WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

48 "Bad Image" Warnings on Boot Up [Solved]

Started by RandalSon , Dec 21 2013 08:50 AM

errors bad image

This topic is locked

74 replies to this topic

#1 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 21 December 2013 - 08:50 AM

Running Windows 7 on a toshiba laptop. Recently on boot up a series of 48 different error warnings pop up. Most are for .exe files, and all say "Bad Image." If I "red X" through them, they close out, and after that everything seems to be working fine.

Maybe related: in IE I will get usually one pop-up from a variety of sites that call for "Fixing WIndows 7 Errors" or "Java update Needed." Again, just closing those out lets me continue.

AVG current version scan does not find anything.

I read about the various malware tools you recommend in general. Can I get some help deciding which one to start with, and then guidance through the process of digging out whatever this is, please?

Advertisements

Register to Remove

#2 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 21 December 2013 - 10:32 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, RandalSon

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:

Read the entire procedure
It is important to perform ALL actions in sequence.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with me till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#3 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 21 December 2013 - 10:32 AM

Hello there,

Please download DDS by sUBs from one of the following links and save it to your desktop.

- DDS.com
- DDS.pif
Disable any script blocking protection (How to Disable your Security Programs)
Double click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.

---------------------------------------------------

Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

===================================================

Please download GMER from one of the following locations, and save it to your desktop:
- Main Mirror
  This version will download a randomly named file (Recommended)
- Zip Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Extract the contents of the zipped file to desktop (applicable only to Zip mirror) .
Double click or on your desktop.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

===================================================

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===================================================

On your next reply please post :
DDS log
GMER log
Checkup log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#4 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 21 December 2013 - 10:36 AM

Thanks. will have time for this mid-day today (west coast) R

#5 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 21 December 2013 - 10:59 AM

Here is the DDS.txt, and attached. I want to do this is steps, so have not gone any further yet.

DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 8.0.7600.17006
Run by user at 8:51:33 on 2013-12-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1486 [GMT -8:00]
.
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\ZOOM\HandyShare\HandyShare_startup.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\user\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.bmi.net/roundcubemail/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.8.11.10\bh\BabylonToolbar.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\user\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.2.0.38\AVG Secure Search_toolbar.dll
BHO: Related Searches: {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - c:\users\user\appdata\roaming\defaulttab\defaulttab\apps\RelatedLinksBHO.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.2.0.38\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.8.11.10\BabylonToolbarTlbr.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Related Searches: {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - c:\users\user\appdata\roaming\defaulttab\defaulttab\apps\RelatedLinksBHO.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Amazon Cloud Player] "c:\users\user\appdata\local\amazon cloud player\Amazon Music Helper.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TPCHWMsg] c:\program files\toshiba\tphm\TPCHWMsg.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [CanonQuickMenu] c:\program files\canon\quick menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [HandyShareStartup] "c:\program files\zoom\handyshare\HandyShare_startup.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 184.63.0.68 184.63.0.69 192.168.1.1
TCP: Interfaces\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C} : DHCPNameServer = 64.185.96.4 64.185.96.68
TCP: Interfaces\{8E2CFF73-7D40-44A0-952E-1FC80084879F} : DHCPNameServer = 184.63.0.68 184.63.0.69 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-5 37664]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-8-10 25896]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-5-21 32808]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2009-8-10 20544]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\user\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2013-7-21 107520]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-11-27 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-9 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-20 12920]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\ToolbarUpdater.exe [2013-12-9 1771544]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-8-10 22272]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 BrowserDefendert;BrowserDefendert;c:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe --> c:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Bonjour Service;AVG Bonjour Service;c:\windows\temp\avgcu_mdnsresponder.exe --> c:\windows\temp\avgcu_mDNSResponder.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-11-10 14:50:27 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
============= FINISH: 8:52:50.54 ===============

Attached Files

attach.txt 10.55KB 324 downloads

#6 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 21 December 2013 - 11:21 AM

Sure

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#7 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 21 December 2013 - 11:24 AM

Do you see anything in dds to keep me from going on to gmer?

#8 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 21 December 2013 - 09:13 PM

I misunderstood that you needed time to run GMER.

Try these instead.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attached)
TDSS Killer log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#9 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 22 December 2013 - 07:40 AM

^{Hry, I'm up, taking next steps. More soon.}

#10 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 22 December 2013 - 08:13 AM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-22 05:36:38
-----------------------------
05:36:38.119    OS Version: Windows 6.1.7600
05:36:38.120    Number of processors: 2 586 0x170A
05:36:38.121    ComputerName: USER-PC UserName: user
05:36:39.155    Initialize success
05:38:25.660    AVAST engine defs: 13122200
05:38:31.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:38:31.216    Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
05:38:31.391    Disk 0 MBR read successfully
05:38:31.397    Disk 0 MBR scan
05:38:31.407    Disk 0 Windows 7 default MBR code
05:38:31.439    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
05:38:31.469    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       294695 MB offset 3074048
05:38:31.507    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         9049 MB offset 606609408
05:38:31.519    Disk 0 scanning sectors +625141760
05:38:31.824    Disk 0 scanning C:\Windows\system32\drivers
05:38:45.223    Service scanning
05:39:21.593    Modules scanning
05:39:44.188    Disk 0 trace - called modules:
05:39:44.225    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
05:39:44.490    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bfc7c8]
05:39:44.500    3 CLASSPNP.SYS[8b5d659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85dbe028]
05:39:50.779    AVAST engine scan C:\Windows
05:39:57.457    AVAST engine scan C:\Windows\system32
05:44:00.490    AVAST engine scan C:\Windows\system32\drivers
05:44:16.034    AVAST engine scan C:\Users\user
06:00:12.404    AVAST engine scan C:\ProgramData
06:08:46.909    Scan finished successfully
06:10:38.861    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
06:10:38.871    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

Attached Files

MBR.zip 572bytes 222 downloads

Advertisements

Register to Remove

#11 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 22 December 2013 - 08:20 AM

06:15:21.0286 7324 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

06:15:23.0301 7324 ============================================================

06:15:23.0301 7324 Current date / time: 2013/12/22 06:15:23.0301

06:15:23.0301 7324 SystemInfo:

06:15:23.0301 7324

06:15:23.0301 7324 OS Version: 6.1.7600 ServicePack: 0.0

06:15:23.0301 7324 Product type: Workstation

06:15:23.0302 7324 ComputerName: USER-PC

06:15:23.0302 7324 UserName: user

06:15:23.0302 7324 Windows directory: C:\Windows

06:15:23.0302 7324 System windows directory: C:\Windows

06:15:23.0302 7324 Processor architecture: Intel x86

06:15:23.0302 7324 Number of processors: 2

06:15:23.0302 7324 Page size: 0x1000

06:15:23.0302 7324 Boot type: Normal boot

06:15:23.0302 7324 ============================================================

06:15:23.0836 7324 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

06:15:23.0839 7324 ============================================================

06:15:23.0839 7324 \Device\Harddisk0\DR0:

06:15:23.0847 7324 MBR partitions:

06:15:23.0847 7324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F93800

06:15:23.0847 7324 ============================================================

06:15:23.0915 7324 C: <-> \Device\Harddisk0\DR0\Partition1

06:15:23.0915 7324 ============================================================

06:15:23.0915 7324 Initialize success

06:15:23.0915 7324 ============================================================

06:18:09.0594 6796 ============================================================

06:18:09.0595 6796 Scan started

06:18:09.0595 6796 Mode: Manual;

06:18:09.0595 6796 ============================================================

06:18:10.0064 6796 ================ Scan system memory ========================

06:18:10.0064 6796 System memory - ok

06:18:10.0065 6796 ================ Scan services =============================

06:18:10.0233 6796 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

06:18:10.0237 6796 1394ohci - ok

06:18:10.0268 6796 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

06:18:10.0273 6796 ACPI - ok

06:18:10.0303 6796 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

06:18:10.0304 6796 AcpiPmi - ok

06:18:10.0348 6796 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

06:18:10.0354 6796 adp94xx - ok

06:18:10.0380 6796 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

06:18:10.0385 6796 adpahci - ok

06:18:10.0409 6796 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

06:18:10.0412 6796 adpu320 - ok

06:18:10.0440 6796 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

06:18:10.0441 6796 AeLookupSvc - ok

06:18:10.0485 6796 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys

06:18:10.0490 6796 AFD - ok

06:18:10.0573 6796 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe

06:18:10.0573 6796 AgereModemAudio - ok

06:18:10.0617 6796 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

06:18:10.0671 6796 AgereSoftModem - ok

06:18:10.0700 6796 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

06:18:10.0701 6796 agp440 - ok

06:18:10.0754 6796 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

06:18:10.0755 6796 aic78xx - ok

06:18:10.0808 6796 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

06:18:10.0810 6796 ALG - ok

06:18:10.0841 6796 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

06:18:10.0842 6796 aliide - ok

06:18:10.0864 6796 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys

06:18:10.0865 6796 amdagp - ok

06:18:10.0886 6796 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys

06:18:10.0888 6796 amdide - ok

06:18:10.0916 6796 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

06:18:10.0917 6796 AmdK8 - ok

06:18:10.0935 6796 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

06:18:10.0937 6796 AmdPPM - ok

06:18:10.0975 6796 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys

06:18:10.0977 6796 amdsata - ok

06:18:11.0003 6796 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

06:18:11.0006 6796 amdsbs - ok

06:18:11.0028 6796 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys

06:18:11.0030 6796 amdxata - ok

06:18:11.0053 6796 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys

06:18:11.0055 6796 AppID - ok

06:18:11.0083 6796 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

06:18:11.0084 6796 AppIDSvc - ok

06:18:11.0113 6796 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll

06:18:11.0114 6796 Appinfo - ok

06:18:11.0136 6796 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

06:18:11.0138 6796 arc - ok

06:18:11.0146 6796 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

06:18:11.0148 6796 arcsas - ok

06:18:11.0170 6796 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

06:18:11.0172 6796 AsyncMac - ok

06:18:11.0201 6796 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys

06:18:11.0203 6796 atapi - ok

06:18:11.0236 6796 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

06:18:11.0242 6796 AudioEndpointBuilder - ok

06:18:11.0269 6796 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll

06:18:11.0273 6796 Audiosrv - ok

06:18:11.0561 6796 AVG Bonjour Service - ok

06:18:11.0682 6796 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

06:18:11.0685 6796 AVG Security Toolbar Service - ok

06:18:11.0933 6796 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

06:18:12.0130 6796 AVGIDSAgent - ok

06:18:12.0278 6796 [ B9ACB889BA1E0561868C025F95D63E25 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

06:18:12.0281 6796 AVGIDSDriver - ok

06:18:12.0340 6796 [ 13256FC72FA5B3F6D6E8C5957E579B7C ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

06:18:12.0342 6796 AVGIDSEH - ok

06:18:12.0377 6796 [ FA0685CC51DE5CFD804E7DEAA6488E0E ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

06:18:12.0378 6796 AVGIDSFilter - ok

06:18:12.0409 6796 [ F788B51100D0F40EA176798CCE954A1A ] AVGIDSShim C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

06:18:12.0410 6796 AVGIDSShim - ok

06:18:12.0468 6796 [ 901EB73F900D8DD1E8862C40427B83AE ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys

06:18:12.0472 6796 Avgldx86 - ok

06:18:12.0514 6796 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys

06:18:12.0516 6796 Avgmfx86 - ok

06:18:12.0573 6796 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys

06:18:12.0575 6796 Avgrkx86 - ok

06:18:12.0632 6796 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys

06:18:12.0637 6796 Avgtdix - ok

06:18:12.0674 6796 [ 15ACA2AD17ACECA4814F249783E63AD3 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys

06:18:12.0676 6796 avgtp - ok

06:18:12.0721 6796 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe

06:18:12.0727 6796 avgwd - ok

06:18:12.0774 6796 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll

06:18:12.0777 6796 AxInstSV - ok

06:18:12.0825 6796 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

06:18:12.0832 6796 b06bdrv - ok

06:18:12.0875 6796 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

06:18:12.0879 6796 b57nd60x - ok

06:18:12.0957 6796 [ 75F59E6C8806719CBB67D3E73F376CA8 ] BackupStack C:\Program Files\MyPC Backup\BackupStack.exe

06:18:12.0958 6796 BackupStack - ok

06:18:13.0019 6796 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

06:18:13.0022 6796 BDESVC - ok

06:18:13.0038 6796 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

06:18:13.0040 6796 Beep - ok

06:18:13.0078 6796 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll

06:18:13.0095 6796 BFE - ok

06:18:13.0160 6796 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll

06:18:13.0178 6796 BITS - ok

06:18:13.0228 6796 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

06:18:13.0230 6796 blbdrive - ok

06:18:13.0287 6796 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

06:18:13.0290 6796 bowser - ok

06:18:13.0315 6796 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

06:18:13.0317 6796 BrFiltLo - ok

06:18:13.0334 6796 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

06:18:13.0335 6796 BrFiltUp - ok

06:18:13.0377 6796 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll

06:18:13.0379 6796 Browser - ok

06:18:13.0489 6796 BrowserDefendert - ok

06:18:13.0510 6796 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

06:18:13.0515 6796 Brserid - ok

06:18:13.0531 6796 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

06:18:13.0533 6796 BrSerWdm - ok

06:18:13.0551 6796 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

06:18:13.0552 6796 BrUsbMdm - ok

06:18:13.0571 6796 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

06:18:13.0572 6796 BrUsbSer - ok

06:18:13.0595 6796 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

06:18:13.0596 6796 BTHMODEM - ok

06:18:13.0624 6796 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

06:18:13.0625 6796 bthserv - ok

06:18:13.0706 6796 [ F1140ED3A1E1D6824A63F27AFD9EEF32 ] camsvc C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

