Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93097 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Very slow PC with at least one infection [Solved]

Started by kangaroo , Apr 25 2016 07:19 AM
AVGis slow infected

  • This topic is locked This topic is locked
22 replies to this topic

#1 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 212 posts

Posted 25 April 2016 - 07:19 AM

A friend has given me her Toshiba Satellite Notebook running Win7 32-bit with AVG Internet Security.

 

I ran aswMBR on C\:; after 3 hours it showed seven infections but when I tried to save the log, the dialog box to name and locate the log froze and eventually AVG deleted it and the aswMBR.exe file from the desktop.

 

I then checked how to disable AVG and went into its Advanced Settings to temporarialy disable AVG protection until a restart and it showed all services except the Firewall disabled. I then downloaded and ran (as Admin) aswMBR again, this time leaving it as a Quickscan. This still took over an hour and AVG still tried to block the program (I selected Allow). {I don't know how AVG is trying to block a file when it is disabled; obviously it is not fully disabled.} This time I only saw one infection. I saved the log and it appears below. 

 

I then ran FRST and the two logs appear below.

 

Here is the aswMBR log:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-04-25 21:31:18
-----------------------------
21:31:18.937    OS Version: Windows 6.1.7601 Service Pack 1
21:31:18.937    Number of processors: 8 586 0x1E05
21:31:18.937    ComputerName: JAN-PC  UserName: jan
21:31:21.511    Initialize success
21:31:21.917    VM: initialized successfully
21:31:21.979    VM: Intel CPU supported virtualizedSuspended 
21:31:23.972    VM: supported disk I/O iaStor.sys
21:38:06.451    AVAST engine defs: 16033102
21:38:14.298    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:38:14.298    Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
21:38:15.280    Disk 0 MBR read successfully
21:38:15.280    Disk 0 MBR scan
21:38:15.280    Disk 0 Windows VISTA default MBR code
21:38:15.390    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
21:38:15.436    Disk 0 default boot code
21:38:15.483    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       596212 MB offset 3074048
21:38:15.546    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        12767 MB offset 1224116224
21:38:15.655    Disk 0 scanning sectors +1250263040
21:38:16.747    Disk 0 scanning C:\windows\system32\drivers
21:39:38.850    Service scanning
21:40:37.350    Modules scanning
21:40:37.366    Disk 0 trace - called modules:
21:40:37.490    ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll iaStor.sys 
21:40:37.506    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88b3f030]
21:40:37.522    3 CLASSPNP.SYS[843b559e] -> nt!IofCallDriver -> \Device\THPDRV1[0x88b3d7b8]
21:40:37.537    5 thpdrv.sys[8c1e999f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86fbf028]
21:40:40.267    AVAST engine scan C:\windows
21:43:33.553    AVAST engine scan C:\windows\system32
21:45:19.806    File: C:\windows\system32\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
22:11:02.448    AVAST engine scan C:\windows\system32\drivers
22:14:50.240    AVAST engine scan C:\Users\jan
22:41:01.856    AVAST engine scan C:\ProgramData
22:54:04.386    Disk 0 statistics 3677370/0/0 @ 0.41 MB/s
22:54:04.402    Scan finished successfully
22:54:33.777    Disk 0 MBR has been saved successfully to "C:\Users\jan\Desktop\MBR.dat"
22:54:33.792    The log file has been saved successfully to "C:\Users\jan\Desktop\aswMBR-quickscan.txt"
 
 
 
Here is the FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by jan (administrator) on JAN-PC (25-04-2016 22:57:33)
Running from C:\Users\jan\Desktop
Loaded Profiles: jan (Available Profiles: jan)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2010-03-05] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-26] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742712 2010-03-26] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [686624 2010-03-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [TSleepSrv] => C:\Program Files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-03-18] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1328480 2010-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [TRCMan] => C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe [701752 2009-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2010-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [30040 2010-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4431848 2015-12-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKU\S-1-5-21-1116689551-3197699549-2733745341-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-10] (Google Inc.)
HKU\S-1-5-21-1116689551-3197699549-2733745341-1004\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1116689551-3197699549-2733745341-1004\...\MountPoints2: {d3b6c887-0a9d-11e6-9b8b-88ae1d4e4ded} - E:\SetupWi-Fi.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-03-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk [2011-08-28]
ShortcutTarget: PHOTOfunSTUDIO 6.0.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2011-05-10]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{4F152F5B-8AB2-4E74-B198-3B37DB97CDE1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9D580C77-0DA6-4606-A9CC-23C02E9163C7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BC2E454A-D09F-4D66-B32A-4C46C707CECA}: [DhcpNameServer] 192.168.0.1 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1116689551-3197699549-2733745341-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
HKU\S-1-5-21-1116689551-3197699549-2733745341-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1116689551-3197699549-2733745341-1004 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-30] (Sun Microsystems, Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-20] (<TOSHIBA>)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1116689551-3197699549-2733745341-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1116689551-3197699549-2733745341-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-08-30] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-08-30] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-15] [not signed]
FF HKU\S-1-5-21-1116689551-3197699549-2733745341-1004\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (GetFormsOnline) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdbpjflelnapbhcfafncmhkhihdibegl [2016-04-12]
CHR Extension: (MapsGalaxy) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfmglngfjjacekhjbfdemgdkklojnnh [2015-09-18]
CHR Extension: (Google Search) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1442344 2015-12-15] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4948456 2015-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [238328 2009-12-04] (WildTangent, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [57216 2011-07-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-04-07] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2010-02-24] (TOSHIBA Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [238592 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060864 2011-03-09] () [File not signed]
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2011-03-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 acpials; C:\windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R1 Avgfwfd; C:\windows\System32\DRIVERS\avgfwd6x.sys [66008 2015-06-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [122320 2015-05-21] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [32672 2015-11-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [172856 2014-11-03] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [278992 2015-05-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [159648 2016-03-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [191440 2015-05-26] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\windows\system32\drivers\BVRPMPR5.SYS [49904 2010-02-18] (Avanquest Software) [File not signed]
R3 enecirhid; C:\windows\System32\DRIVERS\enecirhid.sys [11776 2009-05-20] (ENE TECHNOLOGY INC.)
R3 enecirhidma; C:\windows\System32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.)
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
R3 mod7700; C:\windows\System32\Drivers\dvb7700all.sys [626688 2009-06-12] (DiBcom)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 Tosrfcom; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-25 22:57 - 2016-04-25 22:59 - 00021455 _____ C:\Users\jan\Desktop\FRST.txt
2016-04-25 22:55 - 2016-04-25 22:57 - 00000000 ____D C:\FRST
2016-04-25 22:54 - 2016-04-25 22:54 - 00002399 _____ C:\Users\jan\Desktop\aswMBR-quickscan.txt
2016-04-25 22:54 - 2016-04-25 22:54 - 00000512 _____ C:\Users\jan\Desktop\MBR.dat
2016-04-25 21:28 - 2016-04-25 21:28 - 05198336 _____ (AVAST Software) C:\Users\jan\Desktop\aswMBR.exe
2016-04-25 14:40 - 2016-04-25 14:40 - 01726464 _____ (Farbar) C:\Users\jan\Desktop\FRST.exe
2016-04-22 09:17 - 2016-04-22 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-19 16:26 - 2016-02-03 04:48 - 00376320 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-04-19 16:25 - 2016-04-01 04:41 - 00346320 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-19 16:25 - 2016-03-31 10:03 - 20352512 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-19 16:25 - 2016-03-31 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-04-19 16:25 - 2016-03-31 10:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-04-19 16:25 - 2016-03-31 09:53 - 00496640 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-19 16:25 - 2016-03-31 09:52 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-04-19 16:25 - 2016-03-31 09:52 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-04-19 16:25 - 2016-03-31 09:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-04-19 16:25 - 2016-03-31 09:52 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-04-19 16:25 - 2016-03-31 09:51 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-19 16:25 - 2016-03-31 09:48 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-04-19 16:25 - 2016-03-31 09:48 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-04-19 16:25 - 2016-03-31 09:46 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-04-19 16:25 - 2016-03-31 09:45 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-19 16:25 - 2016-03-31 09:45 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-04-19 16:25 - 2016-03-31 09:45 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-04-19 16:25 - 2016-03-31 09:45 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-04-19 16:25 - 2016-03-31 09:41 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-04-19 16:25 - 2016-03-31 09:38 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-04-19 16:25 - 2016-03-31 09:34 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-04-19 16:25 - 2016-03-31 09:33 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-04-19 16:25 - 2016-03-31 09:31 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-04-19 16:25 - 2016-03-31 09:31 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-19 16:25 - 2016-03-31 09:30 - 04611072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-19 16:25 - 2016-03-31 09:30 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-19 16:25 - 2016-03-31 09:29 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-04-19 16:25 - 2016-03-31 09:24 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-19 16:25 - 2016-03-31 09:23 - 02056192 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-19 16:25 - 2016-03-31 09:23 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-19 16:25 - 2016-03-31 09:23 - 00689664 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-19 16:25 - 2016-03-31 09:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-04-19 16:25 - 2016-03-31 09:21 - 13811712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-19 16:25 - 2016-03-31 09:05 - 02121216 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-19 16:25 - 2016-03-31 09:02 - 01311744 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-19 16:25 - 2016-03-31 09:00 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-19 16:25 - 2016-03-18 08:36 - 03998952 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2016-04-19 16:25 - 2016-03-18 08:36 - 03943144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-19 16:25 - 2016-03-18 08:36 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-19 16:25 - 2016-03-18 08:36 - 00067304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-04-19 16:25 - 2016-03-18 08:33 - 01310528 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-04-19 16:25 - 2016-03-18 08:30 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-04-19 16:25 - 2016-03-18 08:30 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-04-19 16:25 - 2016-03-18 08:30 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-04-19 16:25 - 2016-03-18 08:30 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-04-19 16:25 - 2016-03-18 08:30 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-04-19 16:25 - 2016-03-18 08:30 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-04-19 16:25 - 2016-03-18 08:29 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-04-19 16:25 - 2016-03-18 08:29 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-04-19 16:25 - 2016-03-18 08:29 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-04-19 16:25 - 2016-03-18 08:29 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-04-19 16:25 - 2016-03-18 08:29 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-04-19 16:25 - 2016-03-18 08:28 - 01414144 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-19 16:25 - 2016-03-18 08:27 - 00260608 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-04-19 16:25 - 2016-03-18 08:27 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-04-19 16:25 - 2016-03-18 08:27 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-04-19 16:25 - 2016-03-18 08:27 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-04-19 16:25 - 2016-03-18 08:26 - 01062400 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-19 16:25 - 2016-03-18 08:26 - 00872448 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-04-19 16:25 - 2016-03-18 08:26 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-04-19 16:25 - 2016-03-18 08:26 - 00294400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-19 16:25 - 2016-03-18 08:25 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-04-19 16:25 - 2016-03-18 08:25 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 08:24 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 07:42 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-04-19 16:25 - 2016-03-18 07:42 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-04-19 16:25 - 2016-03-18 07:42 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-04-19 16:25 - 2016-03-18 07:42 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-04-19 16:25 - 2016-03-18 07:41 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-04-19 16:25 - 2016-03-18 07:36 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-04-19 16:25 - 2016-03-18 07:35 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-04-19 16:25 - 2016-03-18 07:30 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-19 16:25 - 2016-03-18 07:30 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-19 16:25 - 2016-03-18 07:30 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-19 16:25 - 2016-03-18 07:29 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-04-19 16:25 - 2016-03-18 07:29 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-04-19 16:25 - 2016-03-18 07:29 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-04-19 16:25 - 2016-03-18 07:29 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-04-19 16:25 - 2016-03-18 07:29 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 07:29 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 07:29 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-19 16:25 - 2016-03-18 07:29 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-19 16:25 - 2016-03-17 04:28 - 00176128 _____ (Microsoft Corporation) C:\windows\system32\msorcl32.dll
2016-04-19 16:25 - 2016-03-17 04:28 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-19 16:24 - 2016-04-05 03:54 - 00034024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-19 16:24 - 2016-04-05 03:42 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-19 16:24 - 2016-04-02 23:07 - 01218048 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-19 16:24 - 2016-03-30 03:35 - 02397184 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-19 16:24 - 2016-03-24 00:02 - 00177664 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-19 16:24 - 2016-03-18 04:04 - 00560640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-19 16:24 - 2016-03-18 04:04 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-19 16:24 - 2016-03-18 04:04 - 00232960 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-19 16:24 - 2016-03-18 04:04 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-19 16:24 - 2016-03-16 09:53 - 00566272 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-19 16:24 - 2016-03-16 09:53 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-19 16:24 - 2016-03-12 04:35 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-04-19 16:24 - 2016-03-07 04:38 - 01240576 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-19 16:24 - 2016-03-07 04:38 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-25 22:19 - 2012-08-17 11:40 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-25 22:14 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-25 22:14 - 2009-07-14 14:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-25 22:08 - 2011-08-10 15:40 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 21:25 - 2009-07-14 12:37 - 00000000 ____D C:\windows\tracing
2016-04-25 21:24 - 2009-07-14 12:37 - 00000000 ____D C:\windows\inf
2016-04-25 20:27 - 2011-02-25 17:23 - 00000000 ____D C:\ProgramData\MFAData
2016-04-25 14:27 - 2011-08-10 15:40 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-25 14:27 - 2011-05-03 11:02 - 00065536 _____ C:\windows\system32\Ikeext.etl
2016-04-25 14:27 - 2010-07-11 06:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-25 14:27 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-25 14:04 - 2012-03-25 14:16 - 00155136 ___SH C:\Users\jan\Desktop\Thumbs.db
2016-04-22 09:17 - 2013-03-03 11:56 - 00000946 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2016-04-21 15:21 - 2009-07-14 12:37 - 00000000 ____D C:\windows\rescache
2016-04-20 09:11 - 2010-03-30 15:07 - 00945770 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-20 09:05 - 2009-07-14 14:33 - 00432552 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-20 08:59 - 2014-12-11 06:56 - 00000000 ____D C:\windows\system32\appraiser
2016-04-19 18:59 - 2013-08-14 16:45 - 00000000 ____D C:\windows\system32\MRT
2016-04-19 18:52 - 2011-03-07 14:55 - 132539272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-19 17:03 - 2011-05-31 12:36 - 00000000 ____D C:\Users\jan\AppData\Local\Google
2016-04-12 09:09 - 2012-09-06 08:27 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 09:09 - 2012-09-06 08:27 - 00002140 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-09 11:19 - 2012-06-03 15:38 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-04-09 11:19 - 2011-06-24 11:56 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-06-26 17:04 - 2014-06-26 17:04 - 6010880 _____ () C:\Program Files\GUTC16C.tmp
2015-05-18 10:31 - 2015-05-18 10:31 - 6420480 _____ () C:\Program Files\GUTFA66.tmp
2011-03-07 17:29 - 2011-11-22 08:55 - 0024617 _____ () C:\Users\jan\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-06-05 17:13 - 2012-06-05 17:13 - 0003584 _____ () C:\Users\jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-25 16:26 - 2011-03-15 10:40 - 0001118 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-21 15:14
 
