 0x140c Windows directory: C:\Windows
18:29:23.0184 0x140c System windows directory: C:\Windows
18:29:23.0184 0x140c Processor architecture: Intel x86
18:29:23.0184 0x140c Number of processors: 2
18:29:23.0184 0x140c Page size: 0x1000
18:29:23.0184 0x140c Boot type: Normal boot
18:29:23.0184 0x140c ============================================================
18:29:23.0398 0x140c KLMD registered as C:\Windows\system32\drivers\41781130.sys
18:29:23.0592 0x140c System UUID: {D7F1AB6F-7945-C688-A4EB-8D81C11F26B5}
18:29:24.0222 0x140c Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:29:24.0224 0x140c ============================================================
18:29:24.0224 0x140c \Device\Harddisk0\DR0:
18:29:24.0224 0x140c MBR partitions:
18:29:24.0224 0x140c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C068800
18:29:24.0224 0x140c ============================================================
18:29:24.0265 0x140c C: <-> \Device\Harddisk0\DR0\Partition1
18:29:24.0265 0x140c ============================================================
18:29:24.0265 0x140c Initialize success
18:29:24.0265 0x140c ============================================================
18:29:29.0963 0x0c2c ============================================================
18:29:29.0963 0x0c2c Scan started
18:29:29.0963 0x0c2c Mode: Manual;
18:29:29.0963 0x0c2c ============================================================
18:29:29.0963 0x0c2c KSN ping started
18:29:43.0376 0x0c2c KSN ping finished: true
18:29:43.0659 0x0c2c ================ Scan system memory ========================
18:29:43.0659 0x0c2c System memory - ok
18:29:43.0659 0x0c2c ================ Scan services =============================
18:29:43.0852 0x0c2c [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:29:43.0876 0x0c2c ACPI - ok
18:29:44.0000 0x0c2c [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:29:44.0012 0x0c2c AdobeFlashPlayerUpdateSvc - ok
18:29:44.0109 0x0c2c [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:29:44.0143 0x0c2c adp94xx - ok
18:29:44.0184 0x0c2c [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:29:44.0207 0x0c2c adpahci - ok
18:29:44.0247 0x0c2c [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:29:44.0254 0x0c2c adpu160m - ok
18:29:44.0298 0x0c2c [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:29:44.0308 0x0c2c adpu320 - ok
18:29:44.0357 0x0c2c [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:29:44.0360 0x0c2c AeLookupSvc - ok
18:29:44.0416 0x0c2c [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
18:29:44.0439 0x0c2c AFD - ok
18:29:44.0473 0x0c2c [ 39E435C90C9C4F780FA0ED05CA3C3A1B, 0006CC8CBFB775CA9C4121B4DDC80560DE35CCBB276DEE7A9F5148743529758A ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
18:29:44.0475 0x0c2c AgereModemAudio - ok
18:29:44.0568 0x0c2c [ CE91B158FA490CF4C4D487A4130F4660, C343AEB125B15E6FC8428499E1C48390EF5073FACB0DC9BAB9040EFB170D04A5 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:29:44.0647 0x0c2c AgereSoftModem - ok
18:29:44.0684 0x0c2c [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:29:44.0688 0x0c2c agp440 - ok
18:29:44.0713 0x0c2c [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:29:44.0719 0x0c2c aic78xx - ok
18:29:44.0751 0x0c2c [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
18:29:44.0756 0x0c2c ALG - ok
18:29:44.0780 0x0c2c [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
18:29:44.0783 0x0c2c aliide - ok
18:29:44.0801 0x0c2c [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:29:44.0806 0x0c2c amdagp - ok
18:29:44.0829 0x0c2c [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
18:29:44.0832 0x0c2c amdide - ok
18:29:44.0848 0x0c2c [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:29:44.0851 0x0c2c AmdK7 - ok
18:29:44.0869 0x0c2c [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:29:44.0873 0x0c2c AmdK8 - ok
18:29:44.0916 0x0c2c [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
18:29:44.0920 0x0c2c androidusb - ok
18:29:44.0974 0x0c2c [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
18:29:44.0977 0x0c2c Appinfo - ok
18:29:45.0160 0x0c2c [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:29:45.0165 0x0c2c Apple Mobile Device - ok
18:29:45.0191 0x0c2c [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
18:29:45.0197 0x0c2c arc - ok
18:29:45.0229 0x0c2c [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:29:45.0235 0x0c2c arcsas - ok
18:29:45.0349 0x0c2c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:29:45.0353 0x0c2c aspnet_state - ok
18:29:45.0371 0x0c2c [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:45.0374 0x0c2c AsyncMac - ok
18:29:45.0405 0x0c2c [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
18:29:45.0408 0x0c2c atapi - ok
18:29:45.0504 0x0c2c [ 8BE56F8300E1C37B578DA23C71816B7A, C214C8B070E60ED2C8144D875969DAB3B3999532AE0B7E8732813DCC0408826F ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:29:45.0582 0x0c2c athr - ok
18:29:45.0669 0x0c2c [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:29:45.0692 0x0c2c AudioEndpointBuilder - ok
18:29:45.0713 0x0c2c [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:29:45.0728 0x0c2c Audiosrv - ok
18:29:45.0789 0x0c2c [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
18:29:45.0797 0x0c2c Avgdiskx - ok
18:29:46.0121 0x0c2c [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
18:29:46.0318 0x0c2c AVGIDSAgent - ok
18:29:46.0362 0x0c2c [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
18:29:46.0369 0x0c2c AVGIDSDriver - ok
18:29:46.0401 0x0c2c [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
18:29:46.0407 0x0c2c AVGIDSHX - ok
18:29:46.0415 0x0c2c [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
18:29:46.0417 0x0c2c AVGIDSShim - ok
18:29:46.0438 0x0c2c [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
18:29:46.0446 0x0c2c Avgldx86 - ok
18:29:46.0467 0x0c2c [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
18:29:46.0477 0x0c2c Avglogx - ok
18:29:46.0513 0x0c2c [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
18:29:46.0534 0x0c2c Avgmfx86 - ok
18:29:46.0565 0x0c2c [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
18:29:46.0567 0x0c2c Avgrkx86 - ok
18:29:46.0609 0x0c2c [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
18:29:46.0618 0x0c2c Avgtdix - ok
18:29:46.0659 0x0c2c [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
18:29:46.0682 0x0c2c avgwd - ok
18:29:46.0727 0x0c2c [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:29:46.0728 0x0c2c Beep - ok
18:29:46.0776 0x0c2c [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
18:29:46.0799 0x0c2c BFE - ok
18:29:46.0868 0x0c2c [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
18:29:46.0914 0x0c2c BITS - ok
18:29:46.0927 0x0c2c [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:29:46.0930 0x0c2c blbdrive - ok
18:29:47.0042 0x0c2c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:29:47.0076 0x0c2c Bonjour Service - ok
18:29:47.0124 0x0c2c [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:29:47.0130 0x0c2c bowser - ok
18:29:47.0165 0x0c2c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:29:47.0168 0x0c2c BrFiltLo - ok
18:29:47.0179 0x0c2c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:29:47.0181 0x0c2c BrFiltUp - ok
18:29:47.0210 0x0c2c [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
18:29:47.0216 0x0c2c Browser - ok
18:29:47.0230 0x0c2c [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:29:47.0235 0x0c2c Brserid - ok
18:29:47.0263 0x0c2c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:29:47.0268 0x0c2c BrSerWdm - ok
18:29:47.0297 0x0c2c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:29:47.0300 0x0c2c BrUsbMdm - ok
18:29:47.0317 0x0c2c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:29:47.0320 0x0c2c BrUsbSer - ok
18:29:47.0340 0x0c2c [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:29:47.0344 0x0c2c BTHMODEM - ok
18:29:47.0392 0x0c2c [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:29:47.0398 0x0c2c cdfs - ok
18:29:47.0434 0x0c2c [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:29:47.0439 0x0c2c cdrom - ok
18:29:47.0483 0x0c2c [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
18:29:47.0487 0x0c2c CertPropSvc - ok
18:29:47.0503 0x0c2c [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:29:47.0506 0x0c2c circlass - ok
18:29:47.0547 0x0c2c [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
18:29:47.0563 0x0c2c CLFS - ok
18:29:47.0614 0x0c2c [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:47.0620 0x0c2c clr_optimization_v2.0.50727_32 - ok
18:29:47.0657 0x0c2c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:47.0664 0x0c2c clr_optimization_v4.0.30319_32 - ok
18:29:47.0718 0x0c2c [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:29:47.0721 0x0c2c CmBatt - ok
18:29:47.0734 0x0c2c [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:29:47.0737 0x0c2c cmdide - ok
18:29:47.0744 0x0c2c [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:29:47.0747 0x0c2c Compbatt - ok
18:29:47.0752 0x0c2c COMSysApp - ok
18:29:47.0841 0x0c2c [ D10D01B2DFCD8D2F32A32ED29E8DA1C2, D5F89AFF51D690494A70F0E17CB5609DB81F7C9BACD2952D411C7959E90BEEE3 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:29:47.0844 0x0c2c ConfigFree Service - ok
18:29:47.0851 0x0c2c [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:29:47.0855 0x0c2c crcdisk - ok
18:29:47.0884 0x0c2c [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:29:47.0887 0x0c2c Crusoe - ok
18:29:47.0937 0x0c2c [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:29:47.0947 0x0c2c CryptSvc - ok
18:29:48.0016 0x0c2c [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:29:48.0062 0x0c2c DcomLaunch - ok
18:29:48.0085 0x0c2c [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:29:48.0090 0x0c2c DfsC - ok
