TechSpot

Computer crashing

By di229
May 22, 2012
  1. Hello, my computer seems to have some bad viruses, malware and or Trojan, I have downloaded Rkill and run the full scan, and found C:\windows\sysWOW64\grpcov.exe. I have also downloaded Malwarebytes Anti-Malware and it did fine over 200 + like PUP.My Web Search; Adware Game Play; PUP Cross Fire.Gen, went through the steps to remove them. However the computer is still crashing. Pulse I do not seem to be able to fix the Windows\sysWOW64\grpcov.exe. Could you please help?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. di229

    di229 TS Rookie Topic Starter Posts: 75

    First Thank you, I have printed out all instruction and will be getting back with the information you have asked for.
     
  4. di229

    di229 TS Rookie Topic Starter Posts: 75

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.05.22.03
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    DI :: DI-PC [administrator]
    Protection: Enabled
    5/22/2012 1:39:18 PM
    mbam-log-2012-05-22 (13-39-18).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211607
    Time elapsed: 3 minute(s), 56 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  5. di229

    di229 TS Rookie Topic Starter Posts: 75

    GMER hasn't found any system modification. moving on to the next step.
     
  6. di229

    di229 TS Rookie Topic Starter Posts: 75

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by DI at 14:54:06 on 2012-05-22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2267 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe
    C:\Windows\system32\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Macrium\Reflect\ReflectService.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dogpile.com/
    uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    TB: {364ea597-e728-4ce4-bb4a-ed846ef47970} - No File
    uRun: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [cfFncEnabler.exe] cfFncEnabler.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
    mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
    mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    StartupFolder: C:\Users\DI\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{12ECCC2B-9BAD-46F2-8D86-BE24BBED550F} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{E2D6C87D-EA0E-45B1-8478-444099EA34F7} : DhcpNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    TB-X64: {364ea597-e728-4ce4-bb4a-ed846ef47970} - No File
    mRun-x64: [NDSTray.exe] NDSTray.exe
    mRun-x64: [cfFncEnabler.exe] cfFncEnabler.exe
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
    mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
    mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2011-12-13 20480]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-6-27 36864]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-7-10 40960]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408]
    R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-4-26 301720]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-6 1153368]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-3-30 1295416]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-3-30 681016]
    R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-14 46392]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-6 257696]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 PSMounter;Macrium Reflect Image Explorer Service;\??\C:\Windows\system32\drivers\psmounter.sys --> C:\Windows\system32\drivers\psmounter.sys [?]
    S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-10-17 89920]
    S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
    S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-05-22 00:00:59 -------- d-----w- C:\Windows\7AE5C77687424874B53B941190171E6D.TMP
    2012-05-21 23:21:43 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-05-21 20:20:50 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2012-05-21 00:34:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-05-21 00:32:35 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-05-15 03:09:03 -------- d-----w- C:\Users\DI\AppData\Local\Secunia PSI (BETA)
    2012-05-15 03:08:46 -------- d-----w- C:\Program Files (x86)\Secunia
    2012-05-14 21:37:27 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2012-05-13 23:07:05 -------- d-----w- C:\7aba611563357b4421a651
    2012-05-13 17:54:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-13 17:54:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-13 16:31:40 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-13 14:43:34 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-13 14:43:32 2766848 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-13 12:49:05 -------- d-----w- C:\Users\DI\AppData\Roaming\Malwarebytes
    2012-05-13 12:48:59 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-13 12:48:59 -------- d-----w- C:\Malwarebytes' Anti-Malware
    2012-05-12 09:26:13 -------- d-----w- C:\d7dab029906388acfc022f2ab0bad73d
    2012-05-08 11:42:27 -------- d-----w- C:\Program Files\iPod
    2012-05-08 11:42:25 -------- d-----w- C:\Program Files\iTunes
    2012-05-08 11:42:25 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-05-03 01:58:31 78848 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-05-03 01:58:31 5632 ----a-w- C:\Windows\System32\wmi.dll
    2012-05-03 01:58:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-05-03 01:58:31 219136 ----a-w- C:\Windows\System32\wintrust.dll
    2012-05-03 01:58:31 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-05-03 01:58:31 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-05-03 01:58:31 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-05-02 11:53:17 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2012-05-02 11:53:17 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
    2012-05-02 04:09:12 -------- d-----w- C:\Windows\Microsoft Antimalware
    2012-05-02 04:09:08 -------- d-----w- C:\Windows\Windows Defender Offline
    2012-05-02 01:12:25 -------- d-----w- C:\sh4ldr
    2012-05-02 01:12:25 -------- d-----w- C:\Program Files\Enigma Software Group
    2012-04-30 23:57:01 -------- d-----w- C:\Users\DI\AppData\Local\IAC
    2012-04-30 20:13:47 -------- d-----w- C:\Program Files (x86)\AML Products
    2012-04-30 19:25:07 -------- d-----w- C:\Users\DI\AppData\Local\DictionaryBoss
    2012-04-30 19:14:20 -------- d-----w- C:\Program Files (x86)\DictionaryBoss
    2012-04-30 12:24:52 -------- d-----w- C:\Program Files\Macrium(640)
    2012-04-28 19:11:19 -------- d-----w- C:\Program Files (x86)\WormBlaster Software ™
    2012-04-28 13:14:40 -------- d-----w- C:\Users\DI\AppData\Roaming\CompuClever
    2012-04-27 23:28:34 -------- d-----w- C:\Program Files (x86)\Auslogics(41)
    2012-04-26 20:31:32 57496 ----a-w- C:\Windows\System32\drivers\psmounter.sys
    2012-04-26 20:31:32 13464 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys
    .
    ==================== Find3M ====================
    .
    2012-05-22 16:29:05 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
    2012-05-06 12:18:44 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-06 12:18:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-06 12:18:38 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-19 10:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-03-19 11:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-03-06 21:10:04 525792 ----a-w- C:\Windows\DIFxAPI.dll
    2012-03-01 15:39:45 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-03-01 15:39:45 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-03-01 14:46:01 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-03-01 14:46:01 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-29 14:40:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-02-29 14:09:35 834048 ----a-w- C:\Windows\System32\d2d1.dll
    2012-02-29 14:08:47 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-02-29 14:06:08 1556480 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-29 13:44:50 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-02-29 13:41:40 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 14:55:22.61 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/6/2011 12:22:45 PM
    System Uptime: 5/22/2012 12:38:06 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 1200/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 175.002 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e967-e325-11ce-bfc1-08002be10318}
    Description: Disk drive
    Device ID: RIXDPTSK\DISK&VEN_RICOH&PROD_XDSTORAGE&REV_1.00\XD0001
    Manufacturer: (Standard disk drives)
    Name: Ricoh xD-Picture Card Disk Device
    PNP Device ID: RIXDPTSK\DISK&VEN_RICOH&PROD_XDSTORAGE&REV_1.00\XD0001
    Service: disk
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    Adobe AIR
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Software Update
    Auslogics Disk Defrag
    AVG PC Tuneup
    BufferChm
    Camera Assistant Software for Toshiba
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CD/DVD Drive Acoustic Silencer
    Content Transfer
    Crystal Reports Basic for Visual Studio 2008
    CustomerResearchQFolder
    CyberLink PowerCinema for TOSHIBA
    Destinations
    DeviceManagementQFolder
    dj6980
    Download Updater (AOL LLC)
    DVD MovieFactory for TOSHIBA
    eSupportQFolder
    FileHippo.com Update Checker
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
    HP Photosmart Essential
    HP Product Assistant
    HP Product Detection
    HP Update
    HPProductAssistant
    iExplorer 2.2.1.3
    iLivid
    IncrediMail
    IncrediMail 2.0
    Java Auto Updater
    Java(TM) 7 Update 3
    JavaFX 2.0.3
    Legacy 7.5
    Lexmark 7300 Series
    LG USB Modem driver
    LP6980_Help
    LP6980Trb
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Document Explorer 2008
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    Microsoft Office Suite Activation Assistant
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft XML Parser
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Photo Notifier and Animation Creator
    Protection Center
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    RealUpgrade 1.1
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
    Secunia PSI (3.0.0.0006)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    SF_CDB_ProductContext
    SF_CDB_Software
    Skins
    Skype Click to Call
    Skype™ 5.8
    SlimDrivers
    SolutionCenter
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    Status
    Stellarium 0.11.1
    Toolbox
    Toshiba Assist
    TOSHIBA ConfigFree
    TOSHIBA Desktop Links
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA PowerCinema Helper
    Toshiba Registration
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TrayApp
    Unity Web Player
    UnloadSupport
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
    Update Installer for WildTangent Games App
    VC Runtimes MSI
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio 2008 x64 Redistributables
    Visual Studio Tools for the Office system 3.0 Runtime
    WebReg
    Webshots Desktop
    WildTangent Games App (Toshiba Games)
    Winamp
    Winamp Detector Plug-in
    Windows Media Encoder 9 Series
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/22/2012 9:56:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA Navi Support Service service to connect.
    5/22/2012 9:56:07 AM, Error: Service Control Manager [7000] - The TOSHIBA Navi Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/22/2012 10:28:27 AM, Error: EventLog [6008] - The previous system shutdown at 10:25:57 AM on 5/22/2012 was unexpected.
    5/22/2012 10:10:55 AM, Error: EventLog [6008] - The previous system shutdown at 10:07:02 AM on 5/22/2012 was unexpected.
    5/21/2012 6:01:28 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    5/21/2012 5:55:07 PM, Error: EventLog [6008] - The previous system shutdown at 5:50:03 PM on 5/21/2012 was unexpected.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/21/2012 5:44:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    5/21/2012 5:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/21/2012 5:43:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    5/21/2012 5:43:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/21/2012 5:43:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    5/21/2012 5:43:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/21/2012 5:43:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/21/2012 5:43:25 PM, Error: EventLog [6008] - The previous system shutdown at 5:34:57 PM on 5/21/2012 was unexpected.
    5/21/2012 5:20:37 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    5/21/2012 5:20:37 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    5/21/2012 3:01:51 PM, Error: EventLog [6008] - The previous system shutdown at 2:23:38 PM on 5/21/2012 was unexpected.
    5/21/2012 1:06:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    5/20/2012 6:49:10 PM, Error: EventLog [6008] - The previous system shutdown at 6:42:50 PM on 5/20/2012 was unexpected.
    5/20/2012 5:11:01 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0022FAA9642C. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    5/15/2012 6:10:04 PM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a03.
    5/15/2012 4:56:52 AM, Error: EventLog [6008] - The previous system shutdown at 9:39:38 PM on 5/14/2012 was unexpected.
    5/15/2012 3:02:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
    5/15/2012 3:02:29 PM, Error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =======================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  8. di229