06:18:13.0707 6796 camsvc - ok

06:18:13.0739 6796 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

06:18:13.0741 6796 cdfs - ok

06:18:13.0779 6796 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

06:18:13.0782 6796 cdrom - ok

06:18:13.0813 6796 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll

06:18:13.0815 6796 CertPropSvc - ok

06:18:13.0887 6796 [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

06:18:13.0891 6796 cfWiMAXService - ok

06:18:13.0915 6796 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

06:18:13.0917 6796 circlass - ok

06:18:13.0952 6796 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

06:18:13.0958 6796 CLFS - ok

06:18:14.0038 6796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

06:18:14.0041 6796 clr_optimization_v2.0.50727_32 - ok

06:18:14.0133 6796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

06:18:14.0137 6796 clr_optimization_v4.0.30319_32 - ok

06:18:14.0175 6796 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

06:18:14.0176 6796 CmBatt - ok

06:18:14.0199 6796 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

06:18:14.0200 6796 cmdide - ok

06:18:14.0238 6796 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys

06:18:14.0245 6796 CNG - ok

06:18:14.0280 6796 [ 5236FB8ABB24E90591074F7BDE24EDA1 ] CoachUsb C:\Windows\system32\DRIVERS\CoachUsb.sys

06:18:14.0282 6796 CoachUsb - ok

06:18:14.0300 6796 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

06:18:14.0301 6796 Compbatt - ok

06:18:14.0337 6796 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

06:18:14.0339 6796 CompositeBus - ok

06:18:14.0358 6796 COMSysApp - ok

06:18:14.0383 6796 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

06:18:14.0384 6796 ConfigFree Service - ok

06:18:14.0394 6796 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

06:18:14.0395 6796 crcdisk - ok

06:18:14.0421 6796 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll

06:18:14.0424 6796 CryptSvc - ok

06:18:14.0455 6796 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll

06:18:14.0462 6796 DcomLaunch - ok

06:18:14.0563 6796 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

06:18:14.0565 6796 DefaultTabUpdate - ok

06:18:14.0605 6796 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

06:18:14.0610 6796 defragsvc - ok

06:18:14.0639 6796 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

06:18:14.0641 6796 DfsC - ok

06:18:14.0676 6796 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll

06:18:14.0681 6796 Dhcp - ok

06:18:14.0695 6796 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

06:18:14.0697 6796 discache - ok

06:18:14.0749 6796 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

06:18:14.0751 6796 Disk - ok

06:18:14.0783 6796 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll

06:18:14.0786 6796 Dnscache - ok

06:18:14.0828 6796 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll

06:18:14.0832 6796 dot3svc - ok

06:18:14.0882 6796 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

06:18:14.0886 6796 Dot4 - ok

06:18:14.0904 6796 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

06:18:14.0905 6796 Dot4Print - ok

06:18:14.0933 6796 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

06:18:14.0935 6796 dot4usb - ok

06:18:14.0953 6796 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll

06:18:14.0956 6796 DPS - ok

06:18:14.0984 6796 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

06:18:14.0986 6796 drmkaud - ok

06:18:15.0026 6796 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

06:18:15.0043 6796 DXGKrnl - ok

06:18:15.0102 6796 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

06:18:15.0105 6796 EapHost - ok

06:18:15.0215 6796 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

06:18:15.0317 6796 ebdrv - ok

06:18:15.0370 6796 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe

06:18:15.0372 6796 EFS - ok

06:18:15.0439 6796 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe

06:18:15.0458 6796 ehRecvr - ok

06:18:15.0522 6796 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

06:18:15.0525 6796 ehSched - ok

06:18:15.0571 6796 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

06:18:15.0588 6796 elxstor - ok

06:18:15.0643 6796 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

06:18:15.0644 6796 ErrDev - ok

06:18:15.0707 6796 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

06:18:15.0712 6796 EventSystem - ok

06:18:15.0734 6796 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

06:18:15.0737 6796 exfat - ok

06:18:15.0757 6796 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

06:18:15.0760 6796 fastfat - ok

06:18:15.0814 6796 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe

06:18:15.0831 6796 Fax - ok

06:18:15.0871 6796 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

06:18:15.0872 6796 fdc - ok

06:18:15.0890 6796 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

06:18:15.0892 6796 fdPHost - ok

06:18:15.0908 6796 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

06:18:15.0909 6796 FDResPub - ok

06:18:15.0926 6796 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

06:18:15.0927 6796 FileInfo - ok

06:18:15.0935 6796 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

06:18:15.0936 6796 Filetrace - ok

06:18:15.0982 6796 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

06:18:15.0984 6796 flpydisk - ok

06:18:16.0013 6796 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

06:18:16.0017 6796 FltMgr - ok

06:18:16.0067 6796 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll

06:18:16.0093 6796 FontCache - ok

06:18:16.0181 6796 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

06:18:16.0184 6796 FontCache3.0.0.0 - ok

06:18:16.0203 6796 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

06:18:16.0205 6796 FsDepends - ok

06:18:16.0246 6796 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

06:18:16.0248 6796 Fs_Rec - ok

06:18:16.0290 6796 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

06:18:16.0295 6796 fvevol - ok

06:18:16.0331 6796 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys

06:18:16.0332 6796 FwLnk - ok

06:18:16.0364 6796 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

06:18:16.0368 6796 gagp30kx - ok

06:18:16.0461 6796 [ 37331304E89A773B1A86FE681FCA150D ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