18:29:48.0233 0x0c2c [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
18:29:48.0356 0x0c2c DFSR - ok
18:29:48.0400 0x0c2c [ 649705E3DAE598BC0F957BACBF9A2BD5, DC3FF2D703AA8AF5CCDF996E2130E71AD0666C5C7E8AD8C41775820A8FAD9413 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:29:48.0407 0x0c2c dg_ssudbus - ok
18:29:48.0465 0x0c2c [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:29:48.0488 0x0c2c Dhcp - ok
18:29:48.0544 0x0c2c [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
18:29:48.0548 0x0c2c disk - ok
18:29:48.0586 0x0c2c [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:29:48.0593 0x0c2c Dnscache - ok
18:29:48.0629 0x0c2c [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
18:29:48.0652 0x0c2c dot3svc - ok
18:29:48.0698 0x0c2c [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
18:29:48.0708 0x0c2c DPS - ok
18:29:48.0748 0x0c2c [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:29:48.0750 0x0c2c drmkaud - ok
18:29:48.0819 0x0c2c [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:29:48.0864 0x0c2c DXGKrnl - ok
18:29:48.0893 0x0c2c [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:29:48.0901 0x0c2c E1G60 - ok
18:29:48.0932 0x0c2c [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
18:29:48.0938 0x0c2c EapHost - ok
18:29:48.0979 0x0c2c [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:29:48.0989 0x0c2c Ecache - ok
18:29:49.0030 0x0c2c [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:29:49.0053 0x0c2c elxstor - ok
18:29:49.0108 0x0c2c [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:29:49.0153 0x0c2c EMDMgmt - ok
18:29:49.0172 0x0c2c [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:29:49.0174 0x0c2c ErrDev - ok
18:29:49.0217 0x0c2c [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
18:29:49.0239 0x0c2c EventSystem - ok
18:29:49.0268 0x0c2c [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:29:49.0277 0x0c2c exfat - ok
18:29:49.0334 0x0c2c [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:29:49.0343 0x0c2c fastfat - ok
18:29:49.0362 0x0c2c [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:29:49.0365 0x0c2c fdc - ok
18:29:49.0402 0x0c2c [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
18:29:49.0406 0x0c2c fdPHost - ok
18:29:49.0424 0x0c2c [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:29:49.0428 0x0c2c FDResPub - ok
18:29:49.0440 0x0c2c [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:29:49.0445 0x0c2c FileInfo - ok
18:29:49.0481 0x0c2c [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:29:49.0484 0x0c2c Filetrace - ok
18:29:49.0492 0x0c2c [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:49.0495 0x0c2c flpydisk - ok
18:29:49.0533 0x0c2c [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:29:49.0555 0x0c2c FltMgr - ok
18:29:49.0640 0x0c2c [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
18:29:49.0696 0x0c2c FontCache - ok
18:29:49.0765 0x0c2c [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:49.0767 0x0c2c FontCache3.0.0.0 - ok
18:29:49.0782 0x0c2c [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:29:49.0784 0x0c2c Fs_Rec - ok
18:29:49.0817 0x0c2c [ CBC22823628544735625B280665E434E, 6B5A3FE469CACE241F3332E6E6B3D0ACB3C2EB3DF0297C744F5A155992F0B411 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
18:29:49.0818 0x0c2c FwLnk - ok
18:29:49.0838 0x0c2c [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:29:49.0841 0x0c2c gagp30kx - ok
18:29:49.0888 0x0c2c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:29:49.0890 0x0c2c GEARAspiWDM - ok
18:29:49.0926 0x0c2c [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
18:29:49.0949 0x0c2c gpsvc - ok
18:29:50.0014 0x0c2c [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:29:50.0019 0x0c2c gupdate - ok
18:29:50.0036 0x0c2c [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:29:50.0040 0x0c2c gupdatem - ok
18:29:50.0082 0x0c2c [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:29:50.0091 0x0c2c HdAudAddService - ok
18:29:50.0137 0x0c2c [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:50.0171 0x0c2c HDAudBus - ok
18:29:50.0183 0x0c2c [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:29:50.0185 0x0c2c HidBth - ok
18:29:50.0200 0x0c2c [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:29:50.0202 0x0c2c HidIr - ok
18:29:50.0225 0x0c2c [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
18:29:50.0227 0x0c2c hidserv - ok
18:29:50.0243 0x0c2c [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:29:50.0245 0x0c2c HidUsb - ok
18:29:50.0273 0x0c2c [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:29:50.0277 0x0c2c hkmsvc - ok
18:29:50.0296 0x0c2c [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:29:50.0299 0x0c2c HpCISSs - ok
18:29:50.0341 0x0c2c [ 0EEECA26C8D4BDE2A4664DB058A81937, 6F88567A116B1420BE1C9C8888F34D05F51378092C805EF4E489635CF92D416B ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:29:50.0364 0x0c2c HTTP - ok
18:29:50.0379 0x0c2c [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:29:50.0381 0x0c2c i2omp - ok
18:29:50.0422 0x0c2c [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:29:50.0426 0x0c2c i8042prt - ok
18:29:50.0489 0x0c2c [ CB686F44BF955EA02520710A56874FA4, D898E897171B07136FCB94726AB16738C923A170B166EB5D758E404C8A6EFD0F ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:29:50.0513 0x0c2c IAANTMON - ok
18:29:50.0582 0x0c2c [ DB0CC620B27A928D968C1A1E9CD9CB87, 62F2FAF027C217A3A035759AF47D848AEFFA7A94C54B4C424B67459D464B8AA8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:29:50.0593 0x0c2c iaStor - ok
18:29:50.0616 0x0c2c [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:29:50.0639 0x0c2c iaStorV - ok
18:29:50.0706 0x0c2c [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:29:50.0712 0x0c2c IDriverT - ok
18:29:50.0812 0x0c2c [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:50.0868 0x0c2c idsvc - ok
18:29:51.0043 0x0c2c [ 6FB1858D1F0923D122B0331865695041, 6DB129A3A7800CA64415B23C4E96453D89E4B06A6C3D51EBF6B6E13DCB64DDC5 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:29:51.0190 0x0c2c igfx - ok
18:29:51.0240 0x0c2c [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:29:51.0243 0x0c2c iirsp - ok
18:29:51.0321 0x0c2c [ CE1EE31FFF730CA975A5535D8A71AF61, A1808EB92EC2444F9309C93F5724A7A374F4B983862829BF9B076C8D3B2427DE ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
18:29:51.0326 0x0c2c IJPLMSVC - ok
18:29:51.0375 0x0c2c [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:29:51.0398 0x0c2c IKEEXT - ok
18:29:51.0497 0x0c2c [ B9CBD3DEA7CA02868621173BF7A2AF9F, FC3A84A8D3878B14F3070299B8B878C71A66CE400507FBA3FCF23FC732DFB90D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:29:51.0643 0x0c2c IntcAzAudAddService - ok
18:29:51.0902 0x0c2c [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
18:29:51.0905 0x0c2c intelide - ok
18:29:51.0955 0x0c2c [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:29:51.0958 0x0c2c intelppm - ok
18:29:52.0089 0x0c2c [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:29:52.0093 0x0c2c IPBusEnum - ok
18:29:52.0165 0x0c2c [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:52.0197 0x0c2c IpFilterDriver - ok
18:29:52.0240 0x0c2c [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:29:52.0253 0x0c2c iphlpsvc - ok
18:29:52.0259 0x0c2c IpInIp - ok
18:29:52.0331 0x0c2c [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:29:52.0334 0x0c2c IPMIDRV - ok
18:29:52.0391 0x0c2c [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:29:52.0395 0x0c2c IPNAT - ok
18:29:52.0680 0x0c2c [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:29:52.0693 0x0c2c iPod Service - ok
18:29:52.0741 0x0c2c [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:29:52.0980 0x0c2c IRENUM - ok
18:29:53.0033 0x0c2c [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:29:53.0178 0x0c2c isapnp - ok
18:29:53.0217 0x0c2c [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:29:53.0331 0x0c2c iScsiPrt - ok
18:29:53.0384 0x0c2c [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:29:53.0446 0x0c2c iteatapi - ok
18:29:53.0466 0x0c2c [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:29:53.0556 0x0c2c iteraid - ok
18:29:53.0666 0x0c2c [ 957135960E7533EA5C7EA0BFB34F8EFD, 036B11D7639C49F02A6C15022BC9629BAE023B7FE1F86451F12B0D5C92D5B57E ] jswpsapi        C:\Program Files\Jumpstart\jswpsapi.exe
18:29:54.0049 0x0c2c jswpsapi - ok
18:29:54.0097 0x0c2c [ 11AD410F41AF42BA12E63187E3EC141A, 67B2FE9C39E391DF058C3642FB7412EFA9507602BE1805F16A72E28C4C88E9C2 ] jswpslwf        C:\Windows\system32\DRIVERS\jswpslwf.sys
18:29:54.0137 0x0c2c jswpslwf - ok
18:29:54.0163 0x0c2c [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:54.0261 0x0c2c kbdclass - ok
18:29:54.0292 0x0c2c [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:54.0352 0x0c2c kbdhid - ok
18:29:54.0384 0x0c2c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
18:29:54.0571 0x0c2c KeyIso - ok
18:29:54.0634 0x0c2c [ E8CA038F51F7761BD6E3A3B0B8014263, CC168838CB56776DC728869278A9F3CCEC215D5AFBE9ACD32D09D0971501EAAF ] KR10I           C:\Windows\system32\drivers\kr10i.sys
18:29:54.0727 0x0c2c KR10I - ok
18:29:54.0776 0x0c2c [ 6A4ADB9186DD0E114E623DAF57E42B31, AECE2412890B1716F5E22ECC62EC09AF4DDD66A642D7B7DC892730D472B7FEAF ] KR10N           C:\Windows\system32\drivers\kr10n.sys
18:29:54.0859 0x0c2c KR10N - ok
18:29:54.0919 0x0c2c [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:29:55.0097 0x0c2c KSecDD - ok
18:29:55.0154 0x0c2c [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:29:55.0458 0x0c2c KtmRm - ok
18:29:55.0494 0x0c2c [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:29:55.0507 0x0c2c LanmanServer - ok
18:29:55.0573 0x0c2c [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:29:55.0596 0x0c2c LanmanWorkstation - ok