    di229 TS Rookie Topic Starter Posts: 75

    wrong log
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    This is not what I asked for.

    [​IMG]
     
  10. di229

    di229 TS Rookie Topic Starter Posts: 75

    sorry, you have my full attention
     
  11. di229

    di229 TS Rookie Topic Starter Posts: 75

    I downloaded Bootkit Remover to my desktop and posted the output as you stated what did I not do right? As I thought I was going but your instruction. I'm sorry if I miss something. I will wait for your replay.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You posted Attach.txt part of DDS not Bootkit Remover log.
    Re-read my instructions.
     
  13. di229

    di229 TS Rookie Topic Starter Posts: 75

    thank you, I will do again
     
  14. di229

    di229 TS Rookie Topic Starter Posts: 75

    wrong log
     
  15. di229

    di229 TS Rookie Topic Starter Posts: 75

    aswMbr was scanning and "avast! Antirootkit has stopped working" A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is acailable.
    I will wait for your instructions
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You posted DDS.txt log instead of Bootkit Remover log.
     
  17. di229

    di229 TS Rookie Topic Starter Posts: 75

    sorry I will re-try again also I still have this message with the aswMBr were is stopped scanning at C;\Users\DI\Documents\AUI\Data Applications\ITP400_IP1_Di
     
  18. di229

    di229 TS Rookie Topic Starter Posts: 75

    I hope this is right!!
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 64-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;
    Press any key to quit...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Now you got it :)

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  20. di229

    di229 TS Rookie Topic Starter Posts: 75

    ListParts by Farbar Version: 12-03-2012 03
    Ran by DI (administrator) on 22-05-2012 at 18:03:14
    Windows Vista (X64)
    Running From: C:\Users\DI\Desktop
    Language: 0409
    ************************************************************
    ========================= Memory info ======================
    Percentage of memory in use: 54%
    Total physical RAM: 4093.06 MB
    Available physical RAM: 1857.51 MB
    Total Pagefile: 8373.39 MB
    Available Pagefile: 5652.62 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 4012.15 MB
    ======================= Partitions =========================
    1 Drive c: (SQ004830V03) (Fixed) (Total:286.12 GB) (Free:174.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 1500 MB 1024 KB
    Partition 2 Primary 286 GB 1501 MB
    Partition 3 Primary 11 GB 288 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C SQ004830V03 NTFS Partition 286 GB Healthy System (partition with boot components)
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ======================================================================================================
    ****** End Of Log ******


    ListParts by Farbar Version: 12-03-2012 03
    Ran by DI (administrator) on 22-05-2012 at 18:00:40
    Windows Vista (X64)
    Running From: C:\Users\DI\Desktop
    Language: 0409
    ************************************************************
    ========================= Memory info ======================
    Percentage of memory in use: 55%
    Total physical RAM: 4093.06 MB
    Available physical RAM: 1823.4 MB
    Total Pagefile: 8373.39 MB
    Available Pagefile: 5629.84 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 4012.15 MB
    ======================= Partitions =========================
    1 Drive c: (SQ004830V03) (Fixed) (Total:286.12 GB) (Free:174.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 1500 MB 1024 KB
    Partition 2 Primary 286 GB 1501 MB
    Partition 3 Primary 11 GB 288 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C SQ004830V03 NTFS Partition 286 GB Healthy System (partition with boot components)
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ======================================================================================================
    ****** End Of Log ******
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  22. di229

    di229 TS Rookie Topic Starter Posts: 75

    9:16:42.0488 4048 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
    19:16:43.0939 4048 ============================================================
    19:16:43.0939 4048 Current date / time: 2012/05/22 19:16:43.0939
    19:16:43.0939 4048 SystemInfo:
    19:16:43.0939 4048
    19:16:43.0939 4048 OS Version: 6.0.6002 ServicePack: 2.0
    19:16:43.0939 4048 Product type: Workstation
    19:16:43.0939 4048 ComputerName: DI-PC
    19:16:43.0939 4048 UserName: DI
    19:16:43.0939 4048 Windows directory: C:\Windows
    19:16:43.0939 4048 System windows directory: C:\Windows
    19:16:43.0939 4048 Running under WOW64
    19:16:43.0939 4048 Processor architecture: Intel x64
    19:16:43.0939 4048 Number of processors: 2
    19:16:43.0939 4048 Page size: 0x1000
    19:16:43.0939 4048 Boot type: Normal boot
    19:16:43.0939 4048 ============================================================
    19:16:44.0688 4048 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:16:44.0719 4048 ============================================================
    19:16:44.0719 4048 \Device\Harddisk0\DR0:
    19:16:44.0734 4048 MBR partitions:
    19:16:44.0734 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23C3D800
    19:16:44.0734 4048 ============================================================
    19:16:44.0797 4048 C: <-> \Device\Harddisk0\DR0\Partition0
    19:16:44.0797 4048 ============================================================
    19:16:44.0797 4048 Initialize success
    19:16:44.0797 4048 ============================================================
    19:16:49.0867 5868 ============================================================
    19:16:49.0867 5868 Scan started
    19:16:49.0867 5868 Mode: Manual;
    19:16:49.0867 5868 ============================================================
    19:16:51.0115 5868 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    19:16:51.0130 5868 ACPI - ok
    19:16:51.0286 5868 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:16:51.0286 5868 AdobeARMservice - ok
    19:16:51.0505 5868 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:16:51.0520 5868 AdobeFlashPlayerUpdateSvc - ok
    19:16:51.0645 5868 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    19:16:51.0645 5868 adp94xx - ok
    19:16:51.0708 5868 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    19:16:51.0708 5868 adpahci - ok
    19:16:51.0754 5868 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    19:16:51.0754 5868 adpu160m - ok
    19:16:51.0801 5868 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    19:16:51.0801 5868 adpu320 - ok
    19:16:51.0879 5868 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
    19:16:51.0895 5868 AeLookupSvc - ok
    19:16:51.0988 5868 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
    19:16:52.0004 5868 AFD - ok
    19:16:52.0113 5868 AGCoreService (ead9c3ab25a3159abd7b05dcac607a61) C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe
    19:16:52.0113 5868 AGCoreService - ok
    19:16:52.0176 5868 AgereModemAudio (8fe65709982f2cb7d291f6c9b2c60805) C:\Windows\system32\agr64svc.exe
    19:16:52.0176 5868 AgereModemAudio - ok
    19:16:52.0394 5868 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
    19:16:52.0456 5868 AgereSoftModem - ok
    19:16:52.0534 5868 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    19:16:52.0534 5868 agp440 - ok
    19:16:52.0566 5868 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    19:16:52.0566 5868 aic78xx - ok
    19:16:52.0612 5868 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
    19:16:52.0612 5868 ALG - ok
    19:16:52.0675 5868 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    19:16:52.0675 5868 aliide - ok
    19:16:52.0768 5868 AMD External Events Utility (9a5495edebe7d6b3f7e9a86ebe5ea248) C:\Windows\system32\atiesrxx.exe
    19:16:52.0768 5868 AMD External Events Utility - ok
    19:16:52.0831 5868 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    19:16:52.0831 5868 amdide - ok
    19:16:52.0878 5868 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    19:16:52.0878 5868 AmdK8 - ok
    19:16:52.0956 5868 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
    19:16:52.0956 5868 Appinfo - ok
    19:16:53.0096 5868 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:16:53.0096 5868 Apple Mobile Device - ok
    19:16:53.0127 5868 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    19:16:53.0127 5868 arc - ok
    19:16:53.0174 5868 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    19:16:53.0190 5868 arcsas - ok
    19:16:53.0330 5868 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    19:16:53.0330 5868 aspnet_state - ok
    19:16:53.0377 5868 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:16:53.0377 5868 AsyncMac - ok
    19:16:53.0424 5868 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    19:16:53.0424 5868 atapi - ok
    19:16:54.0079 5868 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:16:54.0235 5868 atikmdag - ok
    19:16:54.0453 5868 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
    19:16:54.0453 5868 AudioEndpointBuilder - ok
    19:16:54.0469 5868 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
    19:16:54.0469 5868 AudioSrv - ok
    19:16:55.0062 5868 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    19:16:55.0186 5868 AVGIDSAgent - ok
    19:16:55.0405 5868 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    19:16:55.0405 5868 AVGIDSDriver - ok
    19:16:55.0420 5868 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    19:16:55.0420 5868 AVGIDSFilter - ok
    19:16:55.0436 5868 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
    19:16:55.0436 5868 AVGIDSHA - ok
    19:16:55.0498 5868 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
    19:16:55.0498 5868 Avgldx64 - ok
    19:16:55.0561 5868 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
    19:16:55.0561 5868 Avgmfx64 - ok
    19:16:55.0608 5868 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
    19:16:55.0623 5868 Avgrkx64 - ok
    19:16:55.0670 5868 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
    19:16:55.0686 5868 Avgtdia - ok
    19:16:55.0795 5868 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    19:16:55.0795 5868 avgwd - ok
    19:16:55.0873 5868 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
    19:16:55.0873 5868 BFE - ok
    19:16:56.0044 5868 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
    19:16:56.0060 5868 BITS - ok
    19:16:56.0122 5868 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    19:16:56.0122 5868 blbdrive - ok
    19:16:56.0232 5868 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    19:16:56.0247 5868 Bonjour Service - ok
    19:16:56.0278 5868 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
    19:16:56.0294 5868 bowser - ok
    19:16:56.0341 5868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    19:16:56.0356 5868 BrFiltLo - ok
    19:16:56.0356 5868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    19:16:56.0372 5868 BrFiltUp - ok
    19:16:56.0434 5868 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
    19:16:56.0434 5868 Browser - ok
    19:16:56.0481 5868 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    19:16:56.0481 5868 Brserid - ok
    19:16:56.0528 5868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    19:16:56.0528 5868 BrSerWdm - ok
    19:16:56.0559 5868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    19:16:56.0559 5868 BrUsbMdm - ok
    19:16:56.0575 5868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    19:16:56.0575 5868 BrUsbSer - ok
    19:16:56.0637 5868 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    19:16:56.0637 5868 BTHMODEM - ok
    19:16:56.0700 5868 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    19:16:56.0700 5868 cdfs - ok
    19:16:56.0762 5868 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    19:16:56.0762 5868 cdrom - ok
    19:16:56.0824 5868 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
    19:16:56.0824 5868 CertPropSvc - ok
    19:16:56.0871 5868 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    19:16:56.0871 5868 circlass - ok
    19:16:56.0934 5868 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    19:16:56.0934 5868 CLFS - ok
    19:16:57.0074 5868 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:16:57.0090 5868 clr_optimization_v2.0.50727_32 - ok
    19:16:57.0121 5868 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:16:57.0136 5868 clr_optimization_v2.0.50727_64 - ok
    19:16:57.0246 5868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:16:57.0246 5868 clr_optimization_v4.0.30319_32 - ok
    19:16:57.0292 5868 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:16:57.0308 5868 clr_optimization_v4.0.30319_64 - ok
    19:16:57.0370 5868 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:16:57.0370 5868 CmBatt - ok
    19:16:57.0386 5868 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    19:16:57.0386 5868 cmdide - ok
    19:16:57.0417 5868 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    19:16:57.0417 5868 Compbatt - ok
    19:16:57.0417 5868 COMSysApp - ok
    19:16:57.0526 5868 ConfigFree Gadget Service (b9d3d216c66e0cd37478f5e5778aa35b) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    19:16:57.0526 5868 ConfigFree Gadget Service - ok
    19:16:57.0542 5868 ConfigFree Service (c508b28b9da7563634a2a2b2eef4395d) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    19:16:57.0542 5868 ConfigFree Service - ok
    19:16:57.0573 5868 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    19:16:57.0573 5868 crcdisk - ok
    19:16:57.0651 5868 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
    19:16:57.0651 5868 CryptSvc - ok
    19:16:57.0776 5868 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
    19:16:57.0792 5868 DcomLaunch - ok
    19:16:57.0838 5868 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
    19:16:57.0838 5868 DfsC - ok
    19:16:58.0306 5868 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
    19:16:58.0384 5868 DFSR - ok
    19:16:58.0650 5868 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
    19:16:58.0650 5868 Dhcp - ok
    19:16:58.0728 5868 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    19:16:58.0728 5868 disk - ok
    19:16:58.0790 5868 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
    19:16:58.0790 5868 Dnscache - ok
    19:16:58.0837 5868 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
    19:16:58.0837 5868 dot3svc - ok
    19:16:58.0946 5868 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
    19:16:58.0946 5868 Dot4 - ok
    19:16:58.0993 5868 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    19:16:58.0993 5868 Dot4Print - ok
    19:16:59.0024 5868 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
    19:16:59.0040 5868 dot4usb - ok
    19:16:59.0102 5868 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
    19:16:59.0118 5868 DPS - ok
    19:16:59.0164 5868 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    19:16:59.0164 5868 drmkaud - ok
    19:16:59.0274 5868 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    19:16:59.0289 5868 DXGKrnl - ok
    19:16:59.0352 5868 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    19:16:59.0352 5868 E1G60 - ok
    19:16:59.0398 5868 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
    19:16:59.0398 5868 EapHost - ok
    19:16:59.0445 5868 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    19:16:59.0445 5868 Ecache - ok
    19:16:59.0554 5868 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
    19:16:59.0570 5868 ehRecvr - ok
    19:16:59.0586 5868 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
    19:16:59.0586 5868 ehSched - ok
    19:16:59.0648 5868 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
    19:16:59.0648 5868 ehstart - ok
    19:16:59.0726 5868 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    19:16:59.0742 5868 elxstor - ok
    19:16:59.0804 5868 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
    19:16:59.0804 5868 EMDMgmt - ok
    19:16:59.0851 5868 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    19:16:59.0851 5868 ErrDev - ok
    19:16:59.0960 5868 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
    19:16:59.0960 5868 EventSystem - ok
    19:17:00.0397 5868 EvtEng (7cd2f2c63693ef90b73f5362a52cae26) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    19:17:00.0444 5868 EvtEng - ok
    19:17:00.0693 5868 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    19:17:00.0709 5868 exfat - ok
    19:17:00.0787 5868 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    19:17:00.0802 5868 fastfat - ok
    19:17:00.0896 5868 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    19:17:00.0896 5868 fdc - ok
    19:17:00.0943 5868 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
    19:17:00.0943 5868 fdPHost - ok
    19:17:00.0958 5868 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
    19:17:00.0974 5868 FDResPub - ok
    19:17:01.0021 5868 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    19:17:01.0021 5868 FileInfo - ok
    19:17:01.0052 5868 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    19:17:01.0052 5868 Filetrace - ok
    19:17:01.0083 5868 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:17:01.0083 5868 flpydisk - ok
    19:17:01.0130 5868 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    19:17:01.0130 5868 FltMgr - ok
    19:17:01.0395 5868 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
    19:17:01.0442 5868 FontCache - ok
    19:17:01.0551 5868 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:17:01.0567 5868 FontCache3.0.0.0 - ok
    19:17:01.0660 5868 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
    19:17:01.0660 5868 Fs_Rec - ok
    19:17:01.0723 5868 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
    19:17:01.0754 5868 FwLnk - ok
    19:17:01.0785 5868 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    19:17:01.0785 5868 gagp30kx - ok
    19:17:01.0941 5868 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    19:17:01.0957 5868 GamesAppService - ok
    19:17:02.0004 5868 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:17:02.0035 5868 GEARAspiWDM - ok
    19:17:02.0160 5868 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
    19:17:02.0175 5868 gpsvc - ok
    19:17:02.0284 5868 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
    19:17:02.0300 5868 HdAudAddService - ok
    19:17:02.0394 5868 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:17:02.0409 5868 HDAudBus - ok
    19:17:02.0440 5868 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    19:17:02.0440 5868 HidBth - ok
    19:17:02.0503 5868 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    19:17:02.0503 5868 HidIr - ok
    19:17:02.0550 5868 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
    19:17:02.0550 5868 hidserv - ok
    19:17:02.0581 5868 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    19:17:02.0581 5868 HidUsb - ok
    19:17:02.0643 5868 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
    19:17:02.0643 5868 hkmsvc - ok
    19:17:02.0706 5868 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    19:17:02.0721 5868 HpCISSs - ok
    19:17:02.0877 5868 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    19:17:02.0893 5868 hpqcxs08 - ok
    19:17:02.0908 5868 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    19:17:02.0908 5868 hpqddsvc - ok
    19:17:03.0018 5868 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    19:17:03.0033 5868 HTTP - ok
    19:17:03.0064 5868 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    19:17:03.0064 5868 i2omp - ok
    19:17:03.0111 5868 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    19:17:03.0127 5868 i8042prt - ok
    19:17:03.0205 5868 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    19:17:03.0205 5868 iaStor - ok
    19:17:03.0252 5868 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    19:17:03.0252 5868 iaStorV - ok
    19:17:03.0392 5868 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    19:17:03.0408 5868 IDriverT - ok
    19:17:03.0610 5868 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:17:03.0626 5868 idsvc - ok
    19:17:03.0766 5868 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    19:17:03.0766 5868 iirsp - ok
    19:17:03.0844 5868 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
    19:17:03.0860 5868 IKEEXT - ok
    19:17:03.0891 5868 IntcAzAudAddService - ok
    19:17:03.0922 5868 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    19:17:03.0922 5868 intelide - ok
    19:17:03.0954 5868 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    19:17:03.0954 5868 intelppm - ok
    19:17:04.0016 5868 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
    19:17:04.0016 5868 IPBusEnum - ok
    19:17:04.0047 5868 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:17:04.0063 5868 IpFilterDriver - ok
    19:17:04.0110 5868 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
    19:17:04.0125 5868 iphlpsvc - ok
    19:17:04.0125 5868 IpInIp - ok
    19:17:04.0172 5868 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    19:17:04.0172 5868 IPMIDRV - ok
    19:17:04.0172 5868 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    19:17:04.0188 5868 IPNAT - ok
    19:17:04.0359 5868 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    19:17:04.0375 5868 iPod Service - ok
    19:17:04.0390 5868 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    19:17:04.0390 5868 IRENUM - ok
    19:17:04.0453 5868 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    19:17:04.0453 5868 isapnp - ok
    19:17:04.0515 5868 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    19:17:04.0515 5868 iScsiPrt - ok
    19:17:04.0531 5868 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    19:17:04.0546 5868 iteatapi - ok
    19:17:04.0562 5868 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    19:17:04.0562 5868 iteraid - ok
    19:17:04.0593 5868 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:17:04.0593 5868 kbdclass - ok
    19:17:04.0609 5868 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
    19:17:04.0609 5868 kbdhid - ok
    19:17:04.0656 5868 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    19:17:04.0656 5868 KeyIso - ok
    19:17:04.0687 5868 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
    19:17:04.0702 5868 KR10I64 - ok
    19:17:04.0734 5868 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
    19:17:04.0734 5868 KR10N64 - ok
    19:17:04.0812 5868 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
    19:17:04.0827 5868 KSecDD - ok
    19:17:04.0858 5868 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    19:17:04.0858 5868 ksthunk - ok
    19:17:04.0936 5868 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
    19:17:04.0952 5868 KtmRm - ok
    19:17:05.0014 5868 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
    19:17:05.0014 5868 LanmanServer - ok
    19:17:05.0092 5868 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
    19:17:05.0108 5868 LanmanWorkstation - ok
    19:17:05.0124 5868 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    19:17:05.0124 5868 lltdio - ok
    19:17:05.0170 5868 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
    19:17:05.0186 5868 lltdsvc - ok
    19:17:05.0202 5868 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
    19:17:05.0202 5868 lmhosts - ok
    19:17:05.0248 5868 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    19:17:05.0248 5868 LSI_FC - ok
    19:17:05.0295 5868 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    19:17:05.0295 5868 LSI_SAS - ok
    19:17:05.0311 5868 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    19:17:05.0311 5868 LSI_SCSI - ok
    19:17:05.0326 5868 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    19:17:05.0342 5868 luafv - ok
    19:17:05.0389 5868 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    19:17:05.0389 5868 MBAMProtector - ok
    19:17:05.0514 5868 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-
     
  23. di229

    di229 TS Rookie Topic Starter Posts: 75

    19:17:05.0514 5868 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    19:17:05.0514 5868 MBAMService - ok
    19:17:05.0560 5868 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
    19:17:05.0560 5868 Mcx2Svc - ok
    19:17:05.0623 5868 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    19:17:05.0638 5868 megasas - ok
    19:17:05.0716 5868 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    19:17:05.0732 5868 MegaSR - ok
    19:17:05.0763 5868 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    19:17:05.0763 5868 MMCSS - ok
    19:17:05.0779 5868 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    19:17:05.0779 5868 Modem - ok
    19:17:05.0826 5868 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    19:17:05.0826 5868 monitor - ok
    19:17:05.0841 5868 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    19:17:05.0841 5868 mouclass - ok
    19:17:05.0888 5868 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    19:17:05.0888 5868 mouhid - ok
    19:17:05.0919 5868 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    19:17:05.0919 5868 MountMgr - ok
    19:17:05.0966 5868 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    19:17:05.0982 5868 mpio - ok
    19:17:06.0013 5868 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    19:17:06.0013 5868 mpsdrv - ok
    19:17:06.0106 5868 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
    19:17:06.0122 5868 MpsSvc - ok
    19:17:06.0138 5868 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    19:17:06.0138 5868 Mraid35x - ok
    19:17:06.0184 5868 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    19:17:06.0184 5868 MRxDAV - ok
    19:17:06.0247 5868 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:17:06.0247 5868 mrxsmb - ok
    19:17:06.0278 5868 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:17:06.0294 5868 mrxsmb10 - ok
    19:17:06.0294 5868 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:17:06.0309 5868 mrxsmb20 - ok
    19:17:06.0325 5868 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
    19:17:06.0325 5868 msahci - ok
    19:17:06.0356 5868 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    19:17:06.0372 5868 msdsm - ok
    19:17:06.0418 5868 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
    19:17:06.0418 5868 MSDTC - ok
    19:17:06.0450 5868 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    19:17:06.0450 5868 Msfs - ok
    19:17:06.0512 5868 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    19:17:06.0512 5868 msisadrv - ok
    19:17:06.0559 5868 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
    19:17:06.0559 5868 MSiSCSI - ok
    19:17:06.0559 5868 msiserver - ok
    19:17:06.0606 5868 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    19:17:06.0606 5868 MSKSSRV - ok
    19:17:06.0637 5868 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:17:06.0637 5868 MSPCLOCK - ok
    19:17:06.0637 5868 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    19:17:06.0637 5868 MSPQM - ok
    19:17:06.0715 5868 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    19:17:06.0715 5868 MsRPC - ok
    19:17:06.0730 5868 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    19:17:06.0746 5868 mssmbios - ok
    19:17:06.0840 5868 MSSQL$SQLEXPRESS - ok
    19:17:06.0855 5868 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    19:17:06.0855 5868 MSSQLServerADHelper - ok
    19:17:06.0886 5868 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    19:17:06.0886 5868 MSTEE - ok
    19:17:07.0417 5868 msvsmon90 (0f4dd44765a7d23e0cd9965ee900558f) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
    19:17:07.0510 5868 msvsmon90 - ok
    19:17:07.0729 5868 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    19:17:07.0729 5868 Mup - ok
    19:17:07.0791 5868 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
    19:17:07.0807 5868 napagent - ok
    19:17:07.0869 5868 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    19:17:07.0885 5868 NativeWifiP - ok
    19:17:08.0041 5868 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    19:17:08.0056 5868 NDIS - ok
    19:17:08.0103 5868 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:17:08.0103 5868 NdisTapi - ok
    19:17:08.0150 5868 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:17:08.0166 5868 Ndisuio - ok
    19:17:08.0228 5868 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:17:08.0228 5868 NdisWan - ok
    19:17:08.0259 5868 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    19:17:08.0275 5868 NDProxy - ok
    19:17:08.0337 5868 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    19:17:08.0353 5868 Net Driver HPZ12 - ok
    19:17:08.0384 5868 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    19:17:08.0400 5868 NetBIOS - ok
    19:17:08.0462 5868 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    19:17:08.0478 5868 netbt - ok
    19:17:08.0493 5868 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    19:17:08.0509 5868 Netlogon - ok
    19:17:08.0556 5868 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
    19:17:08.0571 5868 Netman - ok
    19:17:08.0696 5868 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:17:08.0696 5868 NetMsmqActivator - ok
    19:17:08.0712 5868 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:17:08.0712 5868 NetPipeActivator - ok
    19:17:08.0758 5868 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
    19:17:08.0774 5868 netprofm - ok
    19:17:08.0774 5868 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:17:08.0774 5868 NetTcpActivator - ok
    19:17:08.0790 5868 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:17:08.0790 5868 NetTcpPortSharing - ok
    19:17:09.0351 5868 NETw5v64 (263796d4f50df61c0c7ca86f746b5767) C:\Windows\system32\DRIVERS\NETw5v64.sys
    19:17:09.0507 5868 NETw5v64 - ok
    19:17:09.0679 5868 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    19:17:09.0679 5868 nfrd960 - ok
    19:17:09.0741 5868 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
    19:17:09.0741 5868 NlaSvc - ok
    19:17:09.0788 5868 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    19:17:09.0788 5868 Npfs - ok
    19:17:09.0804 5868 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
    19:17:09.0804 5868 nsi - ok
    19:17:09.0819 5868 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    19:17:09.0819 5868 nsiproxy - ok
    19:17:09.0991 5868 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    19:17:10.0022 5868 Ntfs - ok
    19:17:10.0194 5868 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    19:17:10.0209 5868 Null - ok
    19:17:10.0240 5868 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    19:17:10.0240 5868 nvraid - ok
    19:17:10.0256 5868 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    19:17:10.0256 5868 nvstor - ok
    19:17:10.0287 5868 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    19:17:10.0287 5868 nv_agp - ok
    19:17:10.0287 5868 NwlnkFlt - ok
    19:17:10.0303 5868 NwlnkFwd - ok
    19:17:10.0474 5868 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:17:10.0474 5868 odserv - ok
    19:17:10.0537 5868 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    19:17:10.0552 5868 ohci1394 - ok
    19:17:10.0615 5868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:17:10.0630 5868 ose - ok
    19:17:10.0755 5868 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    19:17:10.0771 5868 p2pimsvc - ok
    19:17:10.0786 5868 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    19:17:10.0802 5868 p2psvc - ok
    19:17:10.0849 5868 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    19:17:10.0849 5868 Parport - ok
    19:17:10.0880 5868 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
    19:17:10.0880 5868 partmgr - ok
    19:17:10.0927 5868 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
    19:17:10.0927 5868 PcaSvc - ok
    19:17:10.0974 5868 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    19:17:10.0974 5868 pci - ok
    19:17:11.0005 5868 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
    19:17:11.0020 5868 pciide - ok
    19:17:11.0067 5868 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    19:17:11.0083 5868 pcmcia - ok
    19:17:11.0161 5868 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    19:17:11.0176 5868 PEAUTH - ok
    19:17:11.0254 5868 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
    19:17:11.0270 5868 PerfHost - ok
    19:17:11.0457 5868 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
    19:17:11.0488 5868 pla - ok
    19:17:11.0551 5868 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
    19:17:11.0551 5868 PlugPlay - ok
    19:17:11.0613 5868 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    19:17:11.0613 5868 Pml Driver HPZ12 - ok
    19:17:11.0769 5868 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    19:17:11.0785 5868 PNRPAutoReg - ok
    19:17:11.0785 5868 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    19:17:11.0800 5868 PNRPsvc - ok
    19:17:11.0878 5868 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
    19:17:11.0894 5868 PolicyAgent - ok
    19:17:11.0972 5868 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    19:17:11.0972 5868 PptpMiniport - ok
    19:17:12.0019 5868 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    19:17:12.0019 5868 Processor - ok
    19:17:12.0066 5868 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
    19:17:12.0066 5868 ProfSvc - ok
    19:17:12.0112 5868 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    19:17:12.0112 5868 ProtectedStorage - ok
    19:17:12.0159 5868 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    19:17:12.0159 5868 PSched - ok
    19:17:12.0222 5868 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
    19:17:12.0222 5868 PSI - ok
    19:17:12.0268 5868 PSMounter (0d05974c497cd7ed3eae687fcd23def4) C:\Windows\system32\drivers\psmounter.sys
    19:17:12.0268 5868 PSMounter - ok
    19:17:12.0409 5868 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    19:17:12.0424 5868 ql2300 - ok
    19:17:12.0471 5868 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    19:17:12.0471 5868 ql40xx - ok
    19:17:12.0534 5868 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
     
  24. di229

    di229 TS Rookie Topic Starter Posts: 75

    19:17:12.0534 5868 QWAVE - ok
    19:17:12.0549 5868 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    19:17:12.0549 5868 QWAVEdrv - ok
    19:17:12.0596 5868 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    19:17:12.0596 5868 RasAcd - ok
    19:17:12.0658 5868 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
    19:17:12.0658 5868 RasAuto - ok
    19:17:12.0705 5868 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:17:12.0705 5868 Rasl2tp - ok
    19:17:12.0768 5868 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
    19:17:12.0783 5868 RasMan - ok
    19:17:12.0814 5868 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:17:12.0814 5868 RasPppoe - ok
    19:17:12.0861 5868 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    19:17:12.0861 5868 RasSstp - ok
    19:17:12.0924 5868 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    19:17:12.0924 5868 rdbss - ok
    19:17:12.0955 5868 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:17:12.0955 5868 RDPCDD - ok
    19:17:13.0002 5868 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    19:17:13.0017 5868 rdpdr - ok
    19:17:13.0017 5868 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    19:17:13.0017 5868 RDPENCDD - ok
    19:17:13.0064 5868 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
    19:17:13.0080 5868 RDPWD - ok
    19:17:13.0204 5868 ReflectService.exe (52428feadfd814dfd224227c6f9b7529) C:\Program Files\Macrium\Reflect\ReflectService.exe
    19:17:13.0220 5868 ReflectService.exe - ok
    19:17:13.0329 5868 RegSrvc (7a917120a62bcf2883fdd5c352447556) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    19:17:13.0360 5868 RegSrvc - ok
    19:17:13.0485 5868 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
    19:17:13.0485 5868 RemoteAccess - ok
    19:17:13.0548 5868 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
    19:17:13.0548 5868 RemoteRegistry - ok
    19:17:13.0657 5868 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
    19:17:13.0657 5868 rimmptsk - ok
    19:17:13.0657 5868 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
    19:17:13.0657 5868 rimsptsk - ok
    19:17:13.0672 5868 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
    19:17:13.0688 5868 rismxdp - ok
    19:17:13.0688 5868 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
    19:17:13.0688 5868 RpcLocator - ok
    19:17:13.0797 5868 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
    19:17:13.0797 5868 RpcSs - ok
    19:17:13.0828 5868 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    19:17:13.0828 5868 rspndr - ok
    19:17:13.0860 5868 RTHDMIAzAudService - ok
    19:17:13.0938 5868 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
    19:17:13.0938 5868 RTL8169 - ok
    19:17:13.0984 5868 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    19:17:13.0984 5868 SamSs - ok
    19:17:14.0016 5868 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    19:17:14.0016 5868 sbp2port - ok
    19:17:14.0234 5868 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    19:17:14.0234 5868 SBSDWSCService - ok
    19:17:14.0281 5868 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
    19:17:14.0281 5868 SCardSvr - ok
    19:17:14.0406 5868 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
    19:17:14.0437 5868 Schedule - ok
    19:17:14.0468 5868 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
    19:17:14.0468 5868 SCPolicySvc - ok
    19:17:14.0546 5868 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
    19:17:14.0562 5868 sdbus - ok
    19:17:14.0593 5868 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
    19:17:14.0593 5868 SDRSVC - ok
    19:17:14.0624 5868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    19:17:14.0624 5868 secdrv - ok
    19:17:14.0655 5868 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
    19:17:14.0655 5868 seclogon - ok
    19:17:14.0952 5868 Secunia PSI Agent (64d9cac9c60ee8c2d7aeb33d6503d8bc) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    19:17:14.0967 5868 Secunia PSI Agent - ok
    19:17:15.0108 5868 Secunia Update Agent (791729c12f58d65489645624bef6e5f5) C:\Program Files (x86)\Secunia\PSI\sua.exe
    19:17:15.0123 5868 Secunia Update Agent - ok
    19:17:15.0264 5868 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
    19:17:15.0264 5868 SENS - ok
    19:17:15.0342 5868 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    19:17:15.0342 5868 Serenum - ok
    19:17:15.0373 5868 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    19:17:15.0373 5868 Serial - ok
    19:17:15.0404 5868 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    19:17:15.0404 5868 sermouse - ok
    19:17:15.0451 5868 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
    19:17:15.0451 5868 SessionEnv - ok
    19:17:15.0466 5868 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    19:17:15.0466 5868 sffdisk - ok
    19:17:15.0482 5868 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    19:17:15.0482 5868 sffp_mmc - ok
    19:17:15.0498 5868 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    19:17:15.0513 5868 sffp_sd - ok
    19:17:15.0513 5868 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    19:17:15.0513 5868 sfloppy - ok
    19:17:15.0560 5868 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
    19:17:15.0576 5868 SharedAccess - ok
    19:17:15.0654 5868 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
    19:17:15.0669 5868 ShellHWDetection - ok
    19:17:15.0716 5868 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    19:17:15.0716 5868 SiSRaid2 - ok
    19:17:15.0747 5868 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    19:17:15.0747 5868 SiSRaid4 - ok
    19:17:15.0872 5868 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:17:15.0872 5868 SkypeUpdate - ok
    19:17:16.0168 5868 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
    19:17:16.0215 5868 slsvc - ok
    19:17:16.0371 5868 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
    19:17:16.0371 5868 SLUINotify - ok
    19:17:16.0480 5868 SmartFaceVWatchSrv (79ed2d6dec26e0fefb93ea21f09e6a51) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    19:17:16.0480 5868 SmartFaceVWatchSrv - ok
    19:17:16.0558 5868 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    19:17:16.0558 5868 Smb - ok
    19:17:16.0590 5868 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
    19:17:16.0590 5868 SNMPTRAP - ok
    19:17:16.0636 5868 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    19:17:16.0636 5868 spldr - ok
    19:17:16.0699 5868 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
    19:17:16.0714 5868 Spooler - ok
    19:17:16.0855 5868 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    19:17:16.0870 5868 SQLBrowser - ok
    19:17:16.0933 5868 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    19:17:16.0948 5868 SQLWriter - ok
    19:17:17.0011 5868 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
    19:17:17.0026 5868 srv - ok
    19:17:17.0058 5868 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
    19:17:17.0058 5868 srv2 - ok
    19:17:17.0073 5868 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
    19:17:17.0089 5868 srvnet - ok
    19:17:17.0136 5868 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
    19:17:17.0136 5868 SSDPSRV - ok
    19:17:17.0198 5868 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
    19:17:17.0198 5868 SstpSvc - ok
    19:17:17.0307 5868 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
    19:17:17.0323 5868 stisvc - ok
    19:17:17.0338 5868 SWDUMon (399b848e5bd5f1bf16636b836319e5c5) C:\Windows\system32\DRIVERS\SWDUMon.sys
    19:17:17.0338 5868 SWDUMon - ok
    19:17:17.0370 5868 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    19:17:17.0370 5868 swenum - ok
    19:17:17.0432 5868 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
    19:17:17.0448 5868 swprv - ok
    19:17:17.0479 5868 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    19:17:17.0479 5868 Symc8xx - ok
    19:17:17.0494 5868 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    19:17:17.0494 5868 Sym_hi - ok
    19:17:17.0526 5868 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    19:17:17.0526 5868 Sym_u3 - ok
    19:17:17.0619 5868 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys
    19:17:17.0619 5868 SynTP - ok
    19:17:17.0760 5868 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
    19:17:17.0775 5868 SysMain - ok
    19:17:17.0822 5868 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
    19:17:17.0822 5868 TabletInputService - ok
    19:17:17.0884 5868 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
    19:17:17.0900 5868 TapiSrv - ok
    19:17:17.0916 5868 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
    19:17:17.0916 5868 TBS - ok
    19:17:18.0181 5868 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
    19:17:18.0196 5868 Tcpip - ok
    19:17:18.0493 5868 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
    19:17:18.0508 5868 Tcpip6 - ok
    19:17:18.0664 5868 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    19:17:18.0664 5868 tcpipreg - ok
    19:17:18.0696 5868 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    19:17:18.0696 5868 tdcmdpst - ok
    19:17:18.0742 5868 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    19:17:18.0742 5868 TDPIPE - ok
    19:17:18.0742 5868 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    19:17:18.0742 5868 TDTCP - ok
    19:17:18.0820 5868 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    19:17:18.0820 5868 tdx - ok
    19:17:18.0852 5868 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    19:17:18.0852 5868 TermDD - ok
    19:17:18.0945 5868 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
    19:17:18.0961 5868 TermService - ok
    19:17:19.0039 5868 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
    19:17:19.0039 5868 Themes - ok
    19:17:19.0070 5868 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    19:17:19.0070 5868 THREADORDER - ok
    19:17:19.0164 5868 TMachInfo (e09caafb2b323a6ff120cefb96da0a44) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    19:17:19.0164 5868 TMachInfo - ok
    19:17:19.0242 5868 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    19:17:19.0242 5868 TNaviSrv - ok
    19:17:19.0320 5868 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
    19:17:19.0320 5868 TODDSrv - ok
    19:17:19.0413 5868 TosCoSrv (e17a81e6ad0e89630a3b0f2ed5cbbdf5) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    19:17:19.0413 5868 TosCoSrv - ok
    19:17:19.0491 5868 TOSHIBA Bluetooth Service (4e5a8546709591d31ba086ca2a69cecd) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    19:17:19.0507 5868 TOSHIBA Bluetooth Service - ok
    19:17:19.0554 5868 TOSHIBA SMART Log Service (19d979b9f6373a7cb17ebb7594feb819) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    19:17:19.0569 5868 TOSHIBA SMART Log Service - ok
    19:17:19.0647 5868 Tosrfcom - ok
    19:17:19.0663 5868 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
    19:17:19.0663 5868 tosrfec - ok
    19:17:19.0741 5868 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
    19:17:19.0741 5868 tos_sps64 - ok
    19:17:19.0803 5868 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
    19:17:19.0803 5868 TrkWks - ok
    19:17:19.0866 5868 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
    19:17:19.0866 5868 TrustedInstaller - ok
    19:17:19.0881 5868 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:17:19.0897 5868 tssecsrv - ok
    19:17:19.0928 5868 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    19:17:19.0944 5868 tunmp - ok
    19:17:19.0975 5868 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
    19:17:19.0975 5868 tunnel - ok
    19:17:20.0022 5868 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    19:17:20.0022 5868 TVALZ - ok
    19:17:20.0053 5868 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    19:17:20.0053 5868 uagp35 - ok
    19:17:20.0115 5868 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    19:17:20.0115 5868 udfs - ok
    19:17:20.0178 5868 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
    19:17:20.0178 5868 UI0Detect - ok
    19:17:20.0349 5868 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    19:17:20.0349 5868 UleadBurningHelper - ok
    19:17:20.0380 5868 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    19:17:20.0380 5868 uliagpkx - ok
    19:17:20.0427 5868 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    19:17:20.0427 5868 uliahci - ok
    19:17:20.0474 5868 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    19:17:20.0474 5868 UlSata - ok
    19:17:20.0505 5868 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    19:17:20.0521 5868 ulsata2 - ok
    19:17:20.0536 5868 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    19:17:20.0536 5868 umbus - ok
    19:17:20.0583 5868 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
    19:17:20.0599 5868 upnphost - ok
    19:17:20.0646 5868 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
    19:17:20.0646 5868 usbbus - ok
    19:17:20.0708 5868 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:17:20.0708 5868 usbccgp - ok
    19:17:20.0755 5868 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    19:17:20.0755 5868 usbcir - ok
    19:17:20.0833 5868 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
    19:17:20.0833 5868 UsbDiag - ok
    19:17:20.0880 5868 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    19:17:20.0880 5868 usbehci - ok
    19:17:20.0926 5868 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    19:17:20.0926 5868 usbhub - ok
    19:17:20.0942 5868 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
    19:17:20.0942 5868 USBModem - ok
    19:17:20.0989 5868 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    19:17:20.0989 5868 usbohci - ok
    19:17:21.0020 5868 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    19:17:21.0036 5868 usbprint - ok
    19:17:21.0098 5868 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
    19:17:21.0098 5868 usbscan - ok
    19:17:21.0129 5868 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:17:21.0129 5868 USBSTOR - ok
    19:17:21.0160 5868 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:17:21.0160 5868 usbuhci - ok
    19:17:21.0238 5868 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
    19:17:21.0238 5868 usbvideo - ok
    19:17:21.0270 5868 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    19:17:21.0270 5868 UVCFTR - ok
    19:17:21.0316 5868 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
    19:17:21.0316 5868 UxSms - ok
    19:17:21.0394 5868 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
    19:17:21.0410 5868 vds - ok
    19:17:21.0426 5868 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:17:21.0426 5868 vga - ok
    19:17:21.0441 5868 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    19:17:21.0441 5868 VgaSave - ok
    19:17:21.0441 5868 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    19:17:21.0457 5868 viaide - ok
    19:17:21.0488 5868 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    19:17:21.0488 5868 volmgr - ok
    19:17:21.0566 5868 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    19:17:21.0566 5868 volmgrx - ok
    19:17:21.0644 5868 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    19:17:21.0644 5868 volsnap - ok
    19:17:21.0706 5868 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    19:17:21.0706 5868 vsmraid - ok
    19:17:21.0894 5868 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
    19:17:21.0925 5868 VSS - ok
    19:17:22.0096 5868 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
    19:17:22.0112 5868 W32Time - ok
    19:17:22.0190 5868 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    19:17:22.0190 5868 WacomPen - ok
    19:17:22.0268 5868 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    19:17:22.0268 5868 Wanarp - ok
    19:17:22.0268 5868 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    19:17:22.0268 5868 Wanarpv6 - ok
    19:17:22.0362 5868 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
    19:17:22.0377 5868 wcncsvc - ok
    19:17:22.0408 5868 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
    19:17:22.0408 5868 WcsPlugInService - ok
    19:17:22.0440 5868 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    19:17:22.0440 5868 Wd - ok
    19:17:22.0564 5868 Wdf01000 (8d6811e168f047b674d6aa2daccfa180) C:\Windows\system32\drivers\Wdf01000.sys
    19:17:22.0564 5868 Wdf01000 - ok
    19:17:22.0611 5868 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    19:17:22.0611 5868 WdiServiceHost - ok
    19:17:22.0611 5868 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    19:17:22.0611 5868 WdiSystemHost - ok
    19:17:22.0674 5868 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
    19:17:22.0674 5868 WebClient - ok
    19:17:22.0752 5868 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
    19:17:22.0752 5868 Wecsvc - ok
    19:17:22.0767 5868 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
    19:17:22.0767 5868 wercplsupport - ok
    19:17:22.0814 5868 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
    19:17:22.0814 5868 WerSvc - ok
    19:17:22.0861 5868 WinDefend - ok
    19:17:22.0876 5868 WinHttpAutoProxySvc - ok
    19:17:22.0954 5868 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
    19:17:22.0970 5868 Winmgmt - ok
    19:17:23.0204 5868 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
    19:17:23.0251 5868 WinRM - ok
    19:17:23.0454 5868 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
    19:17:23.0469 5868 WinUSB - ok
    19:17:23.0563 5868 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
    19:17:23.0578 5868 Wlansvc - ok
    19:17:23.0594 5868 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
    19:17:23.0610 5868 WmiAcpi - ok
    19:17:23.0688 5868 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
    19:17:23.0688 5868 wmiApSrv - ok
    19:17:23.0734 5868 WMPNetworkSvc - ok
    19:17:23.0844 5868 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
    19:17:23.0859 5868 WMZuneComm - ok
    19:17:23.0890 5868 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
    19:17:23.0906 5868 WPCSvc - ok
    19:17:23.0953 5868 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
    19:17:23.0953 5868 WPDBusEnum - ok
    19:17:23.0984 5868 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    19:17:24.0000 5868 WpdUsb - ok
    19:17:24.0218 5868 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:17:24.0234 5868 WPFFontCache_v0400 - ok
    19:17:24.0280 5868 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    19:17:24.0280 5868 ws2ifsl - ok
    19:17:24.0327 5868 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
    19:17:24.0343 5868 wscsvc - ok
    19:17:24.0343 5868 WSearch - ok
    19:17:24.0624 5868 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
    19:17:24.0670 5868 wuauserv - ok
    19:17:24.0873 5868 WudfPf (ebd12de99c553f41f6a3b29d89978ac8) C:\Windows\system32\drivers\WudfPf.sys
    19:17:24.0873 5868 WudfPf - ok
    19:17:24.0967 5868 WUDFRd (85e41d1fb0e40a0ab06e5039d70268d4) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:17:24.0967 5868 WUDFRd - ok
    19:17:24.0982 5868 wudfsvc (ade1f9afab86d966747629309d59d51a) C:\Windows\System32\WUDFSvc.dll
    19:17:24.0982 5868 wudfsvc - ok
    19:17:25.0123 5868 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    19:17:25.0138 5868 YahooAUService - ok
    19:17:26.0028 5868 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
    19:17:26.0246 5868 ZuneNetworkSvc - ok
    19:17:26.0371 5868 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
    19:17:26.0386 5868 ZuneWlanCfgSvc - ok
    19:17:26.0418 5868 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    19:17:27.0042 5868 \Device\Harddisk0\DR0 - ok
    19:17:27.0042 5868 Boot (0x1200) (b6defcfca5c910474d589ea02c040259) \Device\Harddisk0\DR0\Partition0
    19:17:27.0042 5868 \Device\Harddisk0\DR0\Partition0 - ok
    19:17:27.0057 5868 ============================================================
    19:17:27.0057 5868 Scan finished
    19:17:27.0057 5868 ============================================================
    19:17:27.0073 7204 Detected object count: 0
    19:17:27.0073 7204 Actual detected object count: 0
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    That looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...