==================== End of FRST.txt ============================
 
 
And finally here is the Additions log:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-04-2016
Ran by jan (2016-04-25 22:59:44)
Running from C:\Users\jan\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-02-25 01:48:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1116689551-3197699549-2733745341-500 - Administrator - Disabled)
Guest (S-1-5-21-1116689551-3197699549-2733745341-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1116689551-3197699549-2733745341-1006 - Limited - Enabled)
jan (S-1-5-21-1116689551-3197699549-2733745341-1004 - Administrator - Enabled) => C:\Users\jan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AVG update module (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG update module (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: AVG Internet Security 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG update module (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3556 - AVG Technologies)
AVG 2013 (Version: 13.0.3556 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4477 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (Version: 2.2.0.82 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.10(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.42 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
C5300 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Chuzzle Deluxe (Version: 2.2.0.82 - WildTangent) Hidden
Corel WinDVD (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
ENE CIR Receiver Driver (HKLM\...\D751CB2FD39EE07639D08542EEF9BF77AD1D9696) (Version: 2.7.4.1 - ENE)
Escape Rosecliff Island (Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (Version: 2.2.0.82 - WildTangent) Hidden
Final Drive Nitro (Version: 2.2.0.82 - WildTangent) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java™ 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Jewel Quest 3 (Version: 2.2.0.82 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 260.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 260.51 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 260.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 260.51 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA Graphics Driver 260.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.51 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Penguins! (Version: 2.2.0.82 - WildTangent) Hidden
PHOTOfunSTUDIO 6.0 (HKLM\...\{B62A8A6F-5E48-4336-BF13-1632D5921872}) (Version: 6.00.135 - Panasonic Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (Version: 2.2.0.82 - WildTangent) Hidden
PS_AIO_04_C5300_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.3 - VS Revo Group, Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super LoiLoScope WebShortcut (HKLM\...\{AC589470-884E-4E15-96D8-437780F8185D}) (Version: 1.0.0 - LoiLo)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.13 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.2.11.0 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.3 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}) (Version: 1.6.06.32 - TOSHIBA Corporation)
TOSHIBA Remote Control Manager (HKLM\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.1.0 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.1 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.4 - TOSHIBA Corporation)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Utility Common Driver (Version: 1.0.52.1C - TOSHIBA) Hidden
Virtual Villagers - The Secret City (Version: 2.2.0.82 - WildTangent) Hidden
WD SmartWare (HKLM\...\{BC3804E5-77CC-47A0-8BD5-797355A26BA3}) (Version: 1.4.5.5 - Western Digital)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (Version:  - WildTangent) Hidden
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zuma's Revenge (Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CF0692D-BBED-4C1A-939A-58D3E7C0A2DA} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-23] (TOSHIBA CORPORATION)
Task: {1F838B14-FA76-4244-98ED-365F514F4B56} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {298163B7-4BE7-4203-A8FD-A2BEAD38B501} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {3AF597C8-0938-46C3-8DB0-91D1569F3B35} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {3E68B90D-C2CA-4DE9-845F-F571AC5A766B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-19] (Piriform Ltd)
Task: {3F2DB537-59FA-4911-B98A-1F6FF488EF50} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {51326C74-F035-4EB5-B723-5271C4B6DB69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {739796EE-78E9-409A-B9CD-9FB4112EABDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B896B7D5-ED2B-4C69-9CCF-B512D01E1EF7} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
Task: {D4C4E45B-2DC6-4D9C-BBE4-C6233CBE9EF4} - System32\Tasks\{C0814B8E-E2EA-4B18-A490-99E7D58AEA71} => C:\Program Files\OLYMPUS\OLYMPUS Master 2\OLYMPUS Master.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-09 11:18 - 2011-03-09 11:18 - 01060864 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 11:29 - 2011-03-09 11:29 - 00886272 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2011-03-09 11:16 - 2011-03-09 11:16 - 00484352 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2010-03-04 07:14 - 2010-03-04 07:14 - 08783160 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-04 06:26 - 2009-11-04 06:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 07:14 - 2010-03-04 07:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 07:14 - 2010-03-04 07:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-03-30 14:50 - 2009-06-23 08:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-13 12:08 - 2009-03-13 12:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-26 04:07 - 2009-07-26 04:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-30 08:35 - 2009-07-30 08:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2010-03-24 12:25 - 2010-03-24 12:25 - 00427320 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-02-06 10:40 - 2010-02-06 10:40 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:04 - 2009-06-11 07:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1116689551-3197699549-2733745341-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\jan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{64CE6D0D-D2B0-4833-AE02-5B27B92E4AEC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FCDF98CE-6FC1-43AA-91C6-0BC133ED2F8A}] => (Allow) svchost.exe
FirewallRules: [{24253F93-9026-4457-B90E-73E3722FE6F7}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9D6EFFF9-2696-42A7-BEFF-F20FBCFCF911}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{64E8E71E-66E5-42EB-9899-75BB309178AA}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{006EDE62-C68C-4E92-8BF4-44791FD3E35A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0B2AFFEA-DFCB-485C-9BAD-7E4A56077314}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{AC9D3B1C-ECBC-4DA0-9479-EE107B8262F5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{787F89D7-4B89-400E-AEAB-FED688962D16}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{51DED244-5B4A-42C1-9F09-6CEFCC39C7D1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{20ED2F02-980B-48D5-A6A5-50939D5B7093}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{1346C3C6-B7AB-471F-8BC8-0E0F59133DD4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{7879205B-1BA8-4EA8-B4CE-7AB6B6050CB9}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D24562AC-2DA6-4769-87CD-F863D65CAA8F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{51EAA556-1138-4DC8-B3C2-95BDA960D620}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{441FEC59-43EB-43AD-AC6E-480860C94982}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{187E01B0-8004-439F-83B4-E23F92057D54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{110CB7FD-2394-4198-B833-A4E41267F8F9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{DE77E79F-AA96-4E00-B662-993E012DBF95}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{6DB2A98E-B589-474F-8CB9-5C5AA61FA04C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{7876C467-FDA0-46CB-ADEE-55EDAA9C1B70}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{5C111558-0FCB-44C6-908F-5C207D677CC5}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{B37B968A-5268-47D4-870A-636E9837BDCA}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B3E4E8E7-7D1E-449A-859C-75C0489CD51F}] => (Allow) LPort=2869
FirewallRules: [{7328C271-B12C-4B80-9C02-EA16B1E73738}] => (Allow) LPort=1900
FirewallRules: [{95B70F2E-4642-40CF-8268-06DDC4226C0E}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{E2CA9239-BA40-448D-942F-D411452EAF6C}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{1FDC10D8-404B-4712-8DB3-3F7D8DB6BEEE}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{D57F8341-F3E6-4B33-95DD-6D970C9BA82B}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{E607201B-D711-49E2-98FB-9A15A4549727}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{94B9C091-9930-4FBD-8AB0-96FD0563BE7B}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{C4EB1BE9-E59A-4FF5-A07F-B3FAC7901DAA}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{F774CC6A-85A8-4A3E-A339-3EF6C90D8F01}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C095F653-4607-4373-9891-A7EB05273A18}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{925B8840-18D5-418B-ACE1-DBD4437C652B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCF49250-360E-4288-A502-61FD184396A7}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{C316D7AA-6F71-4DF7-935D-BA00CCA0F0D2}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{4F5E8566-8747-4F43-94C6-33F8BD9C7137}C:\users\jan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Block) C:\users\jan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{A893E23E-43D5-4BBF-8403-38AF854D0D83}C:\users\jan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Block) C:\users\jan\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{1030823E-C01C-4440-83F7-A7CA5A0CD088}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C513F685-13DA-49FD-B1A1-58CF95277586}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{0E42FDA0-B1A1-4759-B225-F8284D93F187}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{78ED2949-88C7-4526-9B76-44DAD96AD504}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{6B20C319-4C12-4223-B496-E90C10B05E06}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{9A2C04AD-1917-4F7F-9F1D-53E3AB8E72DD}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
 
==================== Restore Points =========================
 
10-03-2016 16:25:44 Windows Update
15-03-2016 08:23:51 Windows Backup
15-03-2016 15:55:21 Windows Update
22-03-2016 13:46:59 Windows Backup
25-03-2016 15:58:36 Windows Update
31-03-2016 08:03:31 Windows Backup
08-04-2016 06:55:03 Windows Backup
12-04-2016 12:54:14 Windows Update
14-04-2016 14:11:13 Windows Backup
18-04-2016 18:13:39 Windows Backup
19-04-2016 18:49:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2016 08:21:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3991926
 
Error: (04/25/2016 08:21:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3991926
 
Error: (04/25/2016 08:21:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/25/2016 08:21:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3990880
 
Error: (04/25/2016 08:21:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3990880
 
Error: (04/25/2016 08:21:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/25/2016 08:21:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3989866
 
Error: (04/25/2016 08:21:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3989866
 
Error: (04/25/2016 08:21:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/25/2016 08:21:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3988837
 
 
System errors:
=============
Error: (04/25/2016 03:30:21 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (04/25/2016 02:24:51 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (04/25/2016 02:24:19 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (04/25/2016 02:07:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
%%1450
 
Error: (04/25/2016 02:06:36 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (04/25/2016 02:06:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
 
Error: (04/25/2016 02:05:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (04/25/2016 02:05:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/25/2016 02:05:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (04/24/2016 04:45:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 51%
Total physical RAM: 3002.67 MB
Available physical RAM: 1459.32 MB
Total Virtual: 6003.67 MB
Available Virtual: 4045.8 MB
 
==================== Drives ================================
 
Drive c: (S3A9122D008) (Fixed) (Total:582.24 GB) (Free:504.91 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (2.0.1.44883-RC1-Vodafone-Mobile-) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4B8C793F)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=582.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=17)
 
==================== End of Addition.txt ============================
 
 
 
Do I still need to run the aswMBR scan on the C\: to discover the other six infections I saw the first time?
 
I look forward to your advice on how to proceed.

 


    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 25 April 2016 - 12:30 PM

Welcome back again.

 

Let me ask you, this is the 4th computer you have posted about helping a friend.  Do you do this for profit ?  



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 212 posts

Posted 25 April 2016 - 03:55 PM

Hi again Ken545,

 

No. The last three were for a neighbour who has just moved out to our rural area; her first one she used for a business she runs from home and needed IE rolled back to v9 to work with the package she had been given for that. When I did that I realised she had other problems which you were able to help me fix. She was so pleased with that, she asked if I could do the same for her personal notebook and then her old notebook she intended to leave at her house down the coast - because she had forgotten to take the power pack with her last time and if it was all left there she's not have that problem again. Thankfully, she left her mobile broadband router with me to do all the downloading, especially Windows 10, on her data allowance.

 

This one is for a friend in town who had stopped using it because it was so slow and has been relying on her tablet and phone for email and browsing. I just happened to bump into her in town the other day and she mentioned she had given up on it and wondered if she needed to buy a new one. I offered to look at it first and so here I am again.

 

I guess I'm a bit of a sucker for playing with PCs.


#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 25 April 2016 - 04:52 PM

That's fine. Working with you has been a real pleasure , you follow instructions to the letter and get the job done 

 

Lets do some general cleanup and go from there

 

All our tools and scanners work more efficiently when run from the DESKTOP in lieu of being buried in some folder, so download and run these tools right from the DESKTOP
 
 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner TO YOUR DESKTOP
 
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
 
AdwCleaner4.201_zpsxrbk2llq.jpg
 
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
 
 
Capture_zpsge1t2tk9.jpg Please download Junkware Removal Tool TO YOUR DESKTOP
  •  
  • Download the one from Bleeping Computer
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  TO YOUR DESKTOP
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
 
MB%202.2.1.1043_zps9tg44ubl.jpg
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 212 posts

Posted 26 April 2016 - 02:08 AM

Hi Ken545,

 

Thanks for taking this one up.

 

While I was waiting, and having worked out that AVG IS 2013 was blocking aswMBR, I managed to do a scan of the c:\ drive and it found the seven infections I had noted the first time around before AVG deleted it all. I don't know if that is still useful, but for the record, here is that log:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-04-26 08:21:33
-----------------------------
08:21:33.899    OS Version: Windows 6.1.7601 Service Pack 1
08:21:33.899    Number of processors: 8 586 0x1E05
08:21:33.899    ComputerName: JAN-PC  UserName: jan
08:22:38.889    Initialize success
08:22:38.951    VM: initialized successfully
08:22:38.951    VM: Intel CPU supported 
08:22:42.317    VM: supported disk I/O iaStor.sys
08:28:11.260    AVAST engine defs: 16042502
08:28:22.632    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:28:22.648    Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
08:28:22.773    VM: Disk 0 MBR read successfully
08:28:22.773    Disk 0 MBR scan
08:28:22.788    Disk 0 Windows VISTA default MBR code
08:28:22.819    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
08:28:22.819    Disk 0 default boot code
08:28:22.851    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       596212 MB offset 3074048
08:28:22.897    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        12767 MB offset 1224116224
08:28:22.944    Disk 0 scanning sectors +1250263040
08:28:23.163    Disk 0 scanning C:\windows\system32\drivers
08:28:36.298    Service scanning
08:29:37.497    Modules scanning
08:29:37.512    Disk 0 trace - called modules:
08:29:37.544    ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll iaStor.sys 
08:29:37.544    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88b45030]
08:29:37.559    3 CLASSPNP.SYS[843b059e] -> nt!IofCallDriver -> \Device\THPDRV1[0x88b43320]
08:29:37.575    5 thpdrv.sys[8c00399f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86fbe028]
08:29:40.679    AVAST engine scan C:\
09:51:36.551    File: C:\Windows\System32\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
10:18:37.058    File: C:\Windows\winsxs\Backup\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23392_none_cbbf8a861d004345_csrsrv.dll_f50da7f9  **INFECTED** Win32:Aluroot-B [Rtk]
11:09:18.825    File: C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.csrsrv.dll.01d19a8f2aa79e3f.0019  **INFECTED** Win32:Aluroot-B [Rtk]
11:16:42.779    File: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.19160_none_cb545b0503cc1fd3\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
11:16:44.277    File: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23349_none_cbfc9c281cd168f1\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
11:16:44.370    File: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23391_none_cbbe8a3c1d0129ee\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
11:16:44.433    File: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23392_none_cbbf8a861d004345\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
15:57:08.719    Disk 0 statistics 28242468/0/278 @ 0.54 MB/s
15:57:08.734    Scan finished successfully
16:07:50.660    Disk 0 MBR has been saved successfully to "C:\Users\jan\Desktop\MBR.dat"
16:07:50.675    The log file has been saved successfully to "C:\Users\jan\Desktop\aswMBR-scanCdrv.txt"
 
 
 
And now to your instructions. Here is the [C1} log from AdwCleaner:
 
# AdwCleaner v5.113 - Logfile created 26/04/2016 at 16:16:05
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X86)
# Username : jan - JAN-PC
# Running from : C:\Users\jan\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\jan\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdbpjflelnapbhcfafncmhkhihdibegl
[-] Folder Deleted : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfmglngfjjacekhjbfdemgdkklojnnh
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdbpjflelnapbhcfafncmhkhihdibegl_0.localstorage
[-] File Deleted : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdbpjflelnapbhcfafncmhkhihdibegl_0.localstorage-journal
[-] File Deleted : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdfmglngfjjacekhjbfdemgdkklojnnh_0.localstorage
[-] File Deleted : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdfmglngfjjacekhjbfdemgdkklojnnh_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Key Deleted : HKU\.DEFAULT\Software\IGearSettings
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1116689551-3197699549-2733745341-1004\Software\AVG Secure Search
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [3199 bytes] - [26/04/2016 16:16:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [3167 bytes] - [26/04/2016 16:14:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3345 bytes] ##########
 
 
I don't know if there is much difference, but there wqas also an [S1] log; here that is:
 
# AdwCleaner v5.113 - Logfile created 26/04/2016 at 16:14:36
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X86)
# Username : jan - JAN-PC
# Running from : C:\Users\jan\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\jan\AppData\LocalLow\HPAppData
Folder Found : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdbpjflelnapbhcfafncmhkhihdibegl
Folder Found : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfmglngfjjacekhjbfdemgdkklojnnh
 
***** [ Files ] *****
 
File Found : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdbpjflelnapbhcfafncmhkhihdibegl_0.localstorage
File Found : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdbpjflelnapbhcfafncmhkhihdibegl_0.localstorage-journal
File Found : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdfmglngfjjacekhjbfdemgdkklojnnh_0.localstorage
File Found : C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdfmglngfjjacekhjbfdemgdkklojnnh_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Found : HKU\.DEFAULT\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1116689551-3197699549-2733745341-1004\Software\AVG Secure Search
Key Found : HKU\S-1-5-18\Software\IGearSettings
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [3015 bytes] - [26/04/2016 16:14:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3088 bytes] ##########
 
 
Now to JRT; here is that log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 7 Home Premium x86 
Ran by jan (Administrator) on Tue 26/04/2016 at 16:29:59.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 49 
 
Successfully deleted: C:\Users\jan\AppData\Local\{05109DDA-4F0E-4D4F-93D6-A89F7CE75F67} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{075D7E48-66B5-4E6B-9AC9-E3BFD817CD2C} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{0A4B1944-9EBC-4715-8AAF-83228FEBBD2D} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{1585B724-0CDB-46B0-8930-663886D18CA2} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{17DB7CB3-224A-44D5-8743-8AEF4E275E11} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{22106D33-53FD-42A9-8C1D-21A30446EA5C} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{22DB4768-312E-480C-B4D2-52A00BB22CA1} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{25150B0F-CD2E-46D8-993C-2D8F12F5B286} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{30C30BCD-51AF-4BBC-B2EE-A3867756ED7A} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{35F2D155-BE66-4B2E-95F5-8B30FCC37283} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{3817E322-5EFA-4421-9E84-B780AE768434} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{3BECF889-8F14-4DD3-B892-099C9DDB6E24} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{3FBB7337-2C02-46A0-B9C3-878F9123E231} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{4AC51588-4166-4B57-9C05-2BB81779AC32} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{4BCAA2F2-E867-483D-B9A5-2E53F18DD525} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{50349E0C-D168-4E68-B65B-2D8C257ECCF8} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{57ACA492-1ECC-413D-BEA7-2D00C282C85C} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{58312C6A-4802-435F-9FEF-F43A02CD57F4} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{604E15FD-90DF-4F76-8987-1A74C83A57B9} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{649D3C07-9EE5-4F73-A16F-525A0BAC47C4} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{73DCEA29-7CA4-41E3-9CDD-604BA4894E56} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{7DADD9D1-3035-49E3-9374-1D0703FD74F4} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{84F0F202-7AC6-4A72-85C6-1280A4E6264C} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{96A90D44-B86D-4D65-8168-8999861FCC48} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{A0F488CE-1AD3-4997-95CC-0EF38FC8240E} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{A92C887E-89F4-4C33-8F4E-04EF6DA09849} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{B5175EA5-0A70-4A00-827A-0BA06F1B46CC} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{B6828AA1-FCD1-445C-A4CD-1AAAAE9F4A8D} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{B97247B9-E524-4FDE-BEC9-C3E04496B517} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{F3C5D02B-966A-4879-90B9-249C4287CF5F} (Empty Folder)
Successfully deleted: C:\Users\jan\AppData\Local\{F4AE7077-2049-45FB-A2B7-F66A61805F7E} (Empty Folder)
Successfully deleted: C:\Program Files\GUTC16C.tmp (File) 
Successfully deleted: C:\Program Files\GUTFA66.tmp (File) 
Successfully deleted: C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25MJ94TB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7STRU0HQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8U7586O8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98MH00VE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNWSXKEM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8HESI5M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCVVGUCG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIT3QMJA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25MJ94TB (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7STRU0HQ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8U7586O8 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98MH00VE (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNWSXKEM (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8HESI5M (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCVVGUCG (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIT3QMJA (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 26/04/2016 at 16:33:38.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
And finally, the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/04/2016
Scan Time: 5:02 PM
Logfile: malwarebytes=log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.26.01
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: jan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323564
Time Elapsed: 19 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
I ran each of the tools from the desktop by right-clicking and selecting Run as Administrator.
 