18:29:55.0656 0x0c2c [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:29:55.0664 0x0c2c lltdio - ok
18:29:55.0733 0x0c2c [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:29:55.0818 0x0c2c lltdsvc - ok
18:29:55.0840 0x0c2c [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:29:55.0845 0x0c2c lmhosts - ok
18:29:55.0881 0x0c2c [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:29:55.0992 0x0c2c LSI_FC - ok
18:29:56.0015 0x0c2c [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:29:56.0126 0x0c2c LSI_SAS - ok
18:29:56.0160 0x0c2c [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:29:56.0172 0x0c2c LSI_SCSI - ok
18:29:56.0202 0x0c2c [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:29:56.0211 0x0c2c luafv - ok
18:29:56.0251 0x0c2c [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
18:29:56.0307 0x0c2c megasas - ok
18:29:56.0380 0x0c2c [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
18:29:56.0517 0x0c2c MegaSR - ok
18:29:56.0556 0x0c2c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
18:29:56.0562 0x0c2c MMCSS - ok
18:29:56.0575 0x0c2c [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
18:29:56.0628 0x0c2c Modem - ok
18:29:56.0665 0x0c2c [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:29:56.0716 0x0c2c monitor - ok
18:29:56.0732 0x0c2c [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:29:56.0799 0x0c2c mouclass - ok
18:29:56.0824 0x0c2c [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:29:56.0870 0x0c2c mouhid - ok
18:29:56.0901 0x0c2c [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:29:56.0906 0x0c2c MountMgr - ok
18:29:56.0962 0x0c2c [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:29:57.0147 0x0c2c MozillaMaintenance - ok
18:29:57.0196 0x0c2c [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:29:57.0255 0x0c2c mpio - ok
18:29:57.0280 0x0c2c [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:29:57.0285 0x0c2c mpsdrv - ok
18:29:57.0341 0x0c2c [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:29:57.0452 0x0c2c MpsSvc - ok
18:29:57.0504 0x0c2c [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:29:57.0567 0x0c2c Mraid35x - ok
18:29:57.0645 0x0c2c [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:29:57.0821 0x0c2c MRxDAV - ok
18:29:57.0864 0x0c2c [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:57.0925 0x0c2c mrxsmb - ok
18:29:57.0965 0x0c2c [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:58.0054 0x0c2c mrxsmb10 - ok
18:29:58.0084 0x0c2c [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:58.0163 0x0c2c mrxsmb20 - ok
18:29:58.0198 0x0c2c [ F70590424EEFBF5C27A40C67AFDB8383, 1F2AC1DA12F7E6F09D8F6622EF1366ABD4B86EBE51DD1915E803D56A568A3412 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:29:58.0300 0x0c2c msahci - ok
18:29:58.0343 0x0c2c [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:29:58.0410 0x0c2c msdsm - ok
18:29:58.0442 0x0c2c [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
18:29:58.0538 0x0c2c MSDTC - ok
18:29:58.0572 0x0c2c [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:29:58.0610 0x0c2c Msfs - ok
18:29:58.0652 0x0c2c [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:29:58.0657 0x0c2c msisadrv - ok
18:29:58.0700 0x0c2c [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:29:58.0751 0x0c2c MSiSCSI - ok
18:29:58.0760 0x0c2c msiserver - ok
18:29:58.0786 0x0c2c [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:29:58.0872 0x0c2c MSKSSRV - ok
18:29:58.0904 0x0c2c [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:58.0937 0x0c2c MSPCLOCK - ok
18:29:58.0961 0x0c2c [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:29:58.0982 0x0c2c MSPQM - ok
18:29:59.0027 0x0c2c [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:29:59.0118 0x0c2c MsRPC - ok
18:29:59.0157 0x0c2c [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:59.0220 0x0c2c mssmbios - ok
18:29:59.0270 0x0c2c [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:29:59.0340 0x0c2c MSTEE - ok
18:29:59.0387 0x0c2c [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:29:59.0474 0x0c2c Mup - ok
18:29:59.0628 0x0c2c [ AB452EB22B48D618AED418E330B5C2A9, 3947C1B4FABF50D98C0214CBEDCA2A3392848028EF12C696B2A635DC7B53FD7F ] NACAgent        C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
18:29:59.0940 0x0c2c NACAgent - ok
18:29:59.0994 0x0c2c [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
18:30:00.0028 0x0c2c napagent - ok
18:30:00.0067 0x0c2c [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:30:00.0159 0x0c2c NativeWifiP - ok
18:30:00.0239 0x0c2c [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:30:00.0346 0x0c2c NDIS - ok
18:30:00.0379 0x0c2c [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:00.0450 0x0c2c NdisTapi - ok
18:30:00.0479 0x0c2c [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:00.0537 0x0c2c Ndisuio - ok
18:30:00.0574 0x0c2c [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:00.0629 0x0c2c NdisWan - ok
18:30:00.0651 0x0c2c [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:30:00.0720 0x0c2c NDProxy - ok
18:30:00.0739 0x0c2c [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:30:00.0789 0x0c2c NetBIOS - ok
18:30:00.0837 0x0c2c [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:30:00.0923 0x0c2c netbt - ok
18:30:00.0950 0x0c2c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
18:30:00.0955 0x0c2c Netlogon - ok
18:30:01.0003 0x0c2c [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
18:30:01.0020 0x0c2c Netman - ok
18:30:01.0076 0x0c2c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:30:01.0338 0x0c2c NetMsmqActivator - ok
18:30:01.0348 0x0c2c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:30:01.0352 0x0c2c NetPipeActivator - ok
18:30:01.0408 0x0c2c [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
18:30:01.0433 0x0c2c netprofm - ok
18:30:01.0444 0x0c2c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:30:01.0449 0x0c2c NetTcpActivator - ok
18:30:01.0460 0x0c2c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:30:01.0465 0x0c2c NetTcpPortSharing - ok
18:30:01.0514 0x0c2c [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:30:01.0603 0x0c2c nfrd960 - ok
18:30:01.0623 0x0c2c [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:30:01.0630 0x0c2c NlaSvc - ok
18:30:01.0667 0x0c2c [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:30:01.0716 0x0c2c Npfs - ok
18:30:01.0740 0x0c2c [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
18:30:01.0743 0x0c2c nsi - ok
18:30:01.0774 0x0c2c [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:30:01.0821 0x0c2c nsiproxy - ok
18:30:01.0896 0x0c2c [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:30:02.0059 0x0c2c Ntfs - ok
18:30:02.0084 0x0c2c [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:30:02.0132 0x0c2c ntrigdigi - ok
18:30:02.0151 0x0c2c [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
18:30:02.0185 0x0c2c Null - ok
18:30:02.0222 0x0c2c [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:30:02.0263 0x0c2c nvraid - ok
18:30:02.0283 0x0c2c [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:30:02.0314 0x0c2c nvstor - ok
18:30:02.0362 0x0c2c [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:30:02.0422 0x0c2c nv_agp - ok
18:30:02.0429 0x0c2c NwlnkFlt - ok
18:30:02.0437 0x0c2c NwlnkFwd - ok
18:30:02.0481 0x0c2c [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:30:02.0534 0x0c2c ohci1394 - ok
18:30:02.0589 0x0c2c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:30:02.0634 0x0c2c p2pimsvc - ok
18:30:02.0670 0x0c2c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:30:02.0695 0x0c2c p2psvc - ok
18:30:02.0711 0x0c2c [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
18:30:02.0744 0x0c2c Parport - ok
18:30:02.0780 0x0c2c [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:30:02.0849 0x0c2c partmgr - ok
18:30:02.0871 0x0c2c [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:30:02.0891 0x0c2c Parvdm - ok
18:30:02.0923 0x0c2c [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:30:02.0926 0x0c2c PcaSvc - ok
18:30:02.0942 0x0c2c [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
18:30:02.0981 0x0c2c pci - ok
18:30:03.0004 0x0c2c [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
18:30:03.0054 0x0c2c pciide - ok
18:30:03.0085 0x0c2c [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:30:03.0158 0x0c2c pcmcia - ok
18:30:03.0219 0x0c2c [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:30:03.0289 0x0c2c PEAUTH - ok
18:30:03.0435 0x0c2c [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
18:30:03.0519 0x0c2c pla - ok
18:30:03.0561 0x0c2c [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:30:03.0583 0x0c2c PlugPlay - ok
18:30:03.0630 0x0c2c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:30:03.0664 0x0c2c PNRPAutoReg - ok
18:30:03.0695 0x0c2c [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:30:03.0715 0x0c2c PNRPsvc - ok
18:30:03.0749 0x0c2c [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:30:03.0816 0x0c2c PolicyAgent - ok
18:30:03.0862 0x0c2c [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:30:03.0929 0x0c2c PptpMiniport - ok
18:30:04.0010 0x0c2c [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
18:30:04.0057 0x0c2c Processor - ok
18:30:04.0097 0x0c2c [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
18:30:04.0107 0x0c2c ProfSvc - ok
18:30:04.0119 0x0c2c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
18:30:04.0122 0x0c2c ProtectedStorage - ok
18:30:04.0154 0x0c2c [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:30:04.0157 0x0c2c PSched - ok
18:30:04.0258 0x0c2c [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:30:04.0435 0x0c2c ql2300 - ok
18:30:04.0468 0x0c2c [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:30:04.0574 0x0c2c ql40xx - ok