06:18:16.0466 6796 GameConsoleService - ok

06:18:16.0517 6796 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

06:18:16.0518 6796 GoogleDesktopManager-051210-111108 - ok

06:18:16.0586 6796 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll

06:18:16.0617 6796 gpsvc - ok

06:18:16.0664 6796 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

06:18:16.0667 6796 gusvc - ok

06:18:16.0698 6796 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

06:18:16.0700 6796 hcw85cir - ok

06:18:16.0745 6796 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

06:18:16.0751 6796 HdAudAddService - ok

06:18:16.0804 6796 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

06:18:16.0807 6796 HDAudBus - ok

06:18:16.0824 6796 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

06:18:16.0826 6796 HidBatt - ok

06:18:16.0850 6796 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

06:18:16.0853 6796 HidBth - ok

06:18:16.0879 6796 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

06:18:16.0881 6796 HidIr - ok

06:18:16.0910 6796 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll

06:18:16.0912 6796 hidserv - ok

06:18:16.0945 6796 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

06:18:16.0947 6796 HidUsb - ok

06:18:16.0973 6796 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll

06:18:16.0976 6796 hkmsvc - ok

06:18:17.0000 6796 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

06:18:17.0004 6796 HomeGroupListener - ok

06:18:17.0032 6796 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

06:18:17.0036 6796 HomeGroupProvider - ok

06:18:17.0136 6796 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

06:18:17.0141 6796 hpqcxs08 - ok

06:18:17.0167 6796 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

06:18:17.0170 6796 hpqddsvc - ok

06:18:17.0203 6796 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

06:18:17.0205 6796 HpSAMD - ok

06:18:17.0239 6796 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

06:18:17.0268 6796 HPSLPSVC - ok

06:18:17.0298 6796 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys

06:18:17.0315 6796 HTTP - ok

06:18:17.0332 6796 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

06:18:17.0334 6796 hwpolicy - ok

06:18:17.0358 6796 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

06:18:17.0360 6796 i8042prt - ok

06:18:17.0408 6796 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

06:18:17.0411 6796 iaStor - ok

06:18:17.0448 6796 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

06:18:17.0453 6796 iaStorV - ok

06:18:17.0521 6796 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

06:18:17.0524 6796 IDriverT - ok

06:18:17.0583 6796 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

06:18:17.0616 6796 idsvc - ok

06:18:17.0812 6796 [ 315AAAA2BC9BC778ADC0454B3CA8DCCE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