With Malwarebytes, I couldn't see an option to select Threat Scan when I first ran it, and then when it completed the scan I didn't see the save log option (it was very light blue and my poor eyesight missed it); I then clicked on Scan on the navigation bar and there were three boxes the first saying Threat Scan (recommended). So I ran the scan again with the same settings you requested and this time I found the save log option and that is the one posted above. I was surprised that it found no threats; the first time I think I have seen that in a MwB scan. I hope my missing the first scan result has not ruined this test.
 
I await your analysis and advice for what's next. 

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 April 2016 - 02:37 AM

What aswMBR found was a rootkit type of infection, its no wonder this computer was running so slow

 

Lets do a few things

 

 

Please download Malwarebytes Anti-Rootkit from Here
  •  
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
 
 
 
 
 

  •  
  • Please be patient, depending on your system the scan can complete in 30 minutes and on others much longer.
  • You want the Online One-Time Scan
  • Note: It will run using Internet Explorer, Firefox or Chome.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 212 posts

Posted 26 April 2016 - 06:21 AM

Hi Ken545,

 

I just did the one scan with MBAR as it found no threats.

 

Here are the logs. First the mbar-log-2016-04-26 (19-48-17).txt:

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.04.26.02
  rootkit: v2016.04.17.01
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18282
jan :: JAN-PC [administrator]
 
26/04/2016 7:48:17 PM
mbar-log-2016-04-26 (19-48-17).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 326165
Time elapsed: 35 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
and here the second log, system-log.txt:
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18282
 
Java version: 1.6.0_17
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.729000 GHz
Memory total: 3148529664, free: 1597390848
 
Downloaded database version: v2016.04.26.02
Downloaded database version: v2016.04.17.01
Downloaded database version: v2016.04.19.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
     04/26/2016 19:48:08
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\avgfwd6x.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\enecirhid.sys
\SystemRoot\system32\DRIVERS\enecirhidma.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dvb7700all.sys
\SystemRoot\System32\Drivers\BdaSup.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\windows\system32\drivers\regi.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.04.26.02
  rootkit: v2016.04.17.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff88b3f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88b3fd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88b3f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88b3d328, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xffffffff86fbe028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4B8C793F
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 1221042176
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1224116224  Numsec = 26146816
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 640135028736 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcfg.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgchjw.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgchjw.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgchjw.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgchjw.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgchjw.log.5" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgmf.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgmf.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgmf.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgmsgdisp.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgmsgdisp.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgmsgdisp.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsrmac.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsrmac.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgss.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgss.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgtdi.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgtdi.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdiagex.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdiagex.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdiagex.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdiagex.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdiagex.log.5" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdiagex.log.6" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdiagex.log.7" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdiagex.log.8" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgfw.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgfw.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgfw.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgfw.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgfws_idp_SYSTEM.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgfws_idp_SYSTEM.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwdsvc.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwdsvc_idp_SYSTEM.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwdsvc_idp_SYSTEM.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgrs.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgrs.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgrs.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgrs.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgrs.log.5" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgrs.log.6" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgscan.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgscan.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgscan.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsched.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsched.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsched.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsched.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsched.log.5" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsched.log.6" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsecapi.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgsecapi.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.5" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.6" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcsl.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcsl.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcsl.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgdecider.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.10" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.11" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.12" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.13" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.14" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.15" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.16" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.17" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.18" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.19" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.20" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.21" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.22" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.23" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.24" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.25" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.26" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.27" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.28" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.29" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.30" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.5" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.6" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.7" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.8" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgupd.log.9" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\commonpriv.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\commonpriv.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\fixcfg.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\vault.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\vault.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgns.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgns.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgns.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgns.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgns.log.5" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgns.log.6" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpagent.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpagentremoved.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpdrv.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpdrv.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpdrv.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpeh.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpeh.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgidpeh.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgldr.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgldr.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwd.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwd.log.2" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwd.log.3" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwd.log.4" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgwd.log.5" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1224116224-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
I then ran the ESET Online Scanner with the settings you gave; here is the log from that scan:
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d7cf7af508b9ab4685c3b6aa53514194
# end=init
# utc_time=2016-04-26 10:45:10
# local_time=2016-04-26 08:45:10 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29244
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d7cf7af508b9ab4685c3b6aa53514194
# end=updated
# utc_time=2016-04-26 10:48:08
# local_time=2016-04-26 08:48:08 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d7cf7af508b9ab4685c3b6aa53514194
# engine=29244
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-04-26 12:02:59
# local_time=2016-04-26 10:02:59 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2013'
# compatibility_mode=1041 16777213 100 92 0 148845763 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 87742319 213306970 0 0
# scanned=218089
# found=0
# cleaned=0
# scan_time=4490
 
 
Curious that no threats are being found. I note that when I click on the Chrome icon on the Taskbar, it pops up a "processing request" box (about 6 inches long by 1/4 inch high) and takes more than 30 seconds to open; it then takes about 30 seconds to open this page from the History.
 
I await your guidance on how to proceed.

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 April 2016 - 10:53 AM

Lets set Chome back to default

 

  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Down on the bottom you will see an option for RESET BROWSER SETTINGS
  • Click on it and it will set Chome back to defaults
    •  
     
     
     
     
    Then run a new scan with aswMBR and lets see how that looks now 


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 kangaroo

    kangaroo

      Authentic Member

    • Authentic Member
    • PipPip
    • 212 posts

    Posted 27 April 2016 - 06:55 AM

    Hi Ken545,

     

    Just an update on your last instructions.

     

    I reset Chrome and set the aswMBR scan running this morning before I left to go into town. I'm not sure if that scan requires an active Internet connection or not but when I arrived home this afternoon I found that my Internet connection had dropped out and the scanning had had no activity since just after I had left.

     

    I stopped that scan and started a new scan which is still running. So far (just shy of five hours) there is one threat {Win32:Aluroot-B [Rkt]} found.

     

    I'll post the log when it is finished.


    Edited by kangaroo, 27 April 2016 - 06:56 AM.

    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 27 April 2016 - 07:49 AM

    You need an internet connection to run aswMBR as it needs to update  the definitions , it may be struggling to do that. Just shut it down and since you say its still showing that bad entry lets do this

     

     

     
    Download ComboFix from one of these locations:
     
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
     
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link  for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.
     
     
    • Double click on ComboFix.exe & follow the prompts.
     
    For Windows XP Users
     
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
     
     
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    •  
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     

    RC1.png

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    RC2-1.png

     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove

    #11 kangaroo

    kangaroo

      Authentic Member

    • Authentic Member
    • PipPip
    • 212 posts

    Posted 27 April 2016 - 06:10 PM

    Hi Ken545,

     

    Another day; when I got up this morning, I was expecting to see aswMBR completed the scanning. Instead, the PC had rebooted (the AVG settings indicated this) and of course no log from aswMBR saved. My Internet had been up continuously.

     

    I realised that Internet was required to initialise aswMBR for the definitions and that had worked; what I wasn't sure about is does aswMBR need the Internet connection while it is scanning?

     

    Anyway, without checking the forum for a reply, I again disabled AVG til restart; set power setting to turn off display to 'never' (I had noticed that when the display was turned off, the scan appeared to have been paused); and then restarted the aswMBR scan of c:\. This time it completed in about 2hrs 40mins and found 10 threats, including the one I reported yesterday (two infections and 8 suspicious).

     

    I'll post the log at the end of this message.

     

    Should I go ahead and run the ComboFix utility now or do you want to do something else after seeing the aswMBR log?

     

    Here is the aswMBR log:

     

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2016-04-28 07:10:05
    -----------------------------
    07:10:05.705    OS Version: Windows 6.1.7601 Service Pack 1
    07:10:05.705    Number of processors: 8 586 0x1E05
    07:10:05.708    ComputerName: JAN-PC  UserName: jan
    07:12:15.443    Initialize success
    07:12:15.545    VM: initialized successfully
    07:12:15.546    VM: Intel CPU supported 
    07:12:24.960    VM: supported disk I/O iaStor.sys
    07:14:36.237    AVAST engine defs: 16042700
    07:14:47.334    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    07:14:47.342    Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
    07:14:47.611    VM: Disk 0 MBR read successfully
    07:14:47.619    Disk 0 MBR scan
    07:14:47.632    Disk 0 Windows VISTA default MBR code
    07:14:47.661    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
    07:14:47.673    Disk 0 default boot code
    07:14:47.720    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       596212 MB offset 3074048
    07:14:47.762    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        12767 MB offset 1224116224
    07:14:47.808    Disk 0 scanning sectors +1250263040
    07:14:48.175    Disk 0 scanning C:\windows\system32\drivers
    07:15:03.188    Service scanning
    07:16:05.538    Modules scanning
    07:16:05.557    Disk 0 trace - called modules:
    07:16:05.590    ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll 
    07:16:05.598    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88b3f030]
    07:16:05.607    3 CLASSPNP.SYS[843b659e] -> nt!IofCallDriver -> \Device\THPDRV1[0x88b3d410]
    07:16:08.819    AVAST engine scan C:\
    08:24:18.372    File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3080149~31bf3856ad364e35~x86~~6.1.1.1.cat  **SUSPICIOUS**
    08:24:21.601    File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3088195~31bf3856ad364e35~x86~~6.1.1.3.cat  **SUSPICIOUS**
    08:26:42.363    File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB3078667_SP1~31bf3856ad364e35~x86~~6.1.1.0.cat  **SUSPICIOUS**
    08:26:54.251    File: C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB3122648_SP1~31bf3856ad364e35~x86~~6.1.1.0.cat  **SUSPICIOUS**
    08:29:00.674    File: C:\Windows\System32\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
    08:50:48.472    File: C:\Windows\winsxs\Backup\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23392_none_cbbf8a861d004345_csrsrv.dll_f50da7f9  **INFECTED** Win32:Aluroot-B [Rtk]
    09:07:50.424    File: C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_11.2.9600.17959_none_4d97923eb991e9b9.manifest  **SUSPICIOUS**
    09:23:55.875    File: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23391_none_cbbe8a3c1d0129ee\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
    09:23:56.094    File: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23392_none_cbbf8a861d004345\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
    09:32:18.640    File: C:\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.18163_none_168c4289a724e887\ieproxy.dll  **SUSPICIOUS**
    09:54:37.547    Disk 0 statistics 15920663/0/278 @ 0.91 MB/s
    09:54:37.563    Scan finished successfully
    09:57:59.224    Disk 0 MBR has been saved successfully to "C:\Users\jan\Desktop\MBR.dat"
    09:57:59.240    The log file has been saved successfully to "C:\Users\jan\Desktop\aswMBR.txt"
     
     
    I await your instructions.

    Edited by kangaroo, 27 April 2016 - 06:12 PM.

    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 27 April 2016 - 06:17 PM

    See my previous post about running Combofix



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 kangaroo

    kangaroo

      Authentic Member

    • Authentic Member
    • PipPip
    • 212 posts

    Posted 27 April 2016 - 08:08 PM

    Hi Ken545,

     

    Have run ComboFix and the log is posted below.

     

    I noticed well into it, that the PC had restarted (AVG was no longer disabled). So I disabled AVG again (ComboFix was still running) until a restart. I hope that didn't cause any problems with the scan. One question: when I disable AVG should I also disable its firewall? That seems to be a separate action.

     

    Here is the ComboFix log:

     

     ComboFix 16-04-22.01 - jan 28/04/2016  11:37:47.1.8 - x86

    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.3003.1348 [GMT 10:00]
    Running from: c:\users\jan\Desktop\ComboFix.exe
    AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: AVG update module *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
    SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\pt
    c:\windows\system32\pt\ThpProp.exe.mui
    c:\windows\system32\pt\ThpSrv.exe.mui
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected 
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe 
    .
    .
    (((((((((((((((((((((((((   Files Created from 2016-03-28 to 2016-04-28  )))))))))))))))))))))))))))))))
    .
    .
    2016-04-28 01:45 . 2016-04-28 01:48 -------- d-----w- c:\users\jan\AppData\Local\temp
    2016-04-28 01:45 . 2016-04-28 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-04-26 20:21 . 2016-02-05 18:44 97792 ----a-w- c:\windows\system32\fveapibase.dll
    2016-04-26 20:21 . 2016-02-05 17:33 15360 ----a-w- c:\windows\system32\tbs.dll
    2016-04-26 20:21 . 2015-06-03 20:22 355456 ----a-w- c:\windows\system32\fveapi.dll
    2016-04-26 20:21 . 2015-06-03 20:22 257864 ----a-w- c:\windows\system32\wbem\Win32_Tpm.dll
    2016-04-26 10:44 . 2016-04-26 10:44 -------- d-----w- c:\program files\ESET
    2016-04-26 09:48 . 2016-04-26 10:37 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2016-04-26 06:36 . 2016-04-28 01:47 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-04-26 06:35 . 2016-04-26 09:46 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-04-26 06:35 . 2016-04-26 06:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2016-04-26 06:35 . 2016-04-26 06:35 -------- d-----w- c:\programdata\Malwarebytes
    2016-04-26 06:35 . 2016-03-10 04:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-04-26 06:35 . 2016-03-10 04:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-04-26 06:13 . 2016-04-26 06:16 -------- d-----w- C:\AdwCleaner
    2016-04-25 12:55 . 2016-04-25 13:00 -------- d-----w- C:\FRST
    2016-04-19 06:26 . 2016-02-02 18:48 376320 ----a-w- c:\windows\system32\rpcss.dll
    2016-04-19 06:24 . 2016-03-15 23:53 60416 ----a-w- c:\windows\system32\samlib.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-04-09 01:19 . 2012-06-03 05:38 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2016-04-09 01:19 . 2011-06-24 01:56 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2016-03-02 15:32 . 2016-03-02 15:32 159648 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2016-02-12 18:39 . 2016-03-10 05:54 2956288 ----a-w- c:\windows\system32\wucltux.dll
    2016-02-12 18:39 . 2016-03-10 05:54 174080 ----a-w- c:\windows\system32\wuwebv.dll
    2016-02-12 18:26 . 2016-03-10 05:54 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
    2016-02-12 18:07 . 2016-03-10 05:54 2062848 ----a-w- c:\windows\system32\wuaueng.dll
    2016-02-12 18:06 . 2016-03-10 05:54 573440 ----a-w- c:\windows\system32\wuapi.dll
    2016-02-12 18:05 . 2016-03-10 05:54 93696 ----a-w- c:\windows\system32\wudriver.dll
    2016-02-12 18:05 . 2016-03-10 05:54 30208 ----a-w- c:\windows\system32\wups.dll
    2016-02-12 18:05 . 2016-03-10 05:54 136192 ----a-w- c:\windows\system32\wuauclt.exe
    2016-02-12 18:05 . 2016-03-10 05:54 35840 ----a-w- c:\windows\system32\wups2.dll
    2016-02-12 18:05 . 2016-03-10 05:54 35328 ----a-w- c:\windows\system32\wuapp.exe
    2016-02-12 18:05 . 2016-03-10 05:54 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
    2016-02-09 09:51 . 2016-03-10 05:53 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2016-02-09 09:50 . 2016-03-10 05:54 21504 ----a-w- c:\windows\system32\seclogon.dll
    2016-02-09 09:13 . 2016-03-10 05:53 4096 ----a-w- c:\windows\system32\msdxm.ocx
    2016-02-09 09:13 . 2016-03-10 05:53 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2016-02-09 09:13 . 2016-03-10 05:53 8192 ----a-w- c:\windows\system32\spwmp.dll
    2016-02-05 18:44 . 2016-03-10 05:53 26112 ----a-w- c:\windows\system32\lpk.dll
    2016-02-05 18:44 . 2016-03-10 05:53 70656 ----a-w- c:\windows\system32\fontsub.dll
    2016-02-05 18:42 . 2016-03-10 05:53 10240 ----a-w- c:\windows\system32\dciman32.dll
    2016-02-05 18:42 . 2016-04-26 20:21 8192 ----a-w- c:\windows\system32\drivers\en-US\tpm.sys.mui
    2016-02-05 17:43 . 2016-03-10 05:53 299520 ----a-w- c:\windows\system32\atmfd.dll
    2016-02-05 17:43 . 2016-03-10 05:53 34304 ----a-w- c:\windows\system32\atmlib.dll
    2016-02-04 18:41 . 2016-03-10 05:54 296448 ----a-w- c:\windows\system32\mfds.dll
    2016-02-03 18:49 . 2016-03-10 05:54 90624 ----a-w- c:\windows\system32\olepro32.dll
    2016-02-03 18:49 . 2016-03-10 05:54 572416 ----a-w- c:\windows\system32\oleaut32.dll
    2016-02-03 18:43 . 2016-03-10 05:54 67584 ----a-w- c:\windows\system32\asycfilt.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-10 39408]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
    "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
    "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-22 8546848]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-03-22 686624]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "TSleepSrv"="c:\program files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [2010-03-17 252728]
    "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-04-06 1328480]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
    "TRCMan"="c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]
    "TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 611672]
    "SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
    "TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-12 60712]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2015-12-15 4431848]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-12 157480]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files\Panasonic\PHOTOfunSTUDIO 6.0\PHOTOfunSTUDIO.exe" [2011-8-28 174064]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    .
    3;2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
    R3 eapihdrv;eapihdrv;c:\users\jan\AppData\Local\Temp\ehdrv.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-03-30 102912]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2014-07-14 18944]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-07 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 366936]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2015-05-20 122320]
    S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-05-20 278992]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-10-22 39224]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2015-06-03 66008]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-24 208184]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-11-24 32672]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-11-03 172856]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-05-26 191440]
    S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [2015-12-15 1442344]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-11-19 283136]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-30 353384]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 189808]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
    S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
    S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
    S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 11776]
    S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-18 136304]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-03 266344]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 685424]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
    HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
    utcsvc REG_MULTI_SZ   DiagTrack
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-04-11 23:08 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
    2015-12-18 15:42 286904 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 01:19]
    .
    2016-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 05:44]
    .
    2016-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 05:44]
    .
    2013-01-30 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-30 21:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    MSConfigStartUp-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
    c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\ThpSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\windows\system32\GWX\GWX.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\system32\conhost.exe
    c:\windows\System32\ThpSrv.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
    c:\program files\AVG\AVG2013\avgcfgex.exe
    .
    **************************************************************************
    .
    Completion time: 2016-04-28  11:56:30 - machine was rebooted
    ComboFix-quarantined-files.txt  2016-04-28 01:56
    .
    Pre-Run: 543,304,048,640 bytes free
    Post-Run: 542,857,687,040 bytes free
    .
    - - End Of File - - D9189F31996164659CA45001E939F2AC
    5B5E648D12FCADC244C1EC30318E1EB9
     
     
    I look forward to your next instruction.

    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 27 April 2016 - 09:16 PM

    Lets run another program to find Rootkits. You did have an infected copy of userinit.exe and Combofix fixed it

     

    Please download TDSSKiller
  • Download TDSSKiller.exe to your desktop, if it is prevented from being downloaded than download the Zip version and extract it to your desktop
  • Double click TDSSKiller To start the program <-- XP/Vista Users
  • Right Click TDSSKiller and select RUN AS ADMINISTRATOR <--Windows 7 and 8
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

     
     
     
     
     
     
    Then run this program and post the report

     

    Download RogueKiller from Here or Here
    •  
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7,  right-click and select "Run as  Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller
     
     


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 kangaroo

    kangaroo

      Authentic Member

    • Authentic Member
    • PipPip
    • 212 posts

    Posted 28 April 2016 - 04:01 AM

    Hi Ken545,

     

    Ran TDSSKiller and it found no threats. See log below.

     

    I then ran RougueKiller. I think I'm not getting enough sleep as I was driving for 3 hours today and forgot that my WiFi router is a USB connected drive; so I ran the first scan with it still attached. Realising this, I disconnected it and ran RogueKiller scan again. Both times the same number of threats were found. I'll post the second log (without the the WiFI router attached). If you'd like the log from the first scan (with the WiFi router attached) as well, let me know and I'll post it for you.

     

    So, here is the TDSSKiller scan log:

     

    18:44:53.0154 0x1c10  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
    18:45:03.0668 0x1c10  ============================================================
    18:45:03.0668 0x1c10  Current date / time: 2016/04/28 18:45:03.0668
    18:45:03.0668 0x1c10  SystemInfo:
    18:45:03.0668 0x1c10  
    18:45:03.0668 0x1c10  OS Version: 6.1.7601 ServicePack: 1.0
    18:45:03.0668 0x1c10  Product type: Workstation
    18:45:03.0668 0x1c10  ComputerName: JAN-PC
    18:45:03.0668 0x1c10  UserName: jan
    18:45:03.0668 0x1c10  Windows directory: C:\windows
    18:45:03.0668 0x1c10  System windows directory: C:\windows
    18:45:03.0668 0x1c10  Processor architecture: Intel x86
    18:45:03.0668 0x1c10  Number of processors: 8
    18:45:03.0668 0x1c10  Page size: 0x1000
    18:45:03.0668 0x1c10  Boot type: Normal boot
    18:45:03.0668 0x1c10  ============================================================
    18:45:03.0855 0x1c10  KLMD registered as C:\windows\system32\drivers\98512144.sys
    18:45:04.0183 0x1c10  System UUID: {887F808F-9E9F-1FBA-9F6F-BC3CEF770994}
    18:45:04.0776 0x1c10  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:45:04.0776 0x1c10  ============================================================
    18:45:04.0776 0x1c10  \Device\Harddisk0\DR0:
    18:45:04.0776 0x1c10  MBR partitions:
    18:45:04.0776 0x1c10  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48C7A000
    18:45:04.0776 0x1c10  ============================================================
    18:45:04.0791 0x1c10  C: <-> \Device\Harddisk0\DR0\Partition1
    18:45:04.0791 0x1c10  ============================================================
    18:45:04.0791 0x1c10  Initialize success
    18:45:04.0791 0x1c10  ============================================================
    18:46:45.0162 0x0298  ============================================================
    18:46:45.0162 0x0298  Scan started
    18:46:45.0162 0x0298  Mode: Manual; 
    18:46:45.0162 0x0298  ============================================================
    18:46:45.0162 0x0298  KSN ping started
    18:46:49.0639 0x0298  KSN ping finished: true
    18:46:50.0715 0x0298  ================ Scan system memory ========================
    18:46:50.0715 0x0298  System memory - ok
    18:46:50.0715 0x0298  ================ Scan services =============================
    18:46:51.0027 0x0298  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
    18:46:51.0027 0x0298  1394ohci - ok
    18:46:51.0137 0x0298  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
    18:46:51.0152 0x0298  ACPI - ok
    18:46:51.0215 0x0298  [ 79D6B28027C398B728CE7CD0570248B0, 2BB31BFF659BA864D5C64170EF0B5C4A9A1DE5700DA42028A85847C91DCEE676 ] acpials         C:\windows\system32\DRIVERS\acpials.sys
    18:46:51.0215 0x0298  acpials - ok
    18:46:51.0246 0x0298  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
    18:46:51.0246 0x0298  AcpiPmi - ok
    18:46:51.0355 0x0298  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:46:51.0371 0x0298  AdobeARMservice - ok
    18:46:51.0511 0x0298  [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    18:46:51.0527 0x0298  AdobeFlashPlayerUpdateSvc - ok
    18:46:51.0605 0x0298  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
    18:46:51.0620 0x0298  adp94xx - ok
    18:46:51.0651 0x0298  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
    18:46:51.0667 0x0298  adpahci - ok
    18:46:51.0683 0x0298  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
    18:46:51.0683 0x0298  adpu320 - ok
    18:46:51.0761 0x0298  [ 39AEAECE9F42407F176FE130D790BFBE, 19010DF87BDC1884268098CC04B4B15ECB710C94054A57157C0F9B7A795BDB28 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
    18:46:51.0776 0x0298  AeLookupSvc - ok
    18:46:51.0839 0x0298  [ 93B49FA857F7036A4EFF32371F6E7391, B9B2867D9A80E7F028E9D7C6ABCB9EC5198ACE28CEE101C5A846666B356B2843 ] AFD             C:\windows\system32\drivers\afd.sys
    18:46:51.0854 0x0298  AFD - ok
    18:46:51.0901 0x0298  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
    18:46:51.0901 0x0298  agp440 - ok
    18:46:51.0963 0x0298  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
    18:46:51.0963 0x0298  aic78xx - ok
    18:46:52.0026 0x0298  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
    18:46:52.0026 0x0298  ALG - ok
    18:46:52.0057 0x0298  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
    18:46:52.0073 0x0298  aliide - ok
    18:46:52.0135 0x0298  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
    18:46:52.0135 0x0298  amdagp - ok
    18:46:52.0182 0x0298  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
    18:46:52.0182 0x0298  amdide - ok
    18:46:52.0260 0x0298  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
    18:46:52.0260 0x0298  AmdK8 - ok
    18:46:52.0260 0x0298  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
    18:46:52.0275 0x0298  AmdPPM - ok
    18:46:52.0322 0x0298  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\windows\system32\drivers\amdsata.sys
    18:46:52.0338 0x0298  amdsata - ok
    18:46:52.0369 0x0298  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
    18:46:52.0385 0x0298  amdsbs - ok
    18:46:52.0400 0x0298  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
    18:46:52.0400 0x0298  amdxata - ok
    18:46:52.0463 0x0298  [ 3427D31384ACDC3A7C432113D38D0ACC, F6A45B23BF385C8F4C8D0765D5C0416ED05DD997C9F81F02A3938A1A91727D47 ] AppID           C:\windows\system32\drivers\appid.sys
    18:46:52.0463 0x0298  AppID - ok
    18:46:52.0494 0x0298  [ 96E3E544A4C4EDF86BD70F34CA3D285B, A35337E7FF13578E9716AA89EF92B291D02C3899861FE287103B7F89C62536B2 ] AppIDSvc        C:\windows\System32\appidsvc.dll
    18:46:52.0494 0x0298  AppIDSvc - ok
    18:46:52.0541 0x0298  [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo         C:\windows\System32\appinfo.dll
    18:46:52.0541 0x0298  Appinfo - ok
    18:46:52.0650 0x0298  [ D2B87FC03BE28CD0B33C2B5C1119FD8E, 97EB74CB7F62C0D06D45CB250E3A90657A0F107C2FC20738FF6B2C87B0240080 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:46:52.0650 0x0298  Apple Mobile Device - ok
    18:46:52.0743 0x0298  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\DRIVERS\arc.sys
    18:46:52.0743 0x0298  arc - ok
    18:46:52.0759 0x0298  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
    18:46:52.0775 0x0298  arcsas - ok
    18:46:52.0884 0x0298  [ 4170FD789CDDE8767972C7C87E6B3400, 36403DF991F451A2A539B7C9BBF1310768701F68AC5EFFA1E5EE0C07A427E5ED ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    18:46:52.0899 0x0298  aspnet_state - ok
    18:46:52.0931 0x0298  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
    18:46:52.0931 0x0298  AsyncMac - ok
    18:46:53.0009 0x0298  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
    18:46:53.0009 0x0298  atapi - ok
    18:46:53.0087 0x0298  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    18:46:53.0102 0x0298  AudioEndpointBuilder - ok
    18:46:53.0118 0x0298  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\windows\System32\Audiosrv.dll
    18:46:53.0118 0x0298  Audiosrv - ok
    18:46:53.0180 0x0298  [ 94B41E3295C8E9FDFCD32E624AEED2FE, CF349CE8ABA857DF79EB3A3777DF1ACD619E40E654B06791B9A731D7DAF12BC0 ] Avgfwfd         C:\windows\system32\DRIVERS\avgfwd6x.sys
    18:46:53.0180 0x0298  Avgfwfd - ok
    18:46:53.0321 0x0298  [ C6B5A8A068D2FC568BC291AFEC581CB9, A9CEEE9F1B1D7E55D974C3CF6A0EBB0E756A1B47D1BCE467C17D0F340C7D2107 ] avgfws          C:\Program Files\AVG\AVG2013\avgfws.exe
    18:46:53.0336 0x0298  avgfws - ok
    18:46:53.0570 0x0298  [ 749D739598A94967BEF0CD00B12F3B65, 7A73B24427FDC5BAF93F3F8270AEFB898BB0C0A43F351E5BE651252176A2EAF7 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
    18:46:53.0664 0x0298  AVGIDSAgent - ok
    18:46:53.0726 0x0298  [ 5BCAE36134162830ED283F4C3D88476A, A47EE816A88A8C18458BA721AB829E49D492128BA8D5BF6FF317C2B5A1FFA60F ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdriverx.sys
    18:46:53.0742 0x0298  AVGIDSDriver - ok
    18:46:53.0804 0x0298  [ 380B62A9DB16EB30946694202AA52500, 27DFF0D42D5CA121DD90A2988628ECD6DA43C42DBF0F9A5A843C823CA74D0C26 ] AVGIDSHX        C:\windows\system32\DRIVERS\avgidshx.sys
    18:46:53.0804 0x0298  AVGIDSHX - ok
    18:46:53.0835 0x0298  [ 4072BB8E2F2CEFA9B5798ABDA181728B, 9A10E3376D618EEEE9AC41FDF7D7794F3E1E4BBAD799D51E51B463D29D975E69 ] AVGIDSShim      C:\windows\system32\DRIVERS\avgidsshimx.sys
    18:46:53.0851 0x0298  AVGIDSShim - ok
    18:46:53.0913 0x0298  [ FCF551AD50A10E427F743165A533E613, 78EA90EC56A7E1B40B4F9191A33D06A648AB48499A4F19C6AE43EA690585BE25 ] Avgldx86        C:\windows\system32\DRIVERS\avgldx86.sys
    18:46:53.0929 0x0298  Avgldx86 - ok
    18:46:54.0023 0x0298  [ B488C5F5A53AD4651DBB426D2610BB83, 2660834D4EC033B831FA32D5226E4278FFC1F72D3C00B29961B56308143DE923 ] Avglogx         C:\windows\system32\DRIVERS\avglogx.sys
    18:46:54.0038 0x0298  Avglogx - ok
    18:46:54.0085 0x0298  [ 287B8CDE632C8FECBFBFB757D73156F0, BFD2766AC804B62323F9E93BB13F6738F1922A3C18495070B2286A2A38244EE6 ] Avgmfx86        C:\windows\system32\DRIVERS\avgmfx86.sys
    18:46:54.0085 0x0298  Avgmfx86 - ok
    18:46:54.0116 0x0298  [ 90FA3A4BB1039701D68FD1CC2ED3EE22, 5842AECBF76163BCAEE19DED708291DD8402E2D24DD48453E6067A9AE5BABB11 ] Avgrkx86        C:\windows\system32\DRIVERS\avgrkx86.sys
    18:46:54.0116 0x0298  Avgrkx86 - ok
    18:46:54.0163 0x0298  [ 758D7D36F4E2E565D58C3723789C36F5, 61A2FAC5326EC05A61A07BB204244C5362A916FA94100C25629C1B25A2F18D75 ] Avgtdix         C:\windows\system32\DRIVERS\avgtdix.sys
    18:46:54.0179 0x0298  Avgtdix - ok
    18:46:54.0210 0x0298  [ D646FA5135A1CD795877AFE9D17FA9ED, 2F97FBCD7BD75727A77C17D75D2482AE819D5D2EB9760D96412F9C20AA7D9473 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    18:46:54.0225 0x0298  avgwd - ok
    18:46:54.0272 0x0298  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
    18:46:54.0272 0x0298  AxInstSV - ok
    18:46:54.0335 0x0298  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
    18:46:54.0350 0x0298  b06bdrv - ok
    18:46:54.0381 0x0298  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
    18:46:54.0381 0x0298  b57nd60x - ok
    18:46:54.0537 0x0298  [ CDA161020BF75B12728AE394196AD991, A0D81CA5BE70D2B5FAD9BC6634D008D3CC5A3E80B993202D468DBE87932C65BB ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
    18:46:54.0631 0x0298  BCM43XX - ok
    18:46:54.0678 0x0298  [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    18:46:54.0693 0x0298  BcmSqlStartupSvc - ok
    18:46:54.0740 0x0298  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
    18:46:54.0740 0x0298  BDESVC - ok
    18:46:54.0771 0x0298  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
    18:46:54.0771 0x0298  Beep - ok
    18:46:54.0865 0x0298  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
    18:46:54.0865 0x0298  BFE - ok
    18:46:54.0896 0x0298  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\system32\qmgr.dll
    18:46:54.0912 0x0298  BITS - ok
    18:46:54.0943 0x0298  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
    18:46:54.0943 0x0298  blbdrive - ok
    18:46:55.0052 0x0298  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:46:55.0083 0x0298  Bonjour Service - ok
    18:46:55.0130 0x0298  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
    18:46:55.0130 0x0298  bowser - ok
    18:46:55.0161 0x0298  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
    18:46:55.0161 0x0298  BrFiltLo - ok
    18:46:55.0177 0x0298  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
    18:46:55.0177 0x0298  BrFiltUp - ok
    18:46:55.0224 0x0298  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
    18:46:55.0239 0x0298  BridgeMP - ok
    18:46:55.0286 0x0298  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
    18:46:55.0302 0x0298  Browser - ok
    18:46:55.0349 0x0298  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
    18:46:55.0364 0x0298  Brserid - ok
    18:46:55.0395 0x0298  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
    18:46:55.0395 0x0298  BrSerWdm - ok
    18:46:55.0411 0x0298  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
    18:46:55.0411 0x0298  BrUsbMdm - ok
    18:46:55.0442 0x0298  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
    18:46:55.0442 0x0298  BrUsbSer - ok
    18:46:55.0458 0x0298  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
    18:46:55.0458 0x0298  BTHMODEM - ok
    18:46:55.0505 0x0298  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
    18:46:55.0505 0x0298  bthserv - ok
    18:46:55.0551 0x0298  [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5        C:\windows\system32\drivers\BVRPMPR5.SYS
    18:46:55.0567 0x0298  BVRPMPR5 - ok
    18:46:55.0863 0x0298  catchme - ok
    18:46:55.0895 0x0298  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
    18:46:55.0895 0x0298  cdfs - ok
    18:46:55.0941 0x0298  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
    18:46:55.0941 0x0298  cdrom - ok
    18:46:55.0988 0x0298  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
    18:46:56.0004 0x0298  CertPropSvc - ok
    18:46:56.0097 0x0298  [ 3653FD7871E8B5B92E9C3E2945BD293D, CFDA779AEE6CA7B5D46088951063B864F6037B3B73AD173E6A5D579D8AC9FCDF ] cfWiMAXService  C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    18:46:56.0113 0x0298  cfWiMAXService - ok
    18:46:56.0144 0x0298  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
    18:46:56.0160 0x0298  circlass - ok
    18:46:56.0207 0x0298  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\windows\system32\CLFS.sys
    18:46:56.0222 0x0298  CLFS - ok
    18:46:56.0300 0x0298  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:46:56.0300 0x0298  clr_optimization_v2.0.50727_32 - ok
    18:46:56.0363 0x0298  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:46:56.0363 0x0298  clr_optimization_v4.0.30319_32 - ok
    18:46:56.0378 0x0298  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
    18:46:56.0378 0x0298  CmBatt - ok
    18:46:56.0409 0x0298  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
    18:46:56.0425 0x0298  cmdide - ok
    18:46:56.0503 0x0298  [ FAE0008AB5BF34E41EC95A8087E94454, AE97D2057FCC5CA2E7DFBE81EA9A84E5EF955CC1F0F21B437ECBB602C85F9B96 ] CNG             C:\windows\system32\Drivers\cng.sys
    18:46:56.0519 0x0298  CNG - ok
    18:46:56.0550 0x0298  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
    18:46:56.0550 0x0298  Compbatt - ok
    18:46:56.0659 0x0298  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
    18:46:56.0675 0x0298  CompositeBus - ok
    18:46:56.0690 0x0298  COMSysApp - ok
    18:46:56.0721 0x0298  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    18:46:56.0737 0x0298  ConfigFree Service - ok
    18:46:56.0815 0x0298  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
    18:46:56.0815 0x0298  crcdisk - ok
    18:46:56.0862 0x0298  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\windows\system32\cryptsvc.dll
    18:46:56.0877 0x0298  CryptSvc - ok
    18:46:56.0955 0x0298  [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] DcomLaunch      C:\windows\system32\rpcss.dll
    18:46:56.0971 0x0298  DcomLaunch - ok
    18:46:57.0002 0x0298  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
    18:46:57.0002 0x0298  defragsvc - ok
    18:46:57.0049 0x0298  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
    18:46:57.0049 0x0298  DfsC - ok
    18:46:57.0127 0x0298  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
    18:46:57.0143 0x0298  Dhcp - ok
    18:46:57.0283 0x0298  [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack       C:\windows\system32\diagtrack.dll
    18:46:57.0314 0x0298  DiagTrack - ok
    18:46:57.0345 0x0298  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
    18:46:57.0345 0x0298  discache - ok
    18:46:57.0392 0x0298  [ B7B470F163002A0D0E381EE45834BF6B, 5B5E204341A6B1689C3F8717C41782B1A077A026F8B19DA3DE08CA44AB1D95B2 ] Disk            C:\windows\system32\drivers\disk.sys
    18:46:57.0408 0x0298  Disk - ok
    18:46:57.0439 0x0298  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
    18:46:57.0455 0x0298  Dnscache - ok
    18:46:57.0501 0x0298  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
    18:46:57.0517 0x0298  dot3svc - ok
    18:46:57.0564 0x0298  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
    18:46:57.0564 0x0298  Dot4 - ok
    18:46:57.0626 0x0298  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\windows\system32\drivers\Dot4Prt.sys
    18:46:57.0626 0x0298  Dot4Print - ok
    18:46:57.0657 0x0298  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
    18:46:57.0657 0x0298  dot4usb - ok
    18:46:57.0704 0x0298  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
    18:46:57.0720 0x0298  DPS - ok
    18:46:57.0767 0x0298  [ A3F684B866A7D89AE396276CE7AFD416, 1E4C034B7B106FA403B13842A199D88A33B492A577B58CDDAE0B4706266B9565 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
    18:46:57.0782 0x0298  drmkaud - ok
    18:46:57.0860 0x0298  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
    18:46:57.0876 0x0298  DXGKrnl - ok
    18:46:57.0907 0x0298  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
    18:46:57.0907 0x0298  EapHost - ok
    18:46:57.0923 0x0298  eapihdrv - ok
    18:46:57.0969 0x12c4  Object required for P2P: [ 749D739598A94967BEF0CD00B12F3B65 ] AVGIDSAgent
    18:46:58.0063 0x0298  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
    18:46:58.0219 0x0298  ebdrv - ok
    18:46:58.0235 0x0298  [ 77426C777A32E1493A787374B3D5F94B, 1C3D6EED40647705C40C554DAF38D3C0A5FE7100544448D8586E369C2772F490 ] EFS             C:\windows\System32\lsass.exe
    18:46:58.0235 0x0298  EFS - ok
    18:46:58.0422 0x0298  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\windows\ehome\ehRecvr.exe
    18:46:58.0437 0x0298  ehRecvr - ok
    18:46:58.0469 0x0298  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\windows\ehome\ehsched.exe
    18:46:58.0484 0x0298  ehSched - ok
    18:46:58.0531 0x0298  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
    18:46:58.0562 0x0298  elxstor - ok
    18:46:58.0593 0x0298  [ F13C945115B8A8C7C4427D5925F88F23, 7E1393AE7E0A9598428254E9A8E6DBBE9CDCFD9FCD0DDFFDDF77E371DA3DFC68 ] enecir          C:\windows\system32\DRIVERS\enecir.sys
    18:46:58.0593 0x0298  enecir - ok
    18:46:58.0625 0x0298  [ 65BF24816C2814596253F312DD35F171, 79B4BBF7E83D6730E36F32EFECEF9ADB80151A21E64DA70E61AEF3A3DDF00BEA ] enecirhid       C:\windows\system32\DRIVERS\enecirhid.sys
    18:46:58.0625 0x0298  enecirhid - ok
    18:46:58.0640 0x0298  [ 97D41E2831AC117AF9BF8D0D9E9D027F, C4F161D7894D99A98C12AC0B86AD82001E7C21443867EB3CF6AEAB468EA24595 ] enecirhidma     C:\windows\system32\DRIVERS\enecirhidma.sys
    18:46:58.0640 0x0298  enecirhidma - ok
    18:46:58.0703 0x0298  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
    18:46:58.0703 0x0298  ErrDev - ok
    18:46:58.0749 0x0298  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
    18:46:58.0765 0x0298  EventSystem - ok
    18:46:58.0796 0x0298  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
    18:46:58.0812 0x0298  exfat - ok
    18:46:58.0843 0x0298  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
    18:46:58.0843 0x0298  fastfat - ok
    18:46:58.0905 0x0298  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
    18:46:58.0921 0x0298  Fax - ok
    18:46:58.0968 0x0298  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
    18:46:58.0968 0x0298  fdc - ok
    18:46:59.0015 0x0298  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
    18:46:59.0015 0x0298  fdPHost - ok
    18:46:59.0030 0x0298  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
    18:46:59.0030 0x0298  FDResPub - ok
    18:46:59.0046 0x0298  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
    18:46:59.0061 0x0298  FileInfo - ok
    18:46:59.0077 0x0298  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
    18:46:59.0077 0x0298  Filetrace - ok
    18:46:59.0124 0x0298  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
    18:46:59.0124 0x0298  flpydisk - ok
    18:46:59.0155 0x0298  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
    18:46:59.0171 0x0298  FltMgr - ok
    18:46:59.0280 0x0298  [ 23D3F12CA9DEB6EF02DEDC621EC661AC, AA3718715ADFE1666757BCD79D5A8DC591C2C5185802F51A27C119C4C30F360A ] FontCache       C:\windows\system32\FntCache.dll
    18:46:59.0295 0x0298  FontCache - ok
    18:46:59.0342 0x0298  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    18:46:59.0342 0x0298  FontCache3.0.0.0 - ok
    18:46:59.0389 0x0298  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
    18:46:59.0389 0x0298  FsDepends - ok
    18:46:59.0436 0x0298  [ D909075FA72C090F27AA926C32CB4612, F8610C20C4DD499D5B4ACEBD7107E52E25B6449AEED58D1A203F7D654B55C4DF ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
    18:46:59.0436 0x0298  fssfltr - ok
    18:46:59.0639 0x0298  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    18:46:59.0670 0x0298  fsssvc - ok
    18:46:59.0717 0x0298  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
    18:46:59.0717 0x0298  Fs_Rec - ok
    18:46:59.0779 0x0298  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
    18:46:59.0795 0x0298  fvevol - ok
    18:46:59.0841 0x0298  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
    18:46:59.0841 0x0298  gagp30kx - ok
    18:46:59.0904 0x0298  [ 1A0B9D84BEB3306F728BC3009D432F5C, 66BCE24D679A312148141F55D0F10BD0F771261CC481B81D6921448CA77F0974 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    18:46:59.0919 0x0298  GameConsoleService - ok
    18:46:59.0982 0x0298  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    18:46:59.0982 0x0298  GEARAspiWDM - ok
    18:47:00.0044 0x0298  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
    18:47:00.0060 0x0298  gpsvc - ok
    18:47:00.0185 0x0298  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
    18:47:00.0185 0x0298  gupdate - ok
    18:47:00.0216 0x0298  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
    18:47:00.0231 0x0298  gupdatem - ok
    18:47:00.0294 0x0298  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:47:00.0309 0x0298  gusvc - ok
    18:47:00.0341 0x0298  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
    18:47:00.0341 0x0298  hcw85cir - ok
    18:47:00.0403 0x0298  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    18:47:00.0419 0x0298  HdAudAddService - ok
    18:47:00.0450 0x0298  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
    18:47:00.0465 0x0298  HDAudBus - ok
    18:47:00.0497 0x0298  [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI            C:\windows\system32\DRIVERS\HECI.sys
    18:47:00.0497 0x0298  HECI - ok
    18:47:00.0528 0x0298  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
    18:47:00.0528 0x0298  HidBatt - ok
    18:47:00.0543 0x0298  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
    18:47:00.0559 0x0298  HidBth - ok
    18:47:00.0606 0x0298  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
    18:47:00.0606 0x0298  HidIr - ok
    18:47:00.0637 0x0298  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\System32\hidserv.dll
    18:47:00.0637 0x0298  hidserv - ok
    18:47:00.0699 0x0298  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
    18:47:00.0699 0x0298  HidUsb - ok
    18:47:00.0762 0x0298  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
    18:47:00.0762 0x0298  hkmsvc - ok
    18:47:00.0793 0x0298  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
    18:47:00.0809 0x0298  HomeGroupListener - ok
    18:47:00.0855 0x0298  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    18:47:00.0871 0x0298  HomeGroupProvider - ok
    18:47:00.0996 0x0298  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    18:47:01.0011 0x0298  hpqcxs08 - ok
    18:47:01.0043 0x0298  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    18:47:01.0043 0x0298  hpqddsvc - ok
    18:47:01.0089 0x0298  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
    18:47:01.0089 0x0298  HpSAMD - ok
    18:47:01.0167 0x0298  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\windows\system32\drivers\HTTP.sys
    18:47:01.0183 0x0298  HTTP - ok
    18:47:01.0214 0x12c4  Object send P2P result: true
    18:47:01.0214 0x0298  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
    18:47:01.0214 0x0298  hwpolicy - ok
    18:47:01.0277 0x0298  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
    18:47:01.0277 0x0298  i8042prt - ok
    18:47:01.0323 0x0298  [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A, EB783FC244BEA8522E1351A0612E29AE74D11CEC0DB4A3668D9BE905FFFD4AC2 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
    18:47:01.0355 0x0298  iaStor - ok
    18:47:01.0433 0x0298  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
    18:47:01.0448 0x0298  iaStorV - ok
    18:47:01.0557 0x0298  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:47:01.0589 0x0298  idsvc - ok
    18:47:01.0620 0x0298  IEEtwCollectorService - ok
    18:47:01.0635 0x0298  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
    18:47:01.0635 0x0298  iirsp - ok
    18:47:01.0745 0x0298  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
    18:47:01.0760 0x0298  IKEEXT - ok
    18:47:01.0916 0x0298  [ 2A4EB3167A071A67D3F56E94663544EC, 0610929670CE2209995813473BB8380500763F328952E4DDDDAF9FF73379A294 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
    18:47:02.0010 0x0298  IntcAzAudAddService - ok
    18:47:02.0057 0x0298  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
    18:47:02.0057 0x0298  intelide - ok
    18:47:02.0088 0x0298  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
    18:47:02.0088 0x0298  intelppm - ok
    18:47:02.0119 0x0298  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
    18:47:02.0135 0x0298  IPBusEnum - ok
    18:47:02.0150 0x0298  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
    18:47:02.0150 0x0298  IpFilterDriver - ok
    18:47:02.0213 0x0298  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
    18:47:02.0228 0x0298  iphlpsvc - ok
    18:47:02.0244 0x0298  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
    18:47:02.0259 0x0298  IPMIDRV - ok
    18:47:02.0275 0x0298  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
    18:47:02.0275 0x0298  IPNAT - ok
    18:47:02.0384 0x0298  [ 1323570D55CE9D70D1F10144A8249D20, 5876576289CCDC994D6BC8D1B8D29EFFF66811EBECC577F8C2F9BDC2E59ADFBC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
    18:47:02.0400 0x0298  iPod Service - ok
    18:47:02.0431 0x0298  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
    18:47:02.0431 0x0298  IRENUM - ok
    18:47:02.0478 0x0298  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
    18:47:02.0478 0x0298  isapnp - ok
    18:47:02.0525 0x0298  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
    18:47:02.0540 0x0298  iScsiPrt - ok
    18:47:02.0603 0x0298  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    18:47:02.0603 0x0298  IviRegMgr - ok
    18:47:02.0634 0x0298  [ 48E79610BF13DBE74A2C6F6C1C7C1A8B, F0F82F0B359882EC1309DC445AE085247A18517BEA8B4E13AD5C6148206096D2 ] JMCR            C:\windows\system32\DRIVERS\jmcr.sys
    18:47:02.0649 0x0298  JMCR - ok
    18:47:02.0727 0x0298  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
    18:47:02.0727 0x0298  kbdclass - ok
    18:47:02.0759 0x0298  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
    18:47:02.0759 0x0298  kbdhid - ok
    18:47:02.0790 0x0298  [ 77426C777A32E1493A787374B3D5F94B, 1C3D6EED40647705C40C554DAF38D3C0A5FE7100544448D8586E369C2772F490 ] KeyIso          C:\windows\system32\lsass.exe
    18:47:02.0790 0x0298  KeyIso - ok
    18:47:02.0821 0x0298  [ B2ED7C4729F363E7DBDA8506A9979A47, 257C53745C3D19B1EE6E335FE8410998536248EC773E8B6374F3AF1F883EEB20 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
    18:47:02.0837 0x0298  KSecDD - ok
    18:47:02.0852 0x0298  [ 85E6428349B8E4E4845D633E85879FB4, 43D8B5BE1C1307852A1F315D0B332CD4DE95A99739C0AA8559A6093015C61A74 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
    18:47:02.0868 0x0298  KSecPkg - ok
    18:47:02.0899 0x0298  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
    18:47:02.0930 0x0298  KtmRm - ok
    18:47:02.0961 0x0298  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\System32\srvsvc.dll
    18:47:02.0977 0x0298  LanmanServer - ok
    18:47:03.0008 0x0298  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    18:47:03.0008 0x0298  LanmanWorkstation - ok
    18:47:03.0055 0x0298  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
    18:47:03.0055 0x0298  lltdio - ok
    18:47:03.0086 0x0298  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
    18:47:03.0102 0x0298  lltdsvc - ok
    18:47:03.0117 0x0298  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
    18:47:03.0117 0x0298  lmhosts - ok
    18:47:03.0195 0x0298  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
    18:47:03.0211 0x0298  LMS - ok
    18:47:03.0258 0x0298  [ 6ADAB14D7AD12B35BDC665B35278099B, 37E55AA5374504A2C20551F404B3653B068A4D7FEC6B614DAA37B4D32A7C25FF ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
    18:47:03.0258 0x0298  LPCFilter - ok
    18:47:03.0305 0x0298  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
    18:47:03.0305 0x0298  LSI_FC - ok
    18:47:03.0336 0x0298  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
    18:47:03.0336 0x0298  LSI_SAS - ok
    18:47:03.0367 0x0298  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
    18:47:03.0383 0x0298  LSI_SAS2 - ok
    18:47:03.0398 0x0298  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
    18:47:03.0414 0x0298  LSI_SCSI - ok
    18:47:03.0445 0x0298  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
    18:47:03.0445 0x0298  luafv - ok
    18:47:03.0507 0x0298  [ A1D52DB330E18B5A7A718D31D950CA87, D3BE0C13EB0001841B0BA3B401783C0CDA247023BAF8351EBDDB48264AB2E20C ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
    18:47:03.0507 0x0298  MBAMProtector - ok
    18:47:03.0648 0x0298  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    18:47:03.0679 0x0298  MBAMScheduler - ok
    18:47:03.0773 0x0298  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    18:47:03.0804 0x0298  MBAMService - ok
    18:47:03.0851 0x0298  [ 66DDF98174707CBADBCA6BBABDA1231C, 18B4D1FB27CAF2A360A0B0803015F5D88A7DE9A8BCEAFD2FB769554DDC4505F2 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
    18:47:03.0866 0x0298  MBAMWebAccessControl - ok
    18:47:03.0897 0x0298  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
    18:47:03.0897 0x0298  Mcx2Svc - ok
    18:47:03.0944 0x0298  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
    18:47:03.0944 0x0298  megasas - ok
    18:47:03.0975 0x0298  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
    18:47:03.0991 0x0298  MegaSR - ok
    18:47:04.0022 0x0298  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
    18:47:04.0022 0x0298  MMCSS - ok
    18:47:04.0085 0x0298  [ 8AEEB5397543568860C6F681E2ED6686, 54C3EE2A3D3F0DFBC023EF761793B96B58D5C8255F89B8E911E38D8892867C05 ] mod7700         C:\windows\system32\Drivers\dvb7700all.sys
    18:47:04.0100 0x0298  mod7700 - ok
    18:47:04.0116 0x0298  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
    18:47:04.0116 0x0298  Modem - ok
    18:47:04.0147 0x0298  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
    18:47:04.0147 0x0298  monitor - ok
    18:47:04.0209 0x0298  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\drivers\mouclass.sys
    18:47:04.0225 0x0298  mouclass - ok
    18:47:04.0256 0x0298  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
    18:47:04.0256 0x0298  mouhid - ok
    18:47:04.0303 0x0298  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
    18:47:04.0303 0x0298  mountmgr - ok
    18:47:04.0365 0x0298  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
    18:47:04.0365 0x0298  mpio - ok
    18:47:04.0397 0x0298  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
    18:47:04.0397 0x0298  mpsdrv - ok
    18:47:04.0475 0x0298  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
    18:47:04.0475 0x0298  MpsSvc - ok
    18:47:04.0506 0x0298  [ 6430A074F6E32176FBEF2DEB110AE952, 0161B3CBCF427F5F9C47EDBA7F6848D9D6EB58B7EF203881E0D288B5ABAEEB98 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
    18:47:04.0521 0x0298  MRxDAV - ok
    18:47:04.0568 0x0298  [ 7B9C4C7FAE04079D405AE658A7616ED0, 39ECAFD4DD9D4DB79BFC6BFE26B87D3529B9D135D467AE8E4C8ECB5ECBE6B9B0 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
    18:47:04.0568 0x0298  mrxsmb - ok
    18:47:04.0599 0x0298  [ 8E5D0A077B5592B4E8F26D8CDC2492CE, A25C69C08EF2D2E20B22109104665214A4766348BAC991E3C744B35A35C0F944 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
    18:47:04.0615 0x0298  mrxsmb10 - ok
    18:47:04.0615 0x0298  [ 5D5A1C8C046AA8DAF5FC778B4019D7CE, AFBB452E2251AFDA5595EDFD8678C1A45A90F29D6C3D5A6E10357C491568163B ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
    18:47:04.0631 0x0298  mrxsmb20 - ok
    18:47:04.0646 0x0298  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
    18:47:04.0646 0x0298  msahci - ok
    18:47:04.0693 0x0298  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\windows\system32\drivers\msdsm.sys
    18:47:04.0709 0x0298  msdsm - ok
    18:47:04.0755 0x0298  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\windows\System32\msdtc.exe
    18:47:04.0755 0x0298  MSDTC - ok
    18:47:04.0802 0x0298  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
    18:47:04.0802 0x0298  Msfs - ok
    18:47:04.0818 0x0298  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
    18:47:04.0833 0x0298  mshidkmdf - ok
    18:47:04.0849 0x0298  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
    18:47:04.0849 0x0298  msisadrv - ok
    18:47:04.0896 0x0298  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
    18:47:04.0911 0x0298  MSiSCSI - ok
    18:47:04.0911 0x0298  msiserver - ok
    18:47:04.0958 0x0298  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
    18:47:04.0958 0x0298  MSKSSRV - ok
    18:47:04.0974 0x0298  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
    18:47:04.0974 0x0298  MSPCLOCK - ok
    18:47:05.0005 0x0298  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
    18:47:05.0005 0x0298  MSPQM - ok
    18:47:05.0036 0x0298  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
    18:47:05.0036 0x0298  MsRPC - ok
    18:47:05.0083 0x0298  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
    18:47:05.0083 0x0298  mssmbios - ok
    18:47:05.0145 0x0298  MSSQL$MSSMLBIZ - ok
    18:47:05.0192 0x0298  MSSQL$SQLEXPRESS - ok
    18:47:05.0239 0x0298  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    18:47:05.0255 0x0298  MSSQLServerADHelper - ok
    18:47:05.0364 0x0298  [ F1761C8FB2B25A32C6D63E36BB88C3AE, C88F5EF7B547DAA2394888362916FA18F07241E0BF2B938297428A1C04FFD806 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    18:47:05.0364 0x0298  MSSQLServerADHelper100 - ok
    18:47:05.0411 0x0298  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
    18:47:05.0411 0x0298  MSTEE - ok
    18:47:05.0426 0x0298  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
    18:47:05.0442 0x0298  MTConfig - ok
    18:47:05.0457 0x0298  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\windows\system32\Drivers\mup.sys
    18:47:05.0457 0x0298  Mup - ok
    18:47:05.0520 0x0298  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
    18:47:05.0535 0x0298  napagent - ok
    18:47:05.0598 0x0298  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
    18:47:05.0613 0x0298  NativeWifiP - ok
    18:47:05.0676 0x0298  [ 9804FB2E46077F2977552347DFCA7E05, A34B703462C6998AB2B3EA6389F4B89616CDC257D44C400C92663E6FB4A8F196 ] NDIS            C:\windows\system32\drivers\ndis.sys
    18:47:05.0691 0x0298  NDIS - ok
    18:47:05.0738 0x0298  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
    18:47:05.0738 0x0298  NdisCap - ok
    18:47:05.0769 0x0298  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
    18:47:05.0769 0x0298  NdisTapi - ok
    18:47:05.0801 0x0298  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
    18:47:05.0801 0x0298  Ndisuio - ok
    18:47:05.0863 0x0298  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
    18:47:05.0863 0x0298  NdisWan - ok
    18:47:05.0879 0x0298  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
    18:47:05.0879 0x0298  NDProxy - ok
    18:47:05.0925 0x0298  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
    18:47:05.0925 0x0298  Net Driver HPZ12 - ok
    18:47:05.0988 0x0298  [ 9213AA35BCA94EB79D366DA254E4BDF5, 5E1C71BEB6CFFF5A6F149E9FE6E169D087A6CBE63A504FEE8D42170284952F85 ] Netaapl         C:\windows\system32\DRIVERS\netaapl.sys
    18:47:05.0988 0x0298  Netaapl - ok
    18:47:06.0035 0x0298  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
    18:47:06.0050 0x0298  NetBIOS - ok
    18:47:06.0081 0x0298  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
    18:47:06.0097 0x0298  NetBT - ok
    18:47:06.0113 0x0298  [ 77426C777A32E1493A787374B3D5F94B, 1C3D6EED40647705C40C554DAF38D3C0A5FE7100544448D8586E369C2772F490 ] Netlogon        C:\windows\system32\lsass.exe
    18:47:06.0113 0x0298  Netlogon - ok
    18:47:06.0144 0x0298  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
    18:47:06.0159 0x0298  Netman - ok
    18:47:06.0237 0x0298  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    18:47:06.0253 0x0298  NetMsmqActivator - ok
    18:47:06.0284 0x0298  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    18:47:06.0284 0x0298  NetPipeActivator - ok
    18:47:06.0331 0x0298  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
    18:47:06.0362 0x0298  netprofm - ok
    18:47:06.0378 0x0298  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    18:47:06.0378 0x0298  NetTcpActivator - ok
    18:47:06.0378 0x0298  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    18:47:06.0378 0x0298  NetTcpPortSharing - ok
    18:47:06.0425 0x0298  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
    18:47:06.0425 0x0298  nfrd960 - ok
    18:47:06.0487 0x0298  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\windows\System32\nlasvc.dll
    18:47:06.0503 0x0298  NlaSvc - ok
    18:47:06.0549 0x0298  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
    18:47:06.0549 0x0298  Npfs - ok
    18:47:06.0581 0x0298  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\windows\system32\nsisvc.dll
    18:47:06.0581 0x0298  nsi - ok
    18:47:06.0627 0x0298  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
    18:47:06.0627 0x0298  nsiproxy - ok
    18:47:06.0752 0x0298  [ 978E7A2E4BF4E8E70D0776EF0D9E97FB, B6C82BB9B3025FD2D37B6AB6FA9C2944F8B3020CD4588BE464CE73A992B7FF00 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
    18:47:06.0783 0x0298  Ntfs - ok
    18:47:06.0799 0x0298  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
    18:47:06.0799 0x0298  Null - ok
    18:47:06.0846 0x0298  [ 79E97CDAE5449A59A4798FC5B006C58F, 332274595439CFCD497CACEF38FDEA57C27FE44E48D768B17FE940AF511141F2 ] NVHDA           C:\windows\system32\drivers\nvhda32v.sys
    18:47:06.0846 0x0298  NVHDA - ok
    18:47:07.0205 0x0298  [ 8D77E30DCE5625322483F54A59B8BEC4, 0E461128B57C4906932571FD4C584E5EEF4D905AD0C33EA7AD5E5B16297ADF05 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
    18:47:07.0517 0x0298  nvlddmkm - ok
    18:47:07.0563 0x0298  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\windows\system32\drivers\nvraid.sys
    18:47:07.0579 0x0298  nvraid - ok
    18:47:07.0610 0x0298  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
    18:47:07.0626 0x0298  nvstor - ok
    18:47:07.0719 0x0298  [ FC74A222C8620CA6FF7BDF39F293500C, 790C394B32B93480156A187D769BF2AD3D50F368BAE75B14A1101C2C0206B35C ] nvsvc           C:\windows\system32\nvvsvc.exe
    18:47:07.0735 0x0298  nvsvc - ok
    18:47:07.0782 0x0298  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
    18:47:07.0797 0x0298  nv_agp - ok
    18:47:07.0844 0x0298  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
    18:47:07.0844 0x0298  ohci1394 - ok
    18:47:07.0922 0x0298  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:47:07.0938 0x0298  ose - ok
    18:47:08.0141 0x0298  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:47:08.0312 0x0298  osppsvc - ok
    18:47:08.0343 0x0298  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
    18:47:08.0359 0x0298  p2pimsvc - ok
    18:47:08.0406 0x0298  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
    18:47:08.0406 0x0298  p2psvc - ok
    18:47:08.0437 0x0298  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\windows\system32\DRIVERS\parport.sys
    18:47:08.0437 0x0298  Parport - ok
    18:47:08.0468 0x0298  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\windows\system32\drivers\partmgr.sys
    18:47:08.0468 0x0298  partmgr - ok
    18:47:08.0484 0x0298  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
    18:47:08.0484 0x0298  Parvdm - ok
    18:47:08.0531 0x0298  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\windows\System32\pcasvc.dll
    18:47:08.0531 0x0298  PcaSvc - ok
    18:47:08.0593 0x0298  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\windows\system32\drivers\pci.sys
    18:47:08.0609 0x0298  pci - ok
    18:47:08.0640 0x0298  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
    18:47:08.0640 0x0298  pciide - ok
    18:47:08.0702 0x0298  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
    18:47:08.0718 0x0298  pcmcia - ok
    18:47:08.0733 0x0298  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\windows\system32\drivers\pcw.sys
    18:47:08.0733 0x0298  pcw - ok
    18:47:08.0796 0x0298  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
    18:47:08.0827 0x0298  PEAUTH - ok
    18:47:08.0921 0x0298  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\windows\system32\pla.dll
    18:47:08.0952 0x0298  pla - ok
    18:47:09.0045 0x0298  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
    18:47:09.0061 0x0298  PlugPlay - ok
    18:47:09.0123 0x0298  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
    18:47:09.0123 0x0298  Pml Driver HPZ12 - ok
    18:47:09.0155 0x0298  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
    18:47:09.0155 0x0298  PNRPAutoReg - ok
    18:47:09.0217 0x0298  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
    18:47:09.0233 0x0298  PNRPsvc - ok
    18:47:09.0279 0x0298  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
    18:47:09.0279 0x0298  PolicyAgent - ok
    18:47:09.0311 0x0298  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\windows\system32\umpo.dll
    18:47:09.0326 0x0298  Power - ok
    18:47:09.0357 0x0298  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
    18:47:09.0357 0x0298  PptpMiniport - ok
    18:47:09.0373 0x0298  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\windows\system32\DRIVERS\processr.sys
    18:47:09.0389 0x0298  Processor - ok
    18:47:09.0420 0x0298  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\windows\system32\profsvc.dll
    18:47:09.0435 0x0298  ProfSvc - ok
    18:47:09.0451 0x0298  [ 77426C777A32E1493A787374B3D5F94B, 1C3D6EED40647705C40C554DAF38D3C0A5FE7100544448D8586E369C2772F490 ] ProtectedStorage C:\windows\system32\lsass.exe
    18:47:09.0451 0x0298  ProtectedStorage - ok
    18:47:09.0482 0x0298  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
    18:47:09.0498 0x0298  Psched - ok
    18:47:09.0545 0x0298  [ F036CFB275D0C55F4E45FBBF5F98B3C8, D8D1CA9F65B34A93AB9F7FD9BB6C453B2BF4E8320E620F56055B743DF1D56DE8 ] PSI_SVC_2       C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    18:47:09.0560 0x0298  PSI_SVC_2 - ok
    18:47:09.0669 0x0298  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
    18:47:09.0716 0x0298  ql2300 - ok
    18:47:09.0732 0x0298  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
    18:47:09.0747 0x0298  ql40xx - ok
    18:47:09.0763 0x0298  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\windows\system32\qwave.dll
    18:47:09.0779 0x0298  QWAVE - ok
    18:47:09.0810 0x0298  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
    18:47:09.0810 0x0298  QWAVEdrv - ok
    18:47:09.0825 0x0298  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
    18:47:09.0825 0x0298  RasAcd - ok
    18:47:09.0857 0x0298  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
    18:47:09.0857 0x0298  RasAgileVpn - ok
    18:47:09.0872 0x0298  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\windows\System32\rasauto.dll
    18:47:09.0872 0x0298  RasAuto - ok
    18:47:09.0888 0x0298  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
    18:47:09.0888 0x0298  Rasl2tp - ok
    18:47:09.0966 0x0298  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
    18:47:09.0966 0x0298  RasMan - ok
    18:47:09.0997 0x0298  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
    18:47:09.0997 0x0298  RasPppoe - ok
    18:47:10.0028 0x0298  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
    18:47:10.0028 0x0298  RasSstp - ok
    18:47:10.0075 0x0298  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
    18:47:10.0075 0x0298  rdbss - ok
    18:47:10.0106 0x0298  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
    18:47:10.0106 0x0298  rdpbus - ok
    18:47:10.0153 0x0298  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
    18:47:10.0169 0x0298  RDPCDD - ok
    18:47:10.0200 0x0298  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
    18:47:10.0200 0x0298  RDPENCDD - ok
    18:47:10.0247 0x0298  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
    18:47:10.0247 0x0298  RDPREFMP - ok
    18:47:10.0293 0x0298  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
    18:47:10.0309 0x0298  RDPWD - ok
    18:47:10.0371 0x0298  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
    18:47:10.0387 0x0298  rdyboost - ok
    18:47:10.0403 0x0298  [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi            C:\windows\system32\drivers\regi.sys
    18:47:10.0403 0x0298  regi - ok
    18:47:10.0418 0x0298  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
    18:47:10.0434 0x0298  RemoteAccess - ok
    18:47:10.0465 0x0298  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
    18:47:10.0481 0x0298  RemoteRegistry - ok
    18:47:10.0512 0x0298  [ B9BB8E2093C1615AD6EA55AD96214354, 57A2EEA52E2A670B712C4446F1A6379D1B79454A09A7B79455CA08894FD4B21F ] Revoflt         C:\windows\system32\DRIVERS\revoflt.sys
    18:47:10.0527 0x0298  Revoflt - ok
    18:47:10.0559 0x0298  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
    18:47:10.0559 0x0298  RpcEptMapper - ok
    18:47:10.0590 0x0298  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
    18:47:10.0590 0x0298  RpcLocator - ok
    18:47:10.0652 0x0298  [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] RpcSs           C:\windows\system32\rpcss.dll
    18:47:10.0668 0x0298  RpcSs - ok
    18:47:10.0730 0x0298  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD, 0168F61220999B2D084EDEF87079C1970BC53A9AFE4241B08931F9408FF58013 ] RsFx0103        C:\windows\system32\DRIVERS\RsFx0103.sys
    18:47:10.0746 0x0298  RsFx0103 - ok
    18:47:10.0793 0x0298  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
    18:47:10.0793 0x0298  rspndr - ok
    18:47:10.0839 0x0298  [ 83F5445DC0BA1994C1F5FF02BA79CC3A, 04CA385EC21FBB0676F97378D229ED507A386B1B33E97FC159E6A86B71553D4A ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
    18:47:10.0855 0x0298  RTL8167 - ok
    18:47:10.0855 0x0298  [ 77426C777A32E1493A787374B3D5F94B, 1C3D6EED40647705C40C554DAF38D3C0A5FE7100544448D8586E369C2772F490 ] SamSs           C:\windows\system32\lsass.exe
    18:47:10.0855 0x0298  SamSs - ok
    18:47:10.0902 0x0298  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
    18:47:10.0902 0x0298  sbp2port - ok
    18:47:10.0933 0x0298  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
    18:47:10.0933 0x0298  SCardSvr - ok
    18:47:10.0949 0x0298  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
    18:47:10.0949 0x0298  scfilter - ok
    18:47:10.0995 0x0298  [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule        C:\windows\system32\schedsvc.dll
    18:47:11.0027 0x0298  Schedule - ok
    18:47:11.0058 0x0298  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\windows\System32\certprop.dll
    18:47:11.0058 0x0298  SCPolicySvc - ok
    18:47:11.0120 0x0298  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\windows\system32\drivers\sdbus.sys
    18:47:11.0136 0x0298  sdbus - ok
    18:47:11.0167 0x0298  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
    18:47:11.0183 0x0298  SDRSVC - ok
    18:47:11.0214 0x0298  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
    18:47:11.0214 0x0298  secdrv - ok
    18:47:11.0261 0x0298  [ 38CBFFED5FC39CDFE6B4014401ED2629, 7BA730E2EDB8387190E45DA2F475BFE42AB3B12319DE088BD8E9F59227EDA4DD ] seclogon        C:\windows\system32\seclogon.dll
    18:47:11.0276 0x0298  seclogon - ok
    18:47:11.0292 0x0298  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\system32\sens.dll
    18:47:11.0307 0x0298  SENS - ok
    18:47:11.0323 0x0298  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\windows\system32\sensrsvc.dll
    18:47:11.0323 0x0298  SensrSvc - ok
    18:47:11.0370 0x0298  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
    18:47:11.0385 0x0298  Serenum - ok
    18:47:11.0401 0x0298  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\DRIVERS\serial.sys
    18:47:11.0401 0x0298  Serial - ok
    18:47:11.0432 0x0298  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
    18:47:11.0432 0x0298  sermouse - ok
    18:47:11.0479 0x0298  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
    18:47:11.0495 0x0298  SessionEnv - ok
    18:47:11.0526 0x0298  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
    18:47:11.0526 0x0298  sffdisk - ok
    18:47:11.0541 0x0298  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
    18:47:11.0541 0x0298  sffp_mmc - ok
    18:47:11.0557 0x0298  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
    18:47:11.0557 0x0298  sffp_sd - ok
    18:47:11.0604 0x0298  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
    18:47:11.0604 0x0298  sfloppy - ok
    18:47:11.0651 0x0298  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
    18:47:11.0666 0x0298  SharedAccess - ok
    18:47:11.0697 0x0298  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
    18:47:11.0713 0x0298  ShellHWDetection - ok
    18:47:11.0744 0x0298  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
    18:47:11.0744 0x0298  sisagp - ok
    18:47:11.0775 0x0298  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
    18:47:11.0791 0x0298  SiSRaid2 - ok
    18:47:11.0807 0x0298  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
    18:47:11.0807 0x0298  SiSRaid4 - ok
    18:47:11.0838 0x0298  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\windows\system32\DRIVERS\smb.sys
    18:47:11.0853 0x0298  Smb - ok
    18:47:11.0900 0x0298  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
    18:47:11.0900 0x0298  SNMPTRAP - ok
    18:47:11.0931 0x0298  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\windows\system32\drivers\spldr.sys
    18:47:11.0931 0x0298  spldr - ok
    18:47:11.0994 0x0298  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\windows\System32\spoolsv.exe
    18:47:12.0009 0x0298  Spooler - ok
    18:47:12.0150 0x0298  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
    18:47:12.0197 0x0298  sppsvc - ok
    18:47:12.0243 0x0298  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\windows\system32\sppuinotify.dll
    18:47:12.0259 0x0298  sppuinotify - ok
    18:47:12.0306 0x0298  [ A687B5B326AFCFCF182C4931D1FF9771, B8447F9FFB87A2B891D9FE29BA5182ED1129B718FB27990CE79E6CDCA6023A59 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
    18:47:12.0321 0x0298  SQLAgent$SQLEXPRESS - ok
    18:47:12.0368 0x0298  [ B54B48F6D92423440C264E91225C5FF1, 7484D90CE309555E1FB54F011A2980D8491354223111B7AA16D1D2473570DC19 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    18:47:12.0384 0x0298  SQLBrowser - ok
    18:47:12.0462 0x0298  [ 637A0F23F9012358E92E6F99835494D1, 5399EF5C35D58B6902F470BF5F851C96CBD83CAD77658917C46867B91D7D9442 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    18:47:12.0462 0x0298  SQLWriter - ok
    18:47:12.0509 0x0298  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\windows\system32\DRIVERS\srv.sys
    18:47:12.0540 0x0298  srv - ok
    18:47:12.0540 0x0298  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
    18:47:12.0555 0x0298  srv2 - ok
    18:47:12.0587 0x0298  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
    18:47:12.0587 0x0298  srvnet - ok
    18:47:12.0618 0x0298  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
    18:47:12.0618 0x0298  SSDPSRV - ok
    18:47:12.0633 0x0298  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\windows\system32\sstpsvc.dll
    18:47:12.0649 0x0298  SstpSvc - ok
    18:47:12.0711 0x0298  [ 6B91C9A4520F378859DEE3D17D68B1F0, 26535CB999F4587F5128F8E755878648CC1B24F8C044F60A1B9BB45DF36B35A9 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    18:47:12.0727 0x0298  Stereo Service - ok
    18:47:12.0743 0x0298  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
    18:47:12.0743 0x0298  stexstor - ok
    18:47:12.0805 0x0298  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
    18:47:12.0821 0x0298  StiSvc - ok
    18:47:12.0836 0x0298  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\drivers\swenum.sys
    18:47:12.0836 0x0298  swenum - ok
    18:47:12.0883 0x0298  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\windows\System32\swprv.dll
    18:47:12.0883 0x0298  swprv - ok
    18:47:12.0977 0x0298  [ 9A28F1C47CE0C8BBC02AAF5941AB44CD, E04A5F9AB270B0678015159CBFB676A51132E6535252297DB7A9B5B6F65E6577 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
    18:47:12.0992 0x0298  SynTP - ok
    18:47:13.0055 0x0298  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\windows\system32\sysmain.dll
    18:47:13.0086 0x0298  SysMain - ok
    18:47:13.0117 0x0298  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
    18:47:13.0133 0x0298  TabletInputService - ok
    18:47:13.0179 0x0298  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\windows\System32\tapisrv.dll
    18:47:13.0179 0x0298  TapiSrv - ok
    18:47:13.0273 0x0298  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
    18:47:13.0304 0x0298  Tcpip - ok
    18:47:13.0367 0x0298  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
    18:47:13.0382 0x0298  TCPIP6 - ok
    18:47:13.0429 0x0298  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
    18:47:13.0429 0x0298  tcpipreg - ok
    18:47:13.0445 0x0298  [ 4084EA00D50C858D6F9038F86AE2E2D0, FD7C34311B7F700C7C93B9A8A59D507C53ADF874651C6979979EDF5E21C32FD5 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
    18:47:13.0445 0x0298  tdcmdpst - ok
    18:47:13.0476 0x0298  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
    18:47:13.0476 0x0298  TDPIPE - ok
    18:47:13.0507 0x0298  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
    18:47:13.0523 0x0298  TDTCP - ok
    18:47:13.0554 0x0298  [ BB8817D0508DD5EA69C770C8DEF5AB67, C55671524EEF6E16BBCC92556E83FD1D6457E707EA9330FC1CDD28FB11D99B77 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
    18:47:13.0554 0x0298  tdx - ok
    18:47:13.0569 0x0298  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\drivers\termdd.sys
    18:47:13.0585 0x0298  TermDD - ok
    18:47:13.0632 0x0298  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\windows\System32\termsrv.dll
    18:47:13.0647 0x0298  TermService - ok
    18:47:13.0679 0x0298  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
    18:47:13.0679 0x0298  Themes - ok
    18:47:13.0694 0x0298  [ 9528F2A39CB660A49F0592D57127F370, DB8C667E11520C59932E4ECDD444945455AE1A9257F35202EAD8A03C75800B21 ] Thpdrv          C:\windows\system32\DRIVERS\thpdrv.sys
    18:47:13.0694 0x0298  Thpdrv - ok
    18:47:13.0725 0x0298  [ E17DCDE74FF00CA802643B4A9A4A4A5C, 9692751155D822187F6A3D0AD666001E7A2A454661AE745748CD6DE59DBC38D0 ] Thpevm          C:\windows\system32\DRIVERS\Thpevm.SYS
    18:47:13.0725 0x0298  Thpevm - ok
    18:47:13.0803 0x0298  [ 32C625D61D2C7CB1EAAC3F094D0887C1, FB002F4EEBA2CD132BD47A32E40D23DF8BBF1DA4C67E46F41A3C3B510EEC6C31 ] Thpsrv          C:\windows\system32\ThpSrv.exe
    18:47:13.0803 0x0298  Thpsrv - ok
    18:47:13.0835 0x0298  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\windows\system32\mmcss.dll
    18:47:13.0835 0x0298  THREADORDER - ok
    18:47:13.0913 0x0298  [ 71C321649B28638EE80A2EEB164C1DC8, D75D296B506DCC38A4DED82C71141388AEB60B065785DCC5BC2F4B3B77ACEDC7 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    18:47:13.0913 0x0298  TMachInfo - ok
    18:47:13.0959 0x0298  [ FE65D33B7D4FF07DD1D29526A48DF810, E595370FD907734BC24263661C58F9AF7BDAEAE3BABED65A6C0EF837E17A7F68 ] TODDSrv         C:\windows\system32\TODDSrv.exe
    18:47:13.0975 0x0298  TODDSrv - ok
    18:47:14.0037 0x0298  [ 85EDF7A274435E4DF051BB23F8E01581, 2B0F963B0BB2BB38204156D1F5044089233ED41DD74F4389C8062929D937BE73 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    18:47:14.0069 0x0298  TosCoSrv - ok
    18:47:14.0100 0x0298  [ 05FE4C62E05C2F974500A02C91032877, 2195EEB3AC04F1EF5BA3182061C31BCF51C0DA9EF14236F5E6DD36F2EDC636C7 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    18:47:14.0115 0x0298  TOSHIBA Bluetooth Service - ok
    18:47:14.0162 0x0298  [ 149AEB8E49A4DDCAE5250EBF01BFB2CF, AB443015302B59BC202B3DE01833D97CC09287F8CAAC5B57A38EDB99119915D2 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    18:47:14.0178 0x0298  TOSHIBA eco Utility Service - ok
    18:47:14.0193 0x0298  [ 991E324DC137402148E01C2269632C6B, D65F77998DC48594BF26B0EB6B11805F6A6C9CCB0783229DB4B360352F27BD17 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    18:47:14.0193 0x0298  TOSHIBA HDD SSD Alert Service - ok
    18:47:14.0209 0x0298  Tosrfcom - ok
    18:47:14.0240 0x0298  [ 9EE240F7029771B21CC6200BE6516D60, BF0ADEDE8D2EBDD081A0B0C68FFF36BB2EF50D79C5C709E21CC0D4C46F173794 ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys
    18:47:14.0240 0x0298  tosrfec - ok
    18:47:14.0271 0x0298  [ 969377943FE7284609BABBAB4E06B93C, 401ABFF0F2157730F8188E1C02C947EB62E9E0BE87DF260C4BCE74F5E8C08A46 ] tos_sps32       C:\windows\system32\DRIVERS\tos_sps32.sys
    18:47:14.0271 0x0298  tos_sps32 - ok
    18:47:14.0349 0x0298  [ 7A3015457209333D5D08FF10A8F0C120, 85BC89006DA171E31D5ECEE9ECF6ACE6A7AD4A88CDF58CD7F65C2CA3B76A0F83 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    18:47:14.0365 0x0298  TPCHSrv - ok
    18:47:14.0381 0x0298  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
    18:47:14.0396 0x0298  TrkWks - ok
    18:47:14.0474 0x0298  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    18:47:14.0474 0x0298  TrustedInstaller - ok
    18:47:14.0521 0x0298  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
    18:47:14.0521 0x0298  tssecsrv - ok
    18:47:14.0583 0x0298  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
    18:47:14.0583 0x0298  TsUsbFlt - ok
    18:47:14.0646 0x0298  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
    18:47:14.0646 0x0298  tunnel - ok
    18:47:14.0693 0x0298  [ FC24015B4052600C324C43E3A79C0664, 908DFC8490079FB3178DEF9D3A712F22E4E39D65092401D1003925FCF65EE4DB ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
    18:47:14.0693 0x0298  TVALZ - ok
    18:47:14.0724 0x0298  [ 866462F5AE3F375EF83EF9DCE436031C, 5433B3F3FC66C0E17ADBD98F97FD6189927B81C462859C67A22CE16E66DEB6D8 ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
    18:47:14.0724 0x0298  TVALZFL - ok
    18:47:14.0771 0x0298  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
    18:47:14.0771 0x0298  uagp35 - ok
    18:47:14.0802 0x0298  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
    18:47:14.0817 0x0298  udfs - ok
    18:47:14.0849 0x0298  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\windows\system32\UI0Detect.exe
    18:47:14.0849 0x0298  UI0Detect - ok
    18:47:14.0911 0x0298  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
    18:47:14.0911 0x0298  uliagpkx - ok
    18:47:14.0958 0x0298  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\windows\system32\drivers\umbus.sys
    18:47:14.0958 0x0298  umbus - ok
    18:47:14.0989 0x0298  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
    18:47:14.0989 0x0298  UmPass - ok
    18:47:15.0114 0x0298  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
    18:47:15.0161 0x0298  UNS - ok
    18:47:15.0192 0x0298  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
    18:47:15.0192 0x0298  upnphost - ok
    18:47:15.0223 0x0298  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
    18:47:15.0223 0x0298  USBAAPL - ok
    18:47:15.0254 0x0298  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
    18:47:15.0254 0x0298  usbccgp - ok
    18:47:15.0301 0x0298  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
    18:47:15.0317 0x0298  usbcir - ok
    18:47:15.0363 0x0298  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\windows\system32\drivers\usbehci.sys
    18:47:15.0363 0x0298  usbehci - ok
    18:47:15.0395 0x0298  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
    18:47:15.0410 0x0298  usbhub - ok
    18:47:15.0457 0x0298  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\windows\system32\drivers\usbohci.sys
    18:47:15.0457 0x0298  usbohci - ok
    18:47:15.0488 0x0298  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
    18:47:15.0504 0x0298  usbprint - ok
    18:47:15.0535 0x0298  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\windows\system32\drivers\usbscan.sys
    18:47:15.0551 0x0298  usbscan - ok
    18:47:15.0597 0x0298  [ 144DA53294922A84FFAA3D90B1453745, A8DC6B534E4526E2226CF6C9D53A4B6B251D2F23728E41737063D24024C5266F ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
    18:47:15.0597 0x0298  USBSTOR - ok
    18:47:15.0675 0x0298  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
    18:47:15.0675 0x0298  usbuhci - ok
    18:47:15.0753 0x0298  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
    18:47:15.0753 0x0298  usbvideo - ok
    18:47:15.0785 0x0298  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\windows\System32\uxsms.dll
    18:47:15.0785 0x0298  UxSms - ok
    18:47:15.0800 0x0298  [ 77426C777A32E1493A787374B3D5F94B, 1C3D6EED40647705C40C554DAF38D3C0A5FE7100544448D8586E369C2772F490 ] VaultSvc        C:\windows\system32\lsass.exe
    18:47:15.0816 0x0298  VaultSvc - ok
    18:47:15.0878 0x0298  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
    18:47:15.0878 0x0298  vdrvroot - ok
    18:47:15.0941 0x0298  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\windows\System32\vds.exe
    18:47:15.0956 0x0298  vds - ok
    18:47:15.0987 0x0298  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
    18:47:15.0987 0x0298  vga - ok
    18:47:16.0019 0x0298  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\windows\System32\drivers\vga.sys
    18:47:16.0019 0x0298  VgaSave - ok
    18:47:16.0065 0x0298  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
    18:47:16.0065 0x0298  vhdmp - ok
    18:47:16.0097 0x0298  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
    18:47:16.0097 0x0298  viaagp - ok
    18:47:16.0128 0x0298  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
    18:47:16.0128 0x0298  ViaC7 - ok
    18:47:16.0175 0x0298  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
    18:47:16.0190 0x0298  viaide - ok
    18:47:16.0221 0x0298  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
    18:47:16.0221 0x0298  volmgr - ok
    18:47:16.0268 0x0298  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
    18:47:16.0284 0x0298  volmgrx - ok
    18:47:16.0346 0x0298  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\windows\system32\drivers\volsnap.sys
    18:47:16.0362 0x0298  volsnap - ok
    18:47:16.0409 0x0298  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
    18:47:16.0409 0x0298  vsmraid - ok
    18:47:16.0502 0x0298  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\windows\system32\vssvc.exe
    18:47:16.0518 0x0298  VSS - ok
    18:47:16.0549 0x0298  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
    18:47:16.0549 0x0298  vwifibus - ok
    18:47:16.0580 0x0298  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
    18:47:16.0580 0x0298  vwififlt - ok
    18:47:16.0643 0x0298  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\windows\system32\w32time.dll
    18:47:16.0658 0x0298  W32Time - ok
    18:47:16.0674 0x0298  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
    18:47:16.0674 0x0298  WacomPen - ok
    18:47:16.0721 0x0298  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
    18:47:16.0736 0x0298  WANARP - ok
    18:47:16.0736 0x0298  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
    18:47:16.0752 0x0298  Wanarpv6 - ok
    18:47:16.0892 0x0298  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
    18:47:16.0923 0x0298  WatAdminSvc - ok
    18:47:17.0017 0x0298  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
    18:47:17.0033 0x0298  wbengine - ok
    18:47:17.0064 0x0298  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
    18:47:17.0079 0x0298  WbioSrvc - ok
    18:47:17.0111 0x0298  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\windows\System32\wcncsvc.dll
    18:47:17.0126 0x0298  wcncsvc - ok
    18:47:17.0142 0x0298  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    18:47:17.0142 0x0298  WcsPlugInService - ok
    18:47:17.0173 0x0298  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\DRIVERS\wd.sys
    18:47:17.0173 0x0298  Wd - ok
    18:47:17.0220 0x0298  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\windows\system32\DRIVERS\wdcsam.sys
    18:47:17.0220 0x0298  WDC_SAM - ok
    18:47:17.0267 0x0298  [ BF847A3972CC6B5CE26E0EA742DD52D9, F8EEAB98260A6D1A1426842F5DE7F28186784FBE30C86EFF4FD3BFFBCF9F277F ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    18:47:17.0282 0x0298  WDDMService - ok
    18:47:17.0376 0x0298  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
    18:47:17.0391 0x0298  Wdf01000 - ok
    18:47:17.0547 0x0298  [ B5966F1DFF6E20576F3C8C2D93D129FD, 215526629D2160B15117B4F2395AA8B2B01A1237F9320B6CF33B668F7F36B2F5 ] WDFME           C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    18:47:17.0579 0x0298  WDFME - ok
    18:47:17.0610 0x0298  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\windows\system32\wdi.dll
    18:47:17.0625 0x0298  WdiServiceHost - ok
    18:47:17.0625 0x0298  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\windows\system32\wdi.dll
    18:47:17.0641 0x0298  WdiSystemHost - ok
    18:47:17.0688 0x0298  [ 92F0088CA18BB08BB596EF2608256F8A, 70DD5E23505719DB114B8E78770CDB48B985FB8F00AF59B9BB191600D52D95A5 ] WDSC            C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    18:47:17.0703 0x0298  WDSC - ok
    18:47:17.0750 0x0298  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\windows\System32\webclnt.dll
    18:47:17.0766 0x0298  WebClient - ok
    18:47:17.0797 0x0298  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
    18:47:17.0797 0x0298  Wecsvc - ok
    18:47:17.0813 0x0298  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\windows\System32\wercplsupport.dll
    18:47:17.0813 0x0298  wercplsupport - ok
    18:47:17.0844 0x0298  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
    18:47:17.0844 0x0298  WerSvc - ok
    18:47:17.0891 0x0298  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
    18:47:17.0891 0x0298  WfpLwf - ok
    18:47:17.0906 0x0298  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
    18:47:17.0906 0x0298  WIMMount - ok
    18:47:18.0015 0x0298  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
    18:47:18.0031 0x0298  WinDefend - ok
    18:47:18.0047 0x0298  WinHttpAutoProxySvc - ok
    18:47:18.0140 0x0298  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
    18:47:18.0140 0x0298  Winmgmt - ok
    18:47:18.0218 0x0298  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\windows\system32\WsmSvc.dll
    18:47:18.0249 0x0298  WinRM - ok
    18:47:18.0296 0x0298  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\windows\system32\drivers\WinUsb.sys
    18:47:18.0312 0x0298  WinUsb - ok
    18:47:18.0374 0x0298  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\windows\System32\wlansvc.dll
    18:47:18.0390 0x0298  Wlansvc - ok
    18:47:18.0546 0x0298  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    18:47:18.0561 0x0298  wlcrasvc - ok
    18:47:18.0686 0x0298  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:47:18.0717 0x0298  wlidsvc - ok
    18:47:18.0749 0x0298  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
    18:47:18.0749 0x0298  WmiAcpi - ok
    18:47:18.0780 0x0298  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
    18:47:18.0780 0x0298  wmiApSrv - ok
    18:47:18.0905 0x0298  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
    18:47:18.0920 0x0298  WMPNetworkSvc - ok
    18:47:18.0936 0x0298  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
    18:47:18.0936 0x0298  WPCSvc - ok
    18:47:18.0967 0x0298  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
    18:47:18.0967 0x0298  WPDBusEnum - ok
    18:47:18.0998 0x0298  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
    18:47:18.0998 0x0298  ws2ifsl - ok
    18:47:19.0029 0x0298  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\system32\wscsvc.dll
    18:47:19.0045 0x0298  wscsvc - ok
    18:47:19.0045 0x0298  WSearch - ok
    18:47:19.0201 0x0298  [ E51B294DC4A0A944DDE468356CFBB4AC, 0C1B8768C0F8CD7A76E926A068AA994D9FC546A4FBFC8935C93F683A9A052762 ] wuauserv        C:\windows\system32\wuaueng.dll
    18:47:19.0248 0x0298  wuauserv - ok
    18:47:19.0295 0x0298  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
    18:47:19.0295 0x0298  WudfPf - ok
    18:47:19.0341 0x0298  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\windows\system32\drivers\WUDFRd.sys
    18:47:19.0341 0x0298  WUDFRd - ok
    18:47:19.0388 0x0298  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\windows\System32\WUDFSvc.dll
    18:47:19.0388 0x0298  wudfsvc - ok
    18:47:19.0451 0x0298  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\windows\System32\wwansvc.dll
    18:47:19.0466 0x0298  WwanSvc - ok
    18:47:19.0482 0x0298  ================ Scan global ===============================
    18:47:19.0513 0x0298  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\windows\system32\basesrv.dll
    18:47:19.0560 0x0298  [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\windows\system32\winsrv.dll
    18:47:19.0591 0x0298  [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\windows\system32\winsrv.dll
    18:47:19.0607 0x0298  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
    18:47:19.0669 0x0298  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\windows\system32\services.exe
    18:47:19.0685 0x0298  [ Global ] - ok
    18:47:19.0685 0x0298  ================ Scan MBR ==================================
    18:47:19.0685 0x0298  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    18:47:20.0090 0x0298  \Device\Harddisk0\DR0 - ok
    18:47:20.0090 0x0298  ================ Scan VBR ==================================
    18:47:20.0106 0x0298  [ CB11F2CBBCD33FCCDF669C4243468641 ] \Device\Harddisk0\DR0\Partition1
    18:47:20.0106 0x0298  \Device\Harddisk0\DR0\Partition1 - ok
    18:47:20.0106 0x0298  ================ Scan generic autorun ======================
    18:47:20.0168 0x0298  [ DB04E6CBFCB38A8E224239CE2185D9E6, 7DBAF41EB3BE0A21DB9CFB72FA22879238089E32879D2E2D7FC651CC9778C30B ] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
    18:47:20.0184 0x0298  SVPWUTIL - ok
    18:47:20.0215 0x0298  [ 5F91764211D1517C15C9D2C4ED665A09, 56941A8571FE5935237756795B9F821235B7AED066A450905C860B08F54A248E ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
    18:47:20.0231 0x0298  HWSetup - ok
    18:47:20.0262 0x0298  [ 15E7DB66D11CC100DC96C6EE8D97F520, DB0C03A7F7AE1465C5E780CA6D7BF4ED143842ABCD096A7F61B98E3E99E666F5 ] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    18:47:20.0262 0x0298  KeNotify - ok
    18:47:20.0293 0x0298  [ E9A60A1CA8850EA5642F7CC673009639, EA4A81BF1E15C141F96687938015DA0E0EE558D91F6A6753F01D2878FE7B9B9D ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
    18:47:20.0309 0x0298  TPwrMain - ok
    18:47:20.0340 0x0298  [ 1694B28EBF704C0C0DA037EA65CD051F, E3E1E58409B2B738FE7ED972F725C02606B18F4EDC848DCB91EF472FB39EDD31 ] C:\Program Files\TOSHIBA\TBS\HSON.exe
    18:47:20.0355 0x0298  HSON - ok
    18:47:20.0387 0x0298  [ A11F5EE731CD48F3DC509E2D180E1AF0, E81D6EEB59D1EB2046DB384611D9B4D6B58CA71BD88005DEDE33D0ABA9B24C3A ] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    18:47:20.0402 0x0298  SmoothView - ok
    18:47:20.0449 0x0298  [ ACCE1C4599C8362AA92B91F4DB93D6A5, 855A57EA537479C086758F213867C092C939C64FABC84CC021304F0140A699AB ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    18:47:20.0465 0x0298  00TCrdMain - ok
    18:47:20.0761 0x0298  [ 750C7CEC215C3DACCBD52CF0AB80EC8F, 6086D9311529228CF3CC5DDFF1CF91D478AC16831572385E6930D15B19C3A727 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    18:47:21.0042 0x0298  RtHDVCpl - ok
    18:47:21.0120 0x0298  [ 2F0ED11A907837A4F5393058AB4490D8, 62A2F9172712ABB2332461F50851D36649F48A3DC6058B073C4E6B01409EAF91 ] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
    18:47:21.0120 0x0298  RtHDVBg - ok
    18:47:21.0198 0x0298  [ 66E44CD685FE1E81773FD14248EA4433, 79F93023B5CDE648AFD62E91DC18C66D32519F69B2C6067899837F51C9671788 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    18:47:21.0229 0x0298  SynTPEnh - ok
    18:47:21.0229 0x0298  ThpSrv - ok
    18:47:21.0260 0x0298  [ B9FBE2C4DE9A72E8997697C8D5CAD009, EF2F8C2D4AE2D45232C97D60734B398E3EC59245702F4B5D3D7E5077DBF83B1D ] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    18:47:21.0260 0x0298  ITSecMng - ok
    18:47:21.0307 0x0298  [ CEBD440B6F812A00B2391CCD71E82958, 93A5FDD7B07310DE2F233019DEF34E0F575FA42DD574C6685B991BADF28121D1 ] C:\Program Files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    18:47:21.0323 0x0298  TSleepSrv - ok
    18:47:21.0447 0x0298  [ B747C04544D916ADADB5FFB5221B0670, 738F1D9A1ED8720580288BC8E1E362CE178E3125274755EB7277988FB6DB92F1 ] C:\Program Files\TOSHIBA\TECO\Teco.exe
    18:47:21.0463 0x0298  Teco - ok
    18:47:21.0510 0x0298  [ CAEE49FF78BD6E1791E9729C5F7FB273, BD26AD37F3F5A10D6C011FA1F74F7D77C09A8B35A2417BBFEA0B2640CB47AC3B ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    18:47:21.0510 0x0298  TosSENotify - ok
    18:47:21.0572 0x0298  [ 7A45F54B555847A8467840CD8E13D30C, 03BC932282E86B041CFDDD55AA348209AAF3F42F3EE22952D02DE6BCE1E9C6D7 ] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
    18:47:21.0588 0x0298  TRCMan - ok
    18:47:21.0619 0x0298  [ ABE39F956F312174085C5642A48B02A0, 0DF83B568F7ECED38A8BEF109D2A7099D687AEAA399C800B9D3F6F6D23F0DA0D ] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
    18:47:21.0635 0x0298  TosWaitSrv - ok
    18:47:21.0666 0x0298  [ 2E3F9FA245211FEA91FC1CC7EAC6AFF5, 832442FB441E3811AFB46D6C8A4AE54CF8D78DAEBA377E37BF3ED682B618E58D ] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    18:47:21.0666 0x0298  SmartFaceVWatcher - ok
    18:47:21.0681 0x0298  [ 7D8823CDB4E89BC3B42320CEB9F95353, 23122D6C58F7DFDA6BF8996985DFD14204FB529A40AE1C3B43C7F1D1074DD2CE ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    18:47:21.0681 0x0298  TosVolRegulator - ok
    18:47:21.0728 0x0298  [ B99F22537DC479BB0774E26CBE0A37B4, FF3190BF5F1558A44C45AF9EDBEC15BCE2AAC2FDE38518FFD4CA80E92711A9A1 ] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    18:47:21.0728 0x0298  TosReelTimeMonitor - ok
    18:47:21.0791 0x0298  [ 72860972F8196EBB3C896F53D2B95470, 95C046A66DD0089377867F073CADCE585B7C69CA23E724DCAD9D896BF01E023D ] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    18:47:21.0806 0x0298  hpqSRMon - ok
    18:47:21.0900 0x0298  [ 9F60097061F79620C9C59FF37A61D852, 9B94C00CAA1F4DF95485F994576DA68B30635C628CFE3D6AE1811E6FEB1A56CA ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    18:47:21.0900 0x0298  APSDaemon - ok
    18:47:22.0149 0x0298  [ 5D6E8751EF7B79597F253668F572A383, FF498FAA30D34202DD7182D6DEE6C3C91E90D3FEC8170CD4AC71DEF76A17EACC ] C:\Program Files\AVG\AVG2013\avgui.exe
    18:47:22.0212 0x0298  AVG_UI - ok
    18:47:22.0259 0x0298  [ C637FC4638A96165256B28D38DE7B953, CD658543610F151C7860DBDCF36596C9B5417D87E598FA50A435392D4AED1C14 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    18:47:22.0259 0x0298  HP Software Update - ok
    18:47:22.0321 0x0298  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
    18:47:22.0337 0x0298  QuickTime Task - ok
    18:47:22.0399 0x0298  [ 99342358331F57209DFF987CEEB8E37B, 3972DD0BE82B43BD50838E8B44DBF8160777B302F2718F2624CC6B67E0E1AF02 ] C:\Program Files\iTunes\iTunesHelper.exe
    18:47:22.0415 0x0298  iTunesHelper - ok
    18:47:22.0493 0x0298  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    18:47:22.0493 0x0298  swg - ok
    18:47:22.0539 0x0298  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
    18:47:22.0539 0x0298  QuickTime Task - ok
    18:47:22.0555 0x0298  Waiting for KSN requests completion. In queue: 130
    18:47:23.0569 0x0298  Waiting for KSN requests completion. In queue: 130
    18:47:24.0583 0x0298  Waiting for KSN requests completion. In queue: 130
    18:47:25.0597 0x0298  Waiting for KSN requests completion. In queue: 130
    18:47:26.0673 0x0298  AV detected via SS2: AVG Internet Security 2013, C:\Program Files\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x42000 ( disabled : updated )
    18:47:26.0673 0x0298  AV detected via SS2: AVG update module, C:\Program Files\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x40000 ( disabled : updated )
    18:47:26.0673 0x0298  FW detected via SS2: AVG update module, C:\Program Files\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x40010 ( disabled )
    18:47:26.0673 0x0298  FW detected via SS2: AVG Internet Security 2013, C:\Program Files\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x41010 ( enabled )
    18:47:29.0138 0x0298  ============================================================
    18:47:29.0138 0x0298  Scan finished
    18:47:29.0138 0x0298  ============================================================
    18:47:29.0154 0x1818  Detected object count: 0
    18:47:29.0154 0x1818  Actual detected object count: 0
    18:48:08.0731 0x0de0  Deinitialize success
     
     
     
    And her is the RogueKiller scan log:
     
    RogueKiller V12.1.4.0 [Apr 25 2016] (Free) by Adlice Software
     
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : jan [Administrator]
    Started from : C:\Users\jan\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 04/28/2016 19:39:26
     
    ¤¤¤ Processes : 0 ¤¤¤
     
    ¤¤¤ Registry : 6 ¤¤¤
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\eapihdrv (\??\C:\Users\jan\AppData\Local\Temp\ehdrv.sys) -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eapihdrv (\??\C:\Users\jan\AppData\Local\Temp\ehdrv.sys) -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eapihdrv (\??\C:\Users\jan\AppData\Local\Temp\ehdrv.sys) -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4F152F5B-8AB2-4E74-B198-3B37DB97CDE1} | DhcpNameServer : 172.20.10.1 ([])  -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4F152F5B-8AB2-4E74-B198-3B37DB97CDE1} | DhcpNameServer : 172.20.10.1 ([])  -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4F152F5B-8AB2-4E74-B198-3B37DB97CDE1} | DhcpNameServer : 172.20.10.1 ([])  -> Found
     
    ¤¤¤ Tasks : 0 ¤¤¤
     
    ¤¤¤ Files : 2 ¤¤¤
    [PUP][Folder] C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> Found
    [PUP][Folder] C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} -> Found
     
    ¤¤¤ Hosts File : 0 ¤¤¤
     
    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
     
    ¤¤¤ Web browsers : 0 ¤¤¤
     
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++
    --- User ---
    [MBR] 6bf4cb981f1f01a71c35907e8bfc0aea
    [BSP] 0ddd172eb8a8e2afe31eca21b85872aa : HP MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 596212 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1224116224 | Size: 12767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
     
    By the way, when the RogueKiller scan finished it opened a website on removing PUMs (this happened with both scans). I just closed that as you had not mentioned taking any action on the scan result.
     
    Also, the RKreport[1].txt was not on the desktop after either scan. I used the button to view the results and the button to export the report to text.
     
    I look forward to your further instructions.

    Related Topics

    Back to Virus, Spyware & Malware Removal · Next Unread Topic →

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. What the Tech
    2. Spyware / Malware / Virus Removal
    3. Virus, Spyware & Malware Removal
    4. Privacy Policy
    5. Terms of Use ·