18:30:04.0610 0x0c2c [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
18:30:04.0633 0x0c2c QWAVE - ok
18:30:04.0647 0x0c2c [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:30:04.0652 0x0c2c QWAVEdrv - ok
18:30:04.0692 0x0c2c [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:30:04.0733 0x0c2c RasAcd - ok
18:30:04.0760 0x0c2c [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
18:30:04.0770 0x0c2c RasAuto - ok
18:30:04.0806 0x0c2c [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:04.0852 0x0c2c Rasl2tp - ok
18:30:04.0903 0x0c2c [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
18:30:04.0926 0x0c2c RasMan - ok
18:30:04.0956 0x0c2c [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:04.0995 0x0c2c RasPppoe - ok
18:30:05.0028 0x0c2c [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:30:05.0089 0x0c2c RasSstp - ok
18:30:05.0132 0x0c2c [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:30:05.0192 0x0c2c rdbss - ok
18:30:05.0223 0x0c2c [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:30:05.0295 0x0c2c RDPCDD - ok
18:30:05.0354 0x0c2c [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:30:05.0441 0x0c2c rdpdr - ok
18:30:05.0452 0x0c2c [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:30:05.0478 0x0c2c RDPENCDD - ok
18:30:05.0535 0x0c2c [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:30:05.0631 0x0c2c RDPWD - ok
18:30:05.0690 0x0c2c [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:30:05.0698 0x0c2c RemoteAccess - ok
18:30:05.0734 0x0c2c [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:30:05.0745 0x0c2c RemoteRegistry - ok
18:30:05.0782 0x0c2c [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
18:30:05.0786 0x0c2c RpcLocator - ok
18:30:05.0842 0x0c2c [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
18:30:05.0871 0x0c2c RpcSs - ok
18:30:05.0895 0x0c2c [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:30:05.0904 0x0c2c rspndr - ok
18:30:05.0960 0x0c2c [ 2D19A7469EA19993D0C12E627F4530BC, B59F0D4ACAA60ED95093FA561D4C5D87F26C9F6C646858772743038D97B2D6AB ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
18:30:06.0017 0x0c2c RTL8169 - ok
18:30:06.0048 0x0c2c [ 9FF7D9CF3A5F296613588B0E8DB83AFE, 69DF889D09539CF342957A91751DAF733EE929AE5DD573E1BC0019660CA5CB83 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
18:30:06.0086 0x0c2c RTSTOR - ok
18:30:06.0111 0x0c2c [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
18:30:06.0115 0x0c2c SamSs - ok
18:30:06.0140 0x0c2c [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:30:06.0178 0x0c2c sbp2port - ok
18:30:06.0231 0x0c2c [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:30:06.0239 0x0c2c SCardSvr - ok
18:30:06.0292 0x0c2c [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
18:30:06.0349 0x0c2c Schedule - ok
18:30:06.0376 0x0c2c [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:30:06.0378 0x0c2c SCPolicySvc - ok
18:30:06.0406 0x0c2c [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:30:06.0412 0x0c2c SDRSVC - ok
18:30:06.0450 0x0c2c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:30:06.0454 0x0c2c secdrv - ok
18:30:06.0476 0x0c2c [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
18:30:06.0480 0x0c2c seclogon - ok
18:30:06.0497 0x0c2c [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
18:30:06.0505 0x0c2c SENS - ok
18:30:06.0524 0x0c2c [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:30:06.0570 0x0c2c Serenum - ok
18:30:06.0598 0x0c2c [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
18:30:06.0642 0x0c2c Serial - ok
18:30:06.0662 0x0c2c [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:30:06.0694 0x0c2c sermouse - ok
18:30:06.0735 0x0c2c [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:30:06.0741 0x0c2c SessionEnv - ok
18:30:06.0762 0x0c2c [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:30:06.0791 0x0c2c sffdisk - ok
18:30:06.0811 0x0c2c [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:30:06.0840 0x0c2c sffp_mmc - ok
18:30:06.0862 0x0c2c [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:30:06.0919 0x0c2c sffp_sd - ok
18:30:06.0942 0x0c2c [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:30:06.0976 0x0c2c sfloppy - ok
18:30:07.0015 0x0c2c [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:30:07.0038 0x0c2c SharedAccess - ok
18:30:07.0073 0x0c2c [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:30:07.0096 0x0c2c ShellHWDetection - ok
18:30:07.0122 0x0c2c [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:30:07.0172 0x0c2c sisagp - ok
18:30:07.0192 0x0c2c [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:30:07.0249 0x0c2c SiSRaid2 - ok
18:30:07.0278 0x0c2c [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:30:07.0325 0x0c2c SiSRaid4 - ok
18:30:07.0549 0x0c2c [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
18:30:07.0729 0x0c2c slsvc - ok
18:30:07.0809 0x0c2c [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:30:07.0814 0x0c2c SLUINotify - ok
18:30:07.0860 0x0c2c [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:30:07.0890 0x0c2c Smb - ok
18:30:07.0931 0x0c2c [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:30:07.0935 0x0c2c SNMPTRAP - ok
18:30:07.0956 0x0c2c [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:30:07.0959 0x0c2c spldr - ok
18:30:07.0999 0x0c2c [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
18:30:08.0006 0x0c2c Spooler - ok
18:30:08.0053 0x0c2c [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:30:08.0132 0x0c2c srv - ok
18:30:08.0162 0x0c2c [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:30:08.0210 0x0c2c srv2 - ok
18:30:08.0221 0x0c2c [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:30:08.0260 0x0c2c srvnet - ok
18:30:08.0308 0x0c2c [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
18:30:08.0352 0x0c2c ssadbus - ok
18:30:08.0382 0x0c2c [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:30:08.0428 0x0c2c ssadmdfl - ok
18:30:08.0455 0x0c2c [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
18:30:08.0537 0x0c2c ssadmdm - ok
18:30:08.0584 0x0c2c [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:30:08.0607 0x0c2c SSDPSRV - ok
18:30:08.0672 0x0c2c [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:30:08.0681 0x0c2c SstpSvc - ok
18:30:08.0733 0x0c2c [ 6D82CB78DE57A073E95431F3486B1B27, 3B9A3AEB2788402CEFA541E3855CDBF92578031DC08BE83B00CBD32D79CCAF9B ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:30:08.0836 0x0c2c ssudmdm - ok
18:30:08.0893 0x0c2c [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
18:30:08.0943 0x0c2c stisvc - ok
18:30:08.0971 0x0c2c [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:30:09.0013 0x0c2c swenum - ok
18:30:09.0063 0x0c2c [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
18:30:09.0108 0x0c2c swprv - ok
18:30:09.0162 0x0c2c [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:30:09.0225 0x0c2c Symc8xx - ok
18:30:09.0280 0x0c2c [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:30:09.0343 0x0c2c Sym_hi - ok
18:30:09.0394 0x0c2c [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:30:09.0437 0x0c2c Sym_u3 - ok
18:30:09.0510 0x0c2c [ 70534D1E4F9AC990536D5FB5B550B3DE, BD7F52FAD8FDF7F5FE37B6E6101D1386816F371894DD46D799FF4107F98134A1 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:30:09.0620 0x0c2c SynTP - ok
18:30:09.0697 0x0c2c [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
18:30:09.0754 0x0c2c SysMain - ok
18:30:09.0789 0x0c2c [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:30:09.0798 0x0c2c TabletInputService - ok
18:30:09.0842 0x0c2c [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:30:09.0864 0x0c2c TapiSrv - ok
18:30:09.0880 0x0c2c [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
18:30:09.0889 0x0c2c TBS - ok
18:30:09.0969 0x0c2c [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:30:10.0146 0x0c2c Tcpip - ok
18:30:10.0186 0x0c2c [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:30:10.0206 0x0c2c Tcpip6 - ok
18:30:10.0241 0x0c2c [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:30:10.0293 0x0c2c tcpipreg - ok
18:30:10.0353 0x0c2c [ 6FDFBA25002CE4BAC463AC866AE71405, E2952EA6E10543910931612D8AC18D340589C2AC88CF059F65866189CA03602A ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:30:10.0387 0x0c2c tdcmdpst - ok
18:30:10.0425 0x0c2c [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:30:10.0461 0x0c2c TDPIPE - ok
18:30:10.0489 0x0c2c [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:30:10.0529 0x0c2c TDTCP - ok
18:30:10.0563 0x0c2c [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:30:10.0611 0x0c2c tdx - ok
18:30:10.0637 0x0c2c [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:30:10.0679 0x0c2c TermDD - ok
18:30:10.0729 0x0c2c [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
18:30:10.0752 0x0c2c TermService - ok
18:30:10.0774 0x0c2c [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
18:30:10.0797 0x0c2c Themes - ok
18:30:10.0815 0x0c2c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:30:10.0821 0x0c2c THREADORDER - ok
18:30:10.0878 0x0c2c [ E09CAAFB2B323A6FF120CEFB96DA0A44, E7CDC3ACA868B3F110004E0C717DA2F0EA776C29B123E68C41A381168A335640 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:30:11.0136 0x0c2c TMachInfo - ok
18:30:11.0226 0x0c2c [ 89F74C86523F5E334628DBCE66E6D165, 81BEA43618E7EBFF0F8C417CCCBC8E39D20948F99653AC859229F8E0CB50DB54 ] TNaviSrv        C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:30:11.0295 0x0c2c TNaviSrv - ok
18:30:11.0354 0x0c2c [ C5AC715B65B01788ABC22D10749DDDD8, 3237B8CBEA645F550CE588511BC7085358B3D1358D46AF5EED65F3BAC5174195 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
18:30:11.0398 0x0c2c TODDSrv - ok
18:30:11.0448 0x0c2c [ 44DBAC611B11646683B5B066A049B8E4, A15CF58CAAA9C7184DBF183851DABE744A8CA9DC848299244F18BC98C360D006 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
18:30:11.0502 0x0c2c TosCoSrv - ok
18:30:11.0863 0x0c2c [ 22690DFFC7F2A18279A7A0489AA02BAC, 703B10A17AF6871439143AF9E419D780779BD4ED54D32FA7751A5630C4CCFC0C ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
18:30:11.0920 0x0c2c TOSHIBA SMART Log Service - ok
18:30:11.0955 0x0c2c [ 4399A9BF7D8F49991A07FD86590A1619, D591D12EC3792B0B649944722BBBEBBB8B0D3346FCC8FC4B4B34799266AD2910 ] tos_sps32       C:\Windows\system32\DRIVERS\tos_sps32.sys
18:30:12.0034 0x0c2c tos_sps32 - ok
18:30:12.0076 0x0c2c [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
18:30:12.0084 0x0c2c TrkWks - ok
18:30:12.0130 0x0c2c [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:30:12.0134 0x0c2c TrustedInstaller - ok
18:30:12.0185 0x0c2c [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:12.0255 0x0c2c tssecsrv - ok
18:30:12.0281 0x0c2c [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:30:12.0317 0x0c2c tunmp - ok
18:30:12.0389 0x0c2c [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:30:12.0461 0x0c2c tunnel - ok
18:30:12.0493 0x0c2c [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:30:12.0555 0x0c2c TVALZ - ok
18:30:12.0587 0x0c2c [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:30:12.0672 0x0c2c uagp35 - ok
18:30:12.0733 0x0c2c [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:30:12.0799 0x0c2c udfs - ok
18:30:12.0849 0x0c2c [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:30:12.0856 0x0c2c UI0Detect - ok
18:30:12.0922 0x0c2c [ 332D341D92B933600D41953B08360DFB, 213A5C84ABB0D627C05B355084A26A5081645D4EC398FF19EF6BBCB690B10055 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:30:12.0978 0x0c2c UleadBurningHelper - ok
18:30:13.0017 0x0c2c [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:30:13.0033 0x0c2c uliagpkx - ok
18:30:13.0057 0x0c2c [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:30:13.0107 0x0c2c uliahci - ok
18:30:13.0142 0x0c2c [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:30:13.0189 0x0c2c UlSata - ok
18:30:13.0219 0x0c2c [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:30:13.0239 0x0c2c ulsata2 - ok
18:30:13.0264 0x0c2c [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:30:13.0322 0x0c2c umbus - ok
18:30:13.0403 0x0c2c [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
18:30:13.0414 0x0c2c upnphost - ok
18:30:13.0466 0x0c2c [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:30:13.0481 0x0c2c USBAAPL - ok
18:30:13.0518 0x0c2c [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:13.0539 0x0c2c usbccgp - ok
18:30:13.0568 0x0c2c [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:30:13.0612 0x0c2c usbcir - ok
18:30:13.0644 0x0c2c [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:30:13.0672 0x0c2c usbehci - ok
18:30:13.0705 0x0c2c [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:30:13.0748 0x0c2c usbhub - ok
18:30:13.0772 0x0c2c [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:30:13.0815 0x0c2c usbohci - ok
18:30:13.0850 0x0c2c [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:30:13.0913 0x0c2c usbprint - ok
18:30:13.0961 0x0c2c [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:30:13.0991 0x0c2c usbscan - ok
18:30:14.0024 0x0c2c [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:14.0085 0x0c2c USBSTOR - ok
18:30:14.0117 0x0c2c [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:30:14.0164 0x0c2c usbuhci - ok
18:30:14.0227 0x0c2c [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:30:14.0273 0x0c2c usbvideo - ok
18:30:14.0321 0x0c2c [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
18:30:14.0355 0x0c2c UxSms - ok
18:30:14.0420 0x0c2c [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
18:30:14.0487 0x0c2c vds - ok
18:30:14.0516 0x0c2c [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:14.0536 0x0c2c vga - ok
18:30:14.0561 0x0c2c [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:30:14.0611 0x0c2c VgaSave - ok
18:30:14.0640 0x0c2c [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:30:14.0699 0x0c2c viaagp - ok
18:30:14.0730 0x0c2c [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:30:14.0789 0x0c2c ViaC7 - ok
18:30:14.0817 0x0c2c [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
18:30:14.0841 0x0c2c viaide - ok
18:30:14.0872 0x0c2c [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:30:14.0880 0x0c2c volmgr - ok
18:30:14.0927 0x0c2c [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:30:14.0998 0x0c2c volmgrx - ok
18:30:15.0036 0x0c2c [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:30:15.0078 0x0c2c volsnap - ok
18:30:15.0129 0x0c2c [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:30:15.0159 0x0c2c vsmraid - ok
18:30:15.0240 0x0c2c [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
18:30:15.0319 0x0c2c VSS - ok
18:30:15.0381 0x0c2c [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
18:30:15.0404 0x0c2c W32Time - ok
18:30:15.0440 0x0c2c [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:30:15.0486 0x0c2c WacomPen - ok
18:30:15.0508 0x0c2c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:30:15.0557 0x0c2c Wanarp - ok
18:30:15.0567 0x0c2c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:30:15.0571 0x0c2c Wanarpv6 - ok
18:30:15.0620 0x0c2c WatGorp - ok
18:30:15.0664 0x0c2c [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:30:15.0699 0x0c2c wcncsvc - ok
18:30:15.0730 0x0c2c [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:30:15.0738 0x0c2c WcsPlugInService - ok
18:30:15.0763 0x0c2c [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
18:30:15.0811 0x0c2c Wd - ok
18:30:15.0882 0x0c2c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:30:15.0927 0x0c2c Wdf01000 - ok
18:30:15.0948 0x0c2c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:30:15.0958 0x0c2c WdiServiceHost - ok
18:30:15.0973 0x0c2c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:30:15.0987 0x0c2c WdiSystemHost - ok
18:30:16.0011 0x0c2c [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
18:30:16.0030 0x0c2c WebClient - ok
18:30:16.0057 0x0c2c [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:30:16.0065 0x0c2c Wecsvc - ok
18:30:16.0093 0x0c2c [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:30:16.0097 0x0c2c wercplsupport - ok
18:30:16.0131 0x0c2c [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:30:16.0138 0x0c2c WerSvc - ok
18:30:16.0209 0x0c2c [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:30:16.0292 0x0c2c WinDefend - ok
18:30:16.0306 0x0c2c WinHttpAutoProxySvc - ok
18:30:16.0384 0x0c2c [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:30:16.0390 0x0c2c Winmgmt - ok
18:30:16.0472 0x0c2c [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:30:16.0539 0x0c2c WinRM - ok
18:30:16.0605 0x0c2c [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:30:16.0639 0x0c2c Wlansvc - ok
18:30:16.0665 0x0c2c [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:30:16.0700 0x0c2c WmiAcpi - ok
18:30:16.0746 0x0c2c [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:30:16.0753 0x0c2c wmiApSrv - ok
18:30:16.0847 0x0c2c [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:30:16.0892 0x0c2c WMPNetworkSvc - ok
18:30:16.0916 0x0c2c [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:30:16.0924 0x0c2c WPCSvc - ok
18:30:16.0956 0x0c2c [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:30:16.0962 0x0c2c WPDBusEnum - ok
18:30:16.0994 0x0c2c [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:30:17.0054 0x0c2c WpdUsb - ok
18:30:17.0123 0x0c2c [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:30:17.0156 0x0c2c WPFFontCache_v0400 - ok
18:30:17.0195 0x0c2c [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:30:17.0232 0x0c2c ws2ifsl - ok
18:30:17.0264 0x0c2c [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:30:17.0269 0x0c2c wscsvc - ok
18:30:17.0277 0x0c2c WSearch - ok
18:30:17.0396 0x0c2c [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:30:17.0484 0x0c2c wuauserv - ok
18:30:17.0535 0x0c2c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:30:17.0538 0x0c2c WudfPf - ok
18:30:17.0563 0x0c2c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:17.0596 0x0c2c WUDFRd - ok
18:30:17.0627 0x0c2c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:30:17.0634 0x0c2c wudfsvc - ok
18:30:17.0651 0x0c2c ================ Scan global ===============================
18:30:17.0682 0x0c2c [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
18:30:17.0757 0x0c2c [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:30:17.0877 0x0c2c [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:30:17.0931 0x0c2c [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
18:30:17.0953 0x0c2c [ Global ] - ok
18:30:17.0954 0x0c2c ================ Scan MBR ==================================
18:30:17.0969 0x0c2c [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
18:30:18.0527 0x0c2c \Device\Harddisk0\DR0 - ok
18:30:18.0528 0x0c2c ================ Scan VBR ==================================
18:30:18.0532 0x0c2c [ 7A3DFA256658EEC504BD795E41A0EA50 ] \Device\Harddisk0\DR0\Partition1
18:30:18.0534 0x0c2c \Device\Harddisk0\DR0\Partition1 - ok
18:30:18.0536 0x0c2c Waiting for KSN requests completion. In queue: 337
18:30:19.0536 0x0c2c Waiting for KSN requests completion. In queue: 23
18:30:20.0536 0x0c2c Waiting for KSN requests completion. In queue: 23
18:30:21.0713 0x0c2c AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x41000 ( enabled : updated )
18:30:21.0758 0x0c2c Win FW state via NFP2: enabled
18:30:24.0301 0x0c2c ============================================================
18:30:24.0301 0x0c2c Scan finished
18:30:24.0301 0x0c2c ============================================================
18:30:24.0319 0x16c8 Detected object count: 0
18:30:24.0319 0x16c8 Actual detected object count: 0

#5 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 24 December 2013 - 07:27 AM

Hi and Happy Birthday!!

Thanks for getting those for me.

ComboFix

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#6 thesopranosaurus

New Member

Authentic Member
17 posts

Interests:video games, making video games, Guitar/singing, yummy food

Posted 24 December 2013 - 10:48 AM

Ok, so I had some issues running combofix. It got through creating a restore point all 50 scanning processes and deleting 3 files (I didn't write them down because I figured they'd be in the log). When it go to the part where it says "please do not run any programs until combofix had finished creating a log," it stopped. all my icons and taskbar disappeared. Thinking this was normal, I sat and waited for the report. 2...hours..later... lol nothing had happened. When I went to click on the command prompt window it said not responding. I closed it and restarted the computer.

When I did restart there were three different things I noticed about the computer: One, there's now an icon that appears to be internet explorer shortcut, but its not (it says "the internet" and has no shortcut arrow), and two, I clicked on my firefox to report my findings to you and somehow firfox was no longer my designated browser. Finally, the dialup connector that I mentioned in my very first post went nuts and attempted to physically connect a broadband connection even though I'm already connected wirelessly. Its always asked me if I wanted to multiple times before, but this is the first time its actually started trying to connect itself. I had to force close it with task manager because simply closing it didn't work. :wall:

thoughts?

#7 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 25 December 2013 - 12:18 PM

Hi,

Please boot to Safe Mode with Networking and then try to run ComboFix through from there. If a log is created, please post that. If not....let me know what happens.

#8 thesopranosaurus

New Member

Authentic Member
17 posts

Interests:video games, making video games, Guitar/singing, yummy food

Posted 26 December 2013 - 09:07 PM

Hello again,

ComboFix still did not work. I attempted twice in safe mode with networking with the same results (i ran as an admin). The program gets all the way to the end where it says its creating the log, then sits there and does nothing. I waited approx. 30 minutes the first trial and over an hour the second attempt. I completely disabled my AVG when the program was running. Am I doing something wrong?

Edited by thesopranosaurus, 26 December 2013 - 09:08 PM.

#9 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 27 December 2013 - 07:05 AM

FRST

Download the 32 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------

#10 thesopranosaurus

New Member

Authentic Member
17 posts

Interests:video games, making video games, Guitar/singing, yummy food

Posted 27 December 2013 - 07:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2013 01
Ran by SYSTEM on MINWINPC on 27-12-2013 19:39:45
Running from G:\
Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [jswtrayutil] - "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe [1242424 2008-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [GorillaPrice] - C:\Program Files\GorillaPrice\GorillaPrice.exe [827392 2013-05-28] (Torling Company)
HKLM\...\Run: [NACAgentUI] - C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\Ayla\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Ayla\...\Run: [Akamai NetSession Interface] - "C:\Users\Ayla\AppData\Local\Akamai\netsession_win.exe"
HKU\Ayla\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\Ayla\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=8f8c48706eef47d0983ed157754e1082-45c385af3f98b467775595ec90a22f71b666ebc2 /CMPID=1113a
HKU\Ayla\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S2 NACAgent; C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)
S2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-05-28] ()

==================== Drivers (Whitelisted) ====================

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-16] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-09-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Ayla\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-27 19:39 - 2013-12-27 19:39 - 00000000 ____D C:\FRST
2013-12-27 17:10 - 2013-12-27 17:10 - 01063657 _____ (Farbar) C:\Users\Ayla\Downloads\FRST.exe
2013-12-26 19:10 - 2013-12-26 19:10 - 00000458 _____ C:\Users\Ayla\Downloads\ComboFix.exe - Shortcut.lnk
2013-12-26 18:47 - 2013-12-26 18:56 - 00000000 ____D C:\ComboFix
2013-12-25 09:25 - 2013-12-25 09:25 - 00048143 _____ C:\Users\Ayla\Downloads\MGE(2)
2013-12-25 09:22 - 2013-12-25 09:22 - 00027803 _____ C:\Users\Ayla\Downloads\MGE(1)
2013-12-25 09:22 - 2013-12-25 09:22 - 00027803 _____ C:\Users\Ayla\Downloads\MGE
2013-12-24 07:57 - 2013-12-24 08:10 - 00000000 ____D C:\Windows\erdnt
2013-12-24 07:57 - 2013-12-24 07:57 - 00000000 ____D C:\Qoobox
2013-12-24 07:57 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-24 07:57 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-24 07:57 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-24 07:57 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-24 07:57 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-24 07:57 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-24 07:57 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-24 07:57 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-23 17:36 - 2013-12-22 11:40 - 00000916 _____ C:\Users\Ayla\Documents\RPG Maker VX Ace.lnk
2013-12-23 17:16 - 2013-12-23 17:16 - 00530399 _____ C:\Users\Ayla\Downloads\gendai.zip
2013-12-23 16:43 - 2013-12-23 16:43 - 00000000 ____D C:\Users\Ayla\Documents\RPGVXAce
2013-12-23 16:28 - 2013-12-23 16:28 - 04101441 _____ C:\Users\Ayla\Downloads\tdsskiller.zip
2013-12-23 16:24 - 2013-12-23 16:25 - 00000000 ____D C:\AdwCleaner
2013-12-23 16:24 - 2013-12-23 16:24 - 01233962 _____ C:\Users\Ayla\Downloads\AdwCleaner.exe
2013-12-23 16:21 - 2013-12-23 16:21 - 00017235 _____ C:\Users\Ayla\Downloads\dds.txt
2013-12-23 16:21 - 2013-12-23 16:21 - 00004658 _____ C:\Users\Ayla\Downloads\attach.txt
2013-12-23 16:17 - 2013-12-23 16:17 - 00001635 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 16:17 - 2013-12-23 16:17 - 00000000 ____D C:\Program Files\iPod
2013-12-23 16:16 - 2013-12-23 16:17 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-23 16:16 - 2013-12-23 16:17 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 16:11 - 2013-12-23 16:11 - 00000000 ____D C:\Program Files\Bonjour
2013-12-23 16:07 - 2013-12-23 16:07 - 00688992 ____R (Swearware) C:\Users\Ayla\Downloads\dds.com
2013-12-22 13:01 - 2013-12-26 22:26 - 00000000 ____D C:\Users\Ayla\Desktop\Bonus_Resources
2013-12-22 13:01 - 2013-12-22 13:01 - 00000000 ____D C:\Users\Ayla\Downloads\__MACOSX
2013-12-22 11:44 - 2013-12-22 11:44 - 53866591 _____ C:\Users\Ayla\Downloads\Bonus_Resources.zip
2013-12-22 11:41 - 2013-12-22 11:41 - 00000000 ____D C:\Program Files\Common Files\Enterbrain
2013-12-22 11:36 - 2013-12-22 11:40 - 00000916 _____ C:\Users\Public\Desktop\RPG Maker VX Ace.lnk
2013-12-22 11:35 - 2013-12-22 11:35 - 00000000 ____D C:\Program Files\Enterbrain
2013-12-20 16:33 - 2013-12-20 16:33 - 00000000 ____D C:\Users\Ayla\AppData\Local\Unity
2013-12-20 16:32 - 2013-12-20 16:32 - 00000884 _____ C:\Users\Public\Desktop\Unity.lnk
2013-12-20 16:32 - 2013-12-20 16:32 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-12-20 16:25 - 2013-12-20 16:33 - 00000000 ____D C:\Program Files\Unity
2013-12-20 11:52 - 2013-12-20 11:53 - 00009343 _____ C:\Users\Ayla\Downloads\hijackthis.log
2013-12-20 11:51 - 2013-12-20 11:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ayla\Downloads\HiJackThis.exe
2013-12-20 11:29 - 2013-12-20 11:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-20 11:07 - 2013-12-20 11:07 - 00602112 _____ (OldTimer Tools) C:\Users\Ayla\Downloads\OTL.exe
2013-12-20 10:58 - 2013-12-20 10:58 - 00000058 _____ C:\Users\Ayla\Documents\malware.txt
2013-12-11 04:49 - 2013-12-11 04:50 - 00000000 ____D C:\854fdb00f5f5b5de281f17f64cb3
2013-12-11 01:11 - 2013-11-14 15:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-11 01:11 - 2013-11-14 14:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-11 01:11 - 2013-11-14 14:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-11 01:11 - 2013-11-14 14:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-11 01:11 - 2013-11-14 14:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-11 01:11 - 2013-11-14 14:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-11 01:11 - 2013-11-14 14:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-11 01:11 - 2013-11-14 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-11 01:11 - 2013-11-14 14:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-11 01:11 - 2013-11-14 14:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-11 01:11 - 2013-11-14 14:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-11 01:11 - 2013-11-14 14:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-11 01:11 - 2013-11-14 14:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-11 01:11 - 2013-11-14 14:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-11 01:11 - 2013-11-14 14:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-11 01:11 - 2013-11-14 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-10 17:52 - 2013-09-30 07:53 - 00632656 _____ (Microsoft Corporation) C:\Windows\System32\msvcr80.dll
2013-12-10 17:52 - 2013-09-30 07:53 - 00554832 _____ (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2013-12-10 17:52 - 2013-09-30 07:53 - 00479232 _____ (Microsoft Corporation) C:\Windows\System32\msvcm80.dll
2013-12-10 17:52 - 2013-09-30 07:53 - 00001870 _____ C:\Windows\System32\Microsoft.VC80.CRT.manifest
2013-12-10 17:49 - 2013-10-29 18:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2013-12-10 17:49 - 2013-10-29 17:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-10 17:49 - 2013-10-29 16:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-10 17:49 - 2013-10-29 16:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-10 17:49 - 2013-10-21 23:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-10 17:49 - 2013-10-10 18:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-10 17:49 - 2013-10-10 18:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-10 17:49 - 2013-10-10 18:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wshcon.dll
2013-12-10 17:49 - 2013-10-10 16:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-10 17:49 - 2013-10-10 16:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-10 17:34 - 2013-12-10 17:34 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2013-12-27 19:39 - 2013-12-27 19:39 - 00000000 ____D C:\FRST
2013-12-27 17:37 - 2012-03-19 20:11 - 01460953 _____ C:\Windows\WindowsUpdate.log
2013-12-27 17:33 - 2006-11-02 04:45 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 17:33 - 2006-11-02 04:45 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 17:10 - 2013-12-27 17:10 - 01063657 _____ (Farbar) C:\Users\Ayla\Downloads\FRST.exe
2013-12-27 17:10 - 2012-11-27 12:52 - 00000000 ____D C:\ProgramData\MFAData
2013-12-26 22:26 - 2013-12-22 13:01 - 00000000 ____D C:\Users\Ayla\Desktop\Bonus_Resources
2013-12-26 19:10 - 2013-12-26 19:10 - 00000458 _____ C:\Users\Ayla\Downloads\ComboFix.exe - Shortcut.lnk
2013-12-26 19:01 - 2008-01-20 19:02 - 00172178 _____ C:\Windows\PFRO.log
2013-12-26 18:56 - 2013-12-26 18:47 - 00000000 ____D C:\ComboFix
2013-12-26 18:55 - 2006-11-02 02:23 - 00000215 _____ C:\Windows\system.ini
2013-12-26 18:14 - 2006-11-02 02:33 - 00758594 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-25 09:25 - 2013-12-25 09:25 - 00048143 _____ C:\Users\Ayla\Downloads\MGE(2)
2013-12-25 09:22 - 2013-12-25 09:22 - 00027803 _____ C:\Users\Ayla\Downloads\MGE(1)
2013-12-25 09:22 - 2013-12-25 09:22 - 00027803 _____ C:\Users\Ayla\Downloads\MGE
2013-12-25 09:22 - 2008-09-30 11:54 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-24 08:10 - 2013-12-24 07:57 - 00000000 ____D C:\Windows\erdnt
2013-12-24 07:57 - 2013-12-24 07:57 - 00000000 ____D C:\Qoobox
2013-12-23 17:16 - 2013-12-23 17:16 - 00530399 _____ C:\Users\Ayla\Downloads\gendai.zip
2013-12-23 16:43 - 2013-12-23 16:43 - 00000000 ____D C:\Users\Ayla\Documents\RPGVXAce
2013-12-23 16:28 - 2013-12-23 16:28 - 04101441 _____ C:\Users\Ayla\Downloads\tdsskiller.zip
2013-12-23 16:25 - 2013-12-23 16:24 - 00000000 ____D C:\AdwCleaner
2013-12-23 16:24 - 2013-12-23 16:24 - 01233962 _____ C:\Users\Ayla\Downloads\AdwCleaner.exe
2013-12-23 16:21 - 2013-12-23 16:21 - 00017235 _____ C:\Users\Ayla\Downloads\dds.txt
2013-12-23 16:21 - 2013-12-23 16:21 - 00004658 _____ C:\Users\Ayla\Downloads\attach.txt
2013-12-23 16:17 - 2013-12-23 16:17 - 00001635 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-23 16:17 - 2013-12-23 16:17 - 00000000 ____D C:\Program Files\iPod
2013-12-23 16:17 - 2013-12-23 16:16 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-23 16:17 - 2013-12-23 16:16 - 00000000 ____D C:\Program Files\iTunes
2013-12-23 16:17 - 2012-06-26 16:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-23 16:11 - 2013-12-23 16:11 - 00000000 ____D C:\Program Files\Bonjour
2013-12-23 16:10 - 2012-03-19 20:02 - 00000000 ____D C:\users\Ayla
2013-12-23 16:07 - 2013-12-23 16:07 - 00688992 ____R (Swearware) C:\Users\Ayla\Downloads\dds.com
2013-12-22 13:01 - 2013-12-22 13:01 - 00000000 ____D C:\Users\Ayla\Downloads\__MACOSX
2013-12-22 11:44 - 2013-12-22 11:44 - 53866591 _____ C:\Users\Ayla\Downloads\Bonus_Resources.zip
2013-12-22 11:41 - 2013-12-22 11:41 - 00000000 ____D C:\Program Files\Common Files\Enterbrain
2013-12-22 11:40 - 2013-12-23 17:36 - 00000916 _____ C:\Users\Ayla\Documents\RPG Maker VX Ace.lnk
2013-12-22 11:40 - 2013-12-22 11:36 - 00000916 _____ C:\Users\Public\Desktop\RPG Maker VX Ace.lnk
2013-12-22 11:35 - 2013-12-22 11:35 - 00000000 ____D C:\Program Files\Enterbrain
2013-12-22 11:23 - 2012-04-28 23:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-20 16:33 - 2013-12-20 16:33 - 00000000 ____D C:\Users\Ayla\AppData\Local\Unity
2013-12-20 16:33 - 2013-12-20 16:25 - 00000000 ____D C:\Program Files\Unity
2013-12-20 16:32 - 2013-12-20 16:32 - 00000884 _____ C:\Users\Public\Desktop\Unity.lnk
2013-12-20 16:32 - 2013-12-20 16:32 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-12-20 11:53 - 2013-12-20 11:52 - 00009343 _____ C:\Users\Ayla\Downloads\hijackthis.log
2013-12-20 11:51 - 2013-12-20 11:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ayla\Downloads\HiJackThis.exe
2013-12-20 11:30 - 2013-12-20 11:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-20 11:07 - 2013-12-20 11:07 - 00602112 _____ (OldTimer Tools) C:\Users\Ayla\Downloads\OTL.exe
2013-12-20 11:04 - 2013-09-22 08:07 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-20 10:59 - 2012-10-23 15:12 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-20 10:58 - 2013-12-20 10:58 - 00000058 _____ C:\Users\Ayla\Documents\malware.txt
2013-12-20 10:29 - 2012-04-09 22:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-12-20 10:29 - 2012-04-09 22:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-12-12 20:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-12 14:54 - 2008-09-30 11:33 - 00000000 ____D C:\Program Files\Google
2013-12-12 14:33 - 2012-03-19 20:28 - 00000000 ____D C:\Users\Ayla\AppData\Roaming\Adobe
2013-12-12 14:33 - 2008-09-30 11:54 - 00000000 ____D C:\Program Files\Adobe
2013-12-12 14:18 - 2012-03-19 20:03 - 00000000 ____D C:\Users\Ayla\AppData\Local\Google
2013-12-12 14:18 - 2008-09-30 11:35 - 00000000 ____D C:\ProgramData\Google
2013-12-12 14:14 - 2012-10-21 13:10 - 00000000 ____D C:\ProgramData\Origin
2013-12-12 14:09 - 2012-10-03 16:22 - 00000000 ____D C:\Program Files\Electronic Arts
2013-12-12 14:09 - 2008-09-30 10:58 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-12 14:05 - 2012-03-19 20:03 - 00110960 _____ C:\Users\Ayla\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-12 12:54 - 2006-11-02 04:44 - 00394008 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-12 11:13 - 2012-03-19 20:18 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-12-12 11:13 - 2012-03-19 20:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 11:13 - 2012-03-19 20:16 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-12 11:13 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-12 11:10 - 2012-03-19 20:17 - 00000000 ____D C:\Windows\SHELLNEW
2013-12-12 11:10 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-12 11:10 - 2006-11-02 02:23 - 00000128 _____ C:\Windows\win.ini
2013-12-12 09:02 - 2012-11-27 13:39 - 00000000 ____D C:\Users\Ayla\ROMS
2013-12-12 08:31 - 2013-05-26 10:06 - 00000000 ____D C:\Users\Ayla\Documents\receipts
2013-12-11 12:07 - 2012-03-19 20:29 - 00000000 ____D C:\Windows\System32\RTCOM
2013-12-11 04:50 - 2013-12-11 04:49 - 00000000 ____D C:\854fdb00f5f5b5de281f17f64cb3
2013-12-11 04:50 - 2013-08-14 00:09 - 00000000 ____D C:\Windows\System32\MRT
2013-12-11 04:50 - 2006-11-02 02:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-12-10 19:02 - 2006-11-02 02:23 - 00450558 ____R C:\Windows\System32\Drivers\etc\hosts.20131212-171235.backup
2013-12-10 17:34 - 2013-12-10 17:34 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-12-05 16:45 - 2012-06-15 18:11 - 00001942 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 19:58 - 2013-05-26 10:07 - 00000000 ____D C:\Users\Ayla\Documents\work

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-12-12 15:23:31
Restore point made on: 2013-12-19 15:24:22
Restore point made on: 2013-12-20 10:51:55
Restore point made on: 2013-12-21 17:08:55
Restore point made on: 2013-12-22 12:10:46
Restore point made on: 2013-12-23 16:10:16
Restore point made on: 2013-12-23 16:10:48
Restore point made on: 2013-12-24 20:01:40
Restore point made on: 2013-12-26 20:02:45

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 1915.25 MB
Available physical RAM: 1556.86 MB
Total Pagefile: 1743.8 MB
Available Pagefile: 1610.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.83 MB

==================== Drives ================================

Drive c: (SQ004890V03) (Fixed) (Total:224.2 GB) (Free:159.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:1.9 GB) (Free:0.43 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 36D1A135)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=17)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2013-12-26 19:07

==================== End Of Log ============================

Advertisements

Register to Remove

#11 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 28 December 2013 - 09:38 AM

Hi,

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

If you would like to format and reinstall your Operating System please let me know and I can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
----------

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...\Run: [GorillaPrice] - C:\Program Files\GorillaPrice\GorillaPrice.exe [827392 2013-05-28] (Torling Company)
C:\Program Files\GorillaPrice\GorillaPrice.exe
S2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-05-28] ()
C:\ProgramData\GorillaPrice\WatGorp.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
----------

Please post the new log from FRST that is made and also let me know how your system is running.....if you have chosen to try and clean your system.

#12 thesopranosaurus

New Member

Authentic Member
17 posts

Interests:video games, making video games, Guitar/singing, yummy food

Posted 28 December 2013 - 12:21 PM

Hi again,

That's..... what I was afraid of. -_- I have a few questions for you before we go any further.

So if I am understanding you correctly, we should try to run the FRST fix first, and if that doesn't clean the system, to reinstall windows?

In the event we do need to reinstall the operating system, I have a large amount of pictures and game development resources saved on here. Are those salvageable *crossing my fingers*?

Finally, my wife didn't keep the install disc or anything to this computer, so will a reinstall even be possible?

Thank you for all the help so far. I eagerly await your reply.

Ashley

Edited by thesopranosaurus, 28 December 2013 - 12:22 PM.

#13 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 28 December 2013 - 03:07 PM

Hi,

I think that we should go ahead and try to run FRST with the instructions that I gave you. Without a reinstall disk it is going to be very difficult (if possible) to get the system restored but we will cross that road if need be.

Go ahead and run FRST with the instructions I gave you and let me know how your system is running afterwards as well.

#14 thesopranosaurus

New Member

Authentic Member
17 posts

Interests:video games, making video games, Guitar/singing, yummy food

Posted 28 December 2013 - 04:34 PM

Hi again and thank you so much for answering my questions. By the way, this time when I booted I remembered to screen shot the issue I am having with that dialer dialog box popping up. Is there some way I can attach it for you to see?

Here is from the FRST fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2013 01
Ran by SYSTEM at 2013-12-28 16:21:42 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [GorillaPrice] - C:\Program Files\GorillaPrice\GorillaPrice.exe [827392 2013-05-28] (Torling Company)
C:\Program Files\GorillaPrice\GorillaPrice.exe
S2 WatGorp; C:\ProgramData\GorillaPrice\WatGorp.exe [70144 2013-05-28] ()
C:\ProgramData\GorillaPrice\WatGorp.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GorillaPrice => Value deleted successfully.
C:\Program Files\GorillaPrice\GorillaPrice.exe => Moved successfully.
WatGorp => Service deleted successfully.
C:\ProgramData\GorillaPrice\WatGorp.exe => Moved successfully.

==== End of Fixlog ====

#15 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 28 December 2013 - 06:58 PM

Here is a quick video I made for you to show you how to attach files.

Oh....were you able to boot into Normal Mode???

Body Background

skin color theme