06:18:17.0961 6796 igfx - ok

06:18:17.0999 6796 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

06:18:18.0001 6796 iirsp - ok

06:18:18.0076 6796 [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

06:18:18.0078 6796 IJPLMSVC - ok

06:18:18.0131 6796 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll

06:18:18.0161 6796 IKEEXT - ok

06:18:18.0279 6796 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

06:18:18.0368 6796 IntcAzAudAddService - ok

06:18:18.0405 6796 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

06:18:18.0406 6796 intelide - ok

06:18:18.0430 6796 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

06:18:18.0432 6796 intelppm - ok

06:18:18.0455 6796 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

06:18:18.0458 6796 IPBusEnum - ok

06:18:18.0470 6796 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

06:18:18.0472 6796 IpFilterDriver - ok

06:18:18.0485 6796 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

06:18:18.0487 6796 IPMIDRV - ok

06:18:18.0502 6796 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

06:18:18.0504 6796 IPNAT - ok

06:18:18.0529 6796 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

06:18:18.0531 6796 IRENUM - ok

06:18:18.0543 6796 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

06:18:18.0544 6796 isapnp - ok

06:18:18.0562 6796 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

06:18:18.0565 6796 iScsiPrt - ok

06:18:18.0604 6796 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

06:18:18.0605 6796 kbdclass - ok

06:18:18.0631 6796 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

06:18:18.0633 6796 kbdhid - ok

06:18:18.0650 6796 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe

06:18:18.0652 6796 KeyIso - ok

06:18:18.0686 6796 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

06:18:18.0688 6796 KSecDD - ok

06:18:18.0729 6796 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

06:18:18.0731 6796 KSecPkg - ok

06:18:18.0769 6796 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

06:18:18.0775 6796 KtmRm - ok

06:18:18.0799 6796 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll

06:18:18.0803 6796 LanmanServer - ok

06:18:18.0820 6796 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

06:18:18.0824 6796 LanmanWorkstation - ok

06:18:18.0885 6796 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

06:18:18.0886 6796 LightScribeService - ok

06:18:18.0946 6796 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

06:18:18.0949 6796 lltdio - ok

06:18:18.0992 6796 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

06:18:18.0998 6796 lltdsvc - ok

06:18:19.0016 6796 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

06:18:19.0019 6796 lmhosts - ok

06:18:19.0048 6796 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

06:18:19.0051 6796 LSI_FC - ok

06:18:19.0077 6796 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

06:18:19.0080 6796 LSI_SAS - ok

06:18:19.0096 6796 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

06:18:19.0098 6796 LSI_SAS2 - ok

06:18:19.0115 6796 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

06:18:19.0117 6796 LSI_SCSI - ok

06:18:19.0141 6796 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

06:18:19.0145 6796 luafv - ok

06:18:19.0178 6796 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

06:18:19.0181 6796 Mcx2Svc - ok

06:18:19.0199 6796 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

06:18:19.0201 6796 megasas - ok

06:18:19.0228 6796 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

06:18:19.0232 6796 MegaSR - ok

06:18:19.0257 6796 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

06:18:19.0259 6796 MMCSS - ok

06:18:19.0274 6796 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

06:18:19.0276 6796 Modem - ok

06:18:19.0303 6796 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

06:18:19.0304 6796 monitor - ok

06:18:19.0329 6796 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

06:18:19.0331 6796 mouclass - ok

06:18:19.0354 6796 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

06:18:19.0355 6796 mouhid - ok

06:18:19.0376 6796 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

06:18:19.0379 6796 mountmgr - ok

06:18:19.0397 6796 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys

06:18:19.0400 6796 mpio - ok

06:18:19.0418 6796 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

06:18:19.0420 6796 mpsdrv - ok

06:18:19.0495 6796 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll

06:18:19.0515 6796 MpsSvc - ok

06:18:19.0539 6796 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

06:18:19.0542 6796 MRxDAV - ok

06:18:19.0572 6796 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

06:18:19.0575 6796 mrxsmb - ok

06:18:19.0613 6796 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

06:18:19.0617 6796 mrxsmb10 - ok

06:18:19.0639 6796 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

06:18:19.0642 6796 mrxsmb20 - ok

06:18:19.0663 6796 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

06:18:19.0665 6796 msahci - ok

06:18:19.0686 6796 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

06:18:19.0689 6796 msdsm - ok

06:18:19.0704 6796 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

06:18:19.0708 6796 MSDTC - ok

06:18:19.0754 6796 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

06:18:19.0755 6796 Msfs - ok

06:18:19.0772 6796 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

06:18:19.0773 6796 mshidkmdf - ok

06:18:19.0788 6796 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

06:18:19.0789 6796 msisadrv - ok

06:18:19.0828 6796 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

06:18:19.0831 6796 MSiSCSI - ok

06:18:19.0837 6796 msiserver - ok

06:18:19.0858 6796 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

06:18:19.0860 6796 MSKSSRV - ok

06:18:19.0883 6796 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

06:18:19.0884 6796 MSPCLOCK - ok

06:18:19.0909 6796 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

06:18:19.0910 6796 MSPQM - ok

06:18:19.0933 6796 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

06:18:19.0936 6796 MsRPC - ok

06:18:19.0951 6796 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

06:18:19.0953 6796 mssmbios - ok

06:18:19.0964 6796 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

06:18:19.0966 6796 MSTEE - ok

06:18:19.0972 6796 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

06:18:19.0974 6796 MTConfig - ok

06:18:19.0991 6796 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

06:18:19.0993 6796 Mup - ok

06:18:20.0032 6796 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll

06:18:20.0038 6796 napagent - ok

06:18:20.0063 6796 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

06:18:20.0068 6796 NativeWifiP - ok

06:18:20.0109 6796 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys

06:18:20.0139 6796 NDIS - ok

06:18:20.0156 6796 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

06:18:20.0158 6796 NdisCap - ok

06:18:20.0197 6796 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

06:18:20.0199 6796 NdisTapi - ok

06:18:20.0215 6796 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

06:18:20.0216 6796 Ndisuio - ok

06:18:20.0229 6796 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

06:18:20.0232 6796 NdisWan - ok

06:18:20.0246 6796 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

06:18:20.0248 6796 NDProxy - ok

06:18:20.0291 6796 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

06:18:20.0293 6796 Net Driver HPZ12 - ok

06:18:20.0300 6796 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

06:18:20.0303 6796 NetBIOS - ok

06:18:20.0341 6796 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

06:18:20.0345 6796 NetBT - ok

06:18:20.0362 6796 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe

06:18:20.0364 6796 Netlogon - ok

06:18:20.0409 6796 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

06:18:20.0415 6796 Netman - ok

06:18:20.0456 6796 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

06:18:20.0463 6796 netprofm - ok

06:18:20.0491 6796 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

06:18:20.0493 6796 NetTcpPortSharing - ok

06:18:20.0522 6796 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

06:18:20.0524 6796 nfrd960 - ok

06:18:20.0548 6796 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll

06:18:20.0553 6796 NlaSvc - ok

06:18:20.0601 6796 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\Windows\system32\drivers\npf.sys

06:18:20.0603 6796 NPF - ok

06:18:20.0614 6796 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

06:18:20.0616 6796 Npfs - ok

06:18:20.0647 6796 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

06:18:20.0649 6796 nsi - ok

06:18:20.0658 6796 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

06:18:20.0660 6796 nsiproxy - ok

06:18:20.0716 6796 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

06:18:20.0750 6796 Ntfs - ok

06:18:20.0770 6796 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

06:18:20.0771 6796 Null - ok

06:18:20.0797 6796 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys

06:18:20.0799 6796 nvraid - ok

06:18:20.0812 6796 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys

06:18:20.0815 6796 nvstor - ok

06:18:20.0835 6796 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

06:18:20.0838 6796 nv_agp - ok

06:18:20.0912 6796 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

06:18:20.0920 6796 odserv - ok

06:18:20.0943 6796 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

06:18:20.0946 6796 ohci1394 - ok

06:18:20.0986 6796 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

06:18:20.0990 6796 ose - ok

06:18:21.0026 6796 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

06:18:21.0033 6796 p2pimsvc - ok

06:18:21.0068 6796 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

06:18:21.0075 6796 p2psvc - ok

06:18:21.0117 6796 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

06:18:21.0119 6796 Parport - ok

06:18:21.0154 6796 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys

06:18:21.0156 6796 partmgr - ok

06:18:21.0177 6796 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

06:18:21.0179 6796 Parvdm - ok

06:18:21.0194 6796 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

06:18:21.0198 6796 PcaSvc - ok

06:18:21.0221 6796 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys

06:18:21.0224 6796 pci - ok

06:18:21.0242 6796 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys

06:18:21.0243 6796 pciide - ok

06:18:21.0267 6796 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

06:18:21.0270 6796 pcmcia - ok

06:18:21.0294 6796 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

06:18:21.0295 6796 pcw - ok

06:18:21.0321 6796 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

06:18:21.0338 6796 PEAUTH - ok

06:18:21.0380 6796 [ 28F7FFFF50C474CF8BE16A2CACC7CE42 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys

06:18:21.0381 6796 PGEffect - ok

06:18:21.0445 6796 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll

06:18:21.0494 6796 pla - ok

06:18:21.0553 6796 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

06:18:21.0560 6796 PlugPlay - ok

06:18:21.0587 6796 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

06:18:21.0590 6796 Pml Driver HPZ12 - ok

06:18:21.0606 6796 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

06:18:21.0609 6796 PNRPAutoReg - ok

06:18:21.0636 6796 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

06:18:21.0640 6796 PNRPsvc - ok

06:18:21.0676 6796 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

06:18:21.0681 6796 PolicyAgent - ok

06:18:21.0720 6796 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll

06:18:21.0724 6796 Power - ok

06:18:21.0754 6796 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

06:18:21.0756 6796 PptpMiniport - ok

06:18:21.0791 6796 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

06:18:21.0793 6796 Processor - ok

06:18:21.0847 6796 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll

06:18:21.0851 6796 ProfSvc - ok

06:18:21.0863 6796 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe

06:18:21.0865 6796 ProtectedStorage - ok

06:18:21.0883 6796 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

06:18:21.0885 6796 Psched - ok

06:18:21.0915 6796 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

06:18:21.0917 6796 PxHelp20 - ok

06:18:21.0992 6796 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

06:18:22.0042 6796 ql2300 - ok

06:18:22.0070 6796 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

06:18:22.0073 6796 ql40xx - ok

06:18:22.0102 6796 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

06:18:22.0108 6796 QWAVE - ok

06:18:22.0124 6796 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

06:18:22.0126 6796 QWAVEdrv - ok

06:18:22.0135 6796 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

06:18:22.0137 6796 RasAcd - ok

06:18:22.0213 6796 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

06:18:22.0215 6796 RasAgileVpn - ok

06:18:22.0240 6796 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

06:18:22.0243 6796 RasAuto - ok

06:18:22.0263 6796 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

06:18:22.0266 6796 Rasl2tp - ok

06:18:22.0303 6796 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll

06:18:22.0309 6796 RasMan - ok

06:18:22.0327 6796 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

06:18:22.0329 6796 RasPppoe - ok

06:18:22.0349 6796 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

06:18:22.0351 6796 RasSstp - ok

06:18:22.0371 6796 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

06:18:22.0375 6796 rdbss - ok

06:18:22.0390 6796 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

06:18:22.0391 6796 rdpbus - ok

06:18:22.0411 6796 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

06:18:22.0412 6796 RDPCDD - ok

06:18:22.0442 6796 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

06:18:22.0443 6796 RDPENCDD - ok

06:18:22.0456 6796 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

06:18:22.0457 6796 RDPREFMP - ok

06:18:22.0481 6796 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

06:18:22.0484 6796 RDPWD - ok

06:18:22.0514 6796 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

06:18:22.0518 6796 rdyboost - ok

06:18:22.0543 6796 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

06:18:22.0546 6796 RemoteAccess - ok

06:18:22.0584 6796 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

06:18:22.0588 6796 RemoteRegistry - ok

06:18:22.0629 6796 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe

06:18:22.0631 6796 rpcapd - ok

06:18:22.0670 6796 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

06:18:22.0673 6796 RpcEptMapper - ok

06:18:22.0709 6796 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

06:18:22.0711 6796 RpcLocator - ok

06:18:22.0738 6796 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll

06:18:22.0743 6796 RpcSs - ok

06:18:22.0776 6796 RSELSVC - ok

06:18:22.0826 6796 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

06:18:22.0828 6796 rspndr - ok

06:18:22.0844 6796 RSUSBSTOR - ok

06:18:22.0880 6796 [ 470253597930E765DD08B30E723C1FA2 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys

06:18:22.0884 6796 RTL8169 - ok

06:18:22.0932 6796 [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys

06:18:22.0938 6796 RTL8187B - ok

06:18:22.0977 6796 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys

06:18:22.0979 6796 RtlProt - ok

06:18:22.0998 6796 RtsUIR - ok

06:18:23.0019 6796 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe

06:18:23.0021 6796 SamSs - ok

06:18:23.0052 6796 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

06:18:23.0055 6796 sbp2port - ok

06:18:23.0090 6796 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

06:18:23.0095 6796 SCardSvr - ok

06:18:23.0121 6796 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

06:18:23.0123 6796 scfilter - ok

06:18:23.0182 6796 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll

06:18:23.0212 6796 Schedule - ok

06:18:23.0241 6796 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll

06:18:23.0242 6796 SCPolicySvc - ok

06:18:23.0273 6796 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll

06:18:23.0277 6796 SDRSVC - ok

06:18:23.0306 6796 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

06:18:23.0307 6796 secdrv - ok

06:18:23.0337 6796 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

06:18:23.0340 6796 seclogon - ok

06:18:23.0375 6796 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll

06:18:23.0378 6796 SENS - ok

06:18:23.0411 6796 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

06:18:23.0414 6796 SensrSvc - ok

06:18:23.0439 6796 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

06:18:23.0441 6796 Serenum - ok

06:18:23.0487 6796 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

06:18:23.0489 6796 Serial - ok

06:18:23.0511 6796 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

06:18:23.0513 6796 sermouse - ok

06:18:23.0559 6796 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll

06:18:23.0563 6796 SessionEnv - ok

06:18:23.0594 6796 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

06:18:23.0595 6796 sffdisk - ok

06:18:23.0623 6796 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

06:18:23.0624 6796 sffp_mmc - ok

06:18:23.0647 6796 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

06:18:23.0649 6796 sffp_sd - ok

06:18:23.0665 6796 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

06:18:23.0667 6796 sfloppy - ok

06:18:23.0754 6796 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

06:18:23.0760 6796 SharedAccess - ok

06:18:23.0778 6796 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

06:18:23.0786 6796 ShellHWDetection - ok

06:18:23.0811 6796 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys

06:18:23.0813 6796 sisagp - ok

06:18:23.0850 6796 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

06:18:23.0852 6796 SiSRaid2 - ok

06:18:23.0873 6796 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

06:18:23.0875 6796 SiSRaid4 - ok

06:18:23.0904 6796 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

06:18:23.0906 6796 Smb - ok

06:18:23.0936 6796 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

06:18:23.0939 6796 SNMPTRAP - ok

06:18:23.0951 6796 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

06:18:23.0952 6796 spldr - ok

06:18:23.0994 6796 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe

06:18:24.0003 6796 Spooler - ok

06:18:24.0107 6796 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe

06:18:24.0216 6796 sppsvc - ok

06:18:24.0240 6796 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll

06:18:24.0243 6796 sppuinotify - ok

06:18:24.0279 6796 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys

06:18:24.0285 6796 srv - ok

06:18:24.0299 6796 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

06:18:24.0305 6796 srv2 - ok

06:18:24.0339 6796 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

06:18:24.0342 6796 srvnet - ok

06:18:24.0363 6796 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

06:18:24.0367 6796 SSDPSRV - ok

06:18:24.0387 6796 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

06:18:24.0391 6796 SstpSvc - ok

06:18:24.0414 6796 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

06:18:24.0416 6796 stexstor - ok

06:18:24.0432 6796 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

06:18:24.0434 6796 StillCam - ok

06:18:24.0483 6796 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll

06:18:24.0500 6796 StiSvc - ok

06:18:24.0511 6796 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

06:18:24.0513 6796 swenum - ok

06:18:24.0535 6796 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

06:18:24.0542 6796 swprv - ok

06:18:24.0575 6796 [ 8FE2C9649FFE62143965F8D16B08BE28 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

06:18:24.0579 6796 SynTP - ok

06:18:24.0619 6796 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll

06:18:24.0667 6796 SysMain - ok

06:18:24.0690 6796 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll

06:18:24.0694 6796 TabletInputService - ok

06:18:24.0718 6796 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll

06:18:24.0724 6796 TapiSrv - ok

06:18:24.0744 6796 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

06:18:24.0747 6796 TBS - ok

06:18:24.0810 6796 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys

06:18:24.0851 6796 Tcpip - ok

06:18:24.0874 6796 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

06:18:24.0884 6796 TCPIP6 - ok

06:18:24.0931 6796 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

06:18:24.0933 6796 tcpipreg - ok

06:18:24.0971 6796 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys

06:18:24.0973 6796 tdcmdpst - ok

06:18:24.0986 6796 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

06:18:24.0988 6796 TDPIPE - ok

06:18:25.0018 6796 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

06:18:25.0019 6796 TDTCP - ok

06:18:25.0050 6796 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

06:18:25.0052 6796 tdx - ok

06:18:25.0065 6796 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

06:18:25.0067 6796 TermDD - ok

06:18:25.0105 6796 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll

06:18:25.0135 6796 TermService - ok

06:18:25.0158 6796 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

06:18:25.0160 6796 Themes - ok

06:18:25.0171 6796 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

06:18:25.0173 6796 THREADORDER - ok

06:18:25.0219 6796 [ FB8448D1B0DA00D70C28ADF9282B31BB ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

06:18:25.0220 6796 TMachInfo - ok

06:18:25.0269 6796 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\Windows\system32\TODDSrv.exe

06:18:25.0273 6796 TODDSrv - ok

06:18:25.0336 6796 [ 66C35016E01746715F8F606A9F081BF9 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

06:18:25.0353 6796 TosCoSrv - ok

06:18:25.0423 6796 [ 4D689051684EB542187395DC14F28A7F ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe

06:18:25.0427 6796 TOSHIBA eco Utility Service - ok

06:18:25.0464 6796 [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

06:18:25.0467 6796 TOSHIBA HDD SSD Alert Service - ok

06:18:25.0528 6796 [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys

06:18:25.0534 6796 tos_sps32 - ok

06:18:25.0604 6796 [ 507759E00572524834940DAE5CAFF007 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

06:18:25.0635 6796 TPCHSrv - ok

06:18:25.0678 6796 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

06:18:25.0682 6796 TrkWks - ok

06:18:25.0748 6796 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

06:18:25.0753 6796 TrustedInstaller - ok

06:18:25.0795 6796 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

06:18:25.0798 6796 tssecsrv - ok

06:18:25.0846 6796 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

06:18:25.0849 6796 tunnel - ok

06:18:25.0876 6796 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS

06:18:25.0878 6796 TVALZ - ok

06:18:25.0906 6796 [ 009AECD4C19209B09669A6615EA1E889 ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys

06:18:25.0908 6796 TVALZFL - ok

06:18:25.0928 6796 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

06:18:25.0931 6796 uagp35 - ok

06:18:25.0949 6796 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys

06:18:25.0954 6796 udfs - ok

06:18:25.0982 6796 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

06:18:25.0985 6796 UI0Detect - ok

06:18:26.0017 6796 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

06:18:26.0019 6796 uliagpkx - ok

06:18:26.0053 6796 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

06:18:26.0055 6796 umbus - ok

06:18:26.0071 6796 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

06:18:26.0073 6796 UmPass - ok

06:18:26.0101 6796 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

06:18:26.0107 6796 upnphost - ok

06:18:26.0182 6796 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

06:18:26.0185 6796 usbaudio - ok

06:18:26.0217 6796 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

06:18:26.0219 6796 usbccgp - ok

06:18:26.0225 6796 USBCCID - ok

06:18:26.0241 6796 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

06:18:26.0244 6796 usbcir - ok

06:18:26.0259 6796 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

06:18:26.0261 6796 usbehci - ok

06:18:26.0288 6796 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

06:18:26.0293 6796 usbhub - ok

06:18:26.0308 6796 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys

06:18:26.0309 6796 usbohci - ok

06:18:26.0338 6796 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

06:18:26.0339 6796 usbprint - ok

06:18:26.0364 6796 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

06:18:26.0365 6796 usbscan - ok

06:18:26.0393 6796 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

06:18:26.0395 6796 USBSTOR - ok

06:18:26.0417 6796 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

06:18:26.0419 6796 usbuhci - ok

06:18:26.0455 6796 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

06:18:26.0458 6796 usbvideo - ok

06:18:26.0486 6796 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

06:18:26.0489 6796 UxSms - ok

06:18:26.0511 6796 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe

06:18:26.0513 6796 VaultSvc - ok

06:18:26.0557 6796 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

06:18:26.0558 6796 vdrvroot - ok

06:18:26.0585 6796 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe

06:18:26.0602 6796 vds - ok

06:18:26.0625 6796 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

06:18:26.0627 6796 vga - ok

06:18:26.0640 6796 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

06:18:26.0642 6796 VgaSave - ok

06:18:26.0658 6796 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

06:18:26.0661 6796 vhdmp - ok

06:18:26.0696 6796 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys

06:18:26.0698 6796 viaagp - ok

06:18:26.0705 6796 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

06:18:26.0707 6796 ViaC7 - ok

06:18:26.0732 6796 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys

06:18:26.0733 6796 viaide - ok

06:18:26.0757 6796 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

06:18:26.0759 6796 volmgr - ok

06:18:26.0779 6796 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

06:18:26.0784 6796 volmgrx - ok

06:18:26.0808 6796 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

06:18:26.0812 6796 volsnap - ok

06:18:26.0841 6796 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

06:18:26.0844 6796 vsmraid - ok

06:18:26.0899 6796 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe

06:18:26.0933 6796 VSS - ok

06:18:27.0109 6796 [ FC449AC1571F39B961CF401FA6C55F47 ] vToolbarUpdater17.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe

06:18:27.0169 6796 vToolbarUpdater17.2.0 - ok

06:18:27.0202 6796 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

06:18:27.0203 6796 vwifibus - ok

06:18:27.0233 6796 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

06:18:27.0239 6796 W32Time - ok

06:18:27.0261 6796 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

06:18:27.0263 6796 WacomPen - ok

06:18:27.0293 6796 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

06:18:27.0296 6796 WANARP - ok

06:18:27.0305 6796 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

06:18:27.0306 6796 Wanarpv6 - ok

06:18:27.0380 6796 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

06:18:27.0418 6796 WatAdminSvc - ok

06:18:27.0482 6796 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe

06:18:27.0523 6796 wbengine - ok

06:18:27.0551 6796 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

06:18:27.0556 6796 WbioSrvc - ok

06:18:27.0587 6796 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll

06:18:27.0593 6796 wcncsvc - ok

06:18:27.0614 6796 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

06:18:27.0617 6796 WcsPlugInService - ok

06:18:27.0647 6796 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

06:18:27.0648 6796 Wd - ok

06:18:27.0679 6796 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

06:18:27.0686 6796 Wdf01000 - ok

06:18:27.0707 6796 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

06:18:27.0710 6796 WdiServiceHost - ok

06:18:27.0715 6796 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

06:18:27.0718 6796 WdiSystemHost - ok

06:18:27.0772 6796 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll

06:18:27.0780 6796 WebClient - ok

06:18:27.0799 6796 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

06:18:27.0803 6796 Wecsvc - ok

06:18:27.0826 6796 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

06:18:27.0829 6796 wercplsupport - ok

06:18:27.0857 6796 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

06:18:27.0861 6796 WerSvc - ok

06:18:27.0880 6796 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

06:18:27.0881 6796 WfpLwf - ok

06:18:27.0905 6796 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

06:18:27.0906 6796 WIMMount - ok

06:18:27.0916 6796 WinHttpAutoProxySvc - ok

06:18:27.0986 6796 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

06:18:27.0990 6796 Winmgmt - ok

06:18:28.0043 6796 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll

06:18:28.0100 6796 WinRM - ok

06:18:28.0154 6796 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

06:18:28.0156 6796 WinUsb - ok

06:18:28.0198 6796 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

06:18:28.0232 6796 Wlansvc - ok

06:18:28.0269 6796 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

06:18:28.0270 6796 WmiAcpi - ok

06:18:28.0298 6796 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

06:18:28.0301 6796 wmiApSrv - ok

06:18:28.0388 6796 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

06:18:28.0444 6796 WMPNetworkSvc - ok

06:18:28.0467 6796 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

06:18:28.0470 6796 WPCSvc - ok

06:18:28.0493 6796 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

06:18:28.0497 6796 WPDBusEnum - ok

06:18:28.0509 6796 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

06:18:28.0510 6796 ws2ifsl - ok

06:18:28.0576 6796 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll

06:18:28.0580 6796 wscsvc - ok

06:18:28.0613 6796 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

06:18:28.0614 6796 WSDPrintDevice - ok

06:18:28.0623 6796 WSearch - ok

06:18:28.0661 6796 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

06:18:28.0663 6796 WudfPf - ok

06:18:28.0700 6796 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

06:18:28.0703 6796 WUDFRd - ok

06:18:28.0745 6796 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

06:18:28.0749 6796 wudfsvc - ok

06:18:28.0770 6796 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

06:18:28.0775 6796 WwanSvc - ok

06:18:28.0789 6796 ================ Scan global ===============================

06:18:28.0819 6796 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll

06:18:28.0848 6796 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll

06:18:28.0858 6796 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll

06:18:28.0885 6796 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

06:18:28.0915 6796 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

06:18:28.0920 6796 [Global] - ok

06:18:28.0921 6796 ================ Scan MBR ==================================

06:18:28.0937 6796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

06:18:29.0217 6796 \Device\Harddisk0\DR0 - ok

06:18:29.0218 6796 ================ Scan VBR ==================================

06:18:29.0222 6796 [ 0F8319E4A755B5D5DAA7913DD5387752 ] \Device\Harddisk0\DR0\Partition1

06:18:29.0225 6796 \Device\Harddisk0\DR0\Partition1 - ok

06:18:29.0227 6796 ============================================================

06:18:29.0227 6796 Scan finished

06:18:29.0227 6796 ============================================================

06:18:29.0290 7948 Detected object count: 0

06:18:29.0290 7948 Actual detected object count: 0

#12 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 22 December 2013 - 08:21 AM

Just ran TDSSKiller as downloaded, did not update. Let me know what's next. R

#13 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 22 December 2013 - 09:43 AM

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

#14 RandalSon

Authentic Member

Authentic Member
44 posts

Posted 22 December 2013 - 10:20 AM

OK. I had a weather gadget and a network activity logger on my desktop that are gone. Here is the log:

ComboFix 13-12-21.01 - user 12/22/2013   7:57.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2940.1699 [GMT -8:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BrowserDefender
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BROWSE~1.DLL
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\blocklist.json
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\search_ie.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\windows\system32\SET26CD.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-22 to 2013-12-22 )))))))))))))))))))))))))))))))
.
.
2013-12-22 16:07 . 2013-12-22 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 14:50 . 2012-11-05 13:46 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-12-10 02:32 3333144 ----a-w- c:\program files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll" [2013-12-10 3333144]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2009-11-25 19:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-10 39408]
"Amazon Cloud Player"="c:\users\user\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-11-20 3116032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-14 30192]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2009-04-11 143360]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-25 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-17 2513472]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-10 570736]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-02 1283384]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2009-04-11 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-12-10 2471448]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-27 449168]
"HandyShareStartup"="c:\program files\ZOOM\HandyShare\HandyShare_startup.exe" [2012-03-26 1729024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2013-5-21 1934376]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2011-4-17 1462272]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 AVG Bonjour Service;AVG Bonjour Service;c:\windows\TEMP\avgcu_mDNSResponder.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-14 30192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-11-12 255968]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-10 37664]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\MyPC Backup\BackupStack.exe [2013-05-21 32808]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-02-19 57344]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-02 62776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 176128]
S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-10 656752]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-03-21 12920]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-10 1771544]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 22272]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ERASERUTILREBOOTDRV
*NewlyCreated* - WS2IFSL
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVix86
*Deregistered* - SymEFA
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-22 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-25 02:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.bmi.net/roundcubemail/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 184.63.0.68 184.63.0.69 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{96A25A24-2E87-4374-8A50-CC6F943FCE4D} - c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{96A25A24-2E87-4374-8A50-CC6F943FCE4D} - c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
AddRemove-bi_uninstaller - c:\users\user\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
AddRemove-DefaultTab - c:\users\user\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3452)
c:\program files\MyPC Backup\LogicNP.EZShellExtensions.dll
c:\program files\MyPC Backup\x86\System.Data.SQLite.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2013-12-22 08:17:21 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-22 16:17
.
Pre-Run: 208,042,762,240 bytes free
Post-Run: 209,054,003,200 bytes free
.
- - End Of File - - DA36CBCBF1E1D752F722758D4150991E
A36C5E4F47E84449FF07ED3517B43A31

#15 Conspire

SuperHelper

Retired Classroom Teacher
5,806 posts

Posted 22 December 2013 - 10:26 AM

I had a weather gadget and a network activity logger on my desktop that are gone.

Are you able to restore them?

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may

Body Background

skin color theme

48 "Bad Image" Warnings on Boot Up [Solved]

#1 RandalSon

Advertisements

Register to Remove

#2 Conspire

#3 Conspire

#4 RandalSon

#5 RandalSon

Attached Files

#6 Conspire

#7 RandalSon

#8 Conspire

#9 RandalSon

#10 RandalSon

Attached Files

Advertisements

Register to Remove

#11 RandalSon

#12 RandalSon

#13 Conspire

#14 RandalSon

#15 Conspire

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

48 "Bad Image" Warnings on Boot Up [Solved]

#1 RandalSon

Advertisements Register to Remove

#2 Conspire

#3 Conspire

#4 RandalSon

#5 RandalSon

Attached Files

#6 Conspire

#7 RandalSon

#8 Conspire

#9 RandalSon

#10 RandalSon

Attached Files

Advertisements Register to Remove

#11 RandalSon

#12 RandalSon

#13 Conspire

#14 RandalSon

#15 Conspire

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove