Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast antivirus goes berserk and now my computer is slow [Closed]

Started by mr. mason , Nov 22 2012 02:29 AM

  • This topic is locked This topic is locked

#1
mr. mason
Posted 22 November 2012 - 02:29 AM

mr. mason

    Member

  • Member
  • PipPip
  • 39 posts
Ok, to start i have a Toshiba satellite laptop with Windows 7 installed. A couple days ago my Avast Antivirus went berserk and started saying multiple items were infected, it said something from apple.com was infected, it said something from my router was infected, it even says avast itself was infected. It wouldn't allow any updates for avast either. I did a system restore but it didn't change anything. Following some advice from a friend i tried a program caled malwarebytes while booted in safe mode, i didn't turn up anything. after i scanned for a virus the alerts stopped. Unfortunately everything on my computer runs slower now, especially my firefox browser. I checked my cpu and it says its running at 100% capacity which i don't think is normal because i remember it fluxuating when the computer was healthy. I looked at all the processes on my computer but none of them are really sucking up power. I also tried to defragment my disk but it never makes it past 23%. I think i might have a virus thats found a way under the radar and I'm really hoping you guys can help me find it and get rid of it before it cripples my computer.

Edit: Oh! and when the virus alerts popped up, under URL it simply said mal.

Edited by mr. mason, 22 November 2012 - 02:32 AM.

  • 0

Advertisements

#2
Essexboy
Posted 22 November 2012 - 07:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I will need a look at your system. Did Avast state what the infection was ?

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
mr. mason
Posted 23 November 2012 - 01:53 AM

mr. mason

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Sorry for the delay, unfortunatly i don't remember what virus it said it was and i can't seem to find a virus log. anyway, heres the results.

OTL logfile created on: 11/22/2012 9:35:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 29.18% Memory free
3.74 Gb Paging File | 2.08 Gb Available in Paging File | 55.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.27 Gb Total Space | 39.80 Gb Free Space | 17.82% Space Free | Partition Type: NTFS
Drive E: | 7.34 Gb Total Space | 0.07 Gb Free Space | 1.02% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/22 21:32:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2012/10/30 14:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 20:51:00 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 15:41:12 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/08/20 09:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/15 12:35:50 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/25 10:30:55 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/06/25 10:30:06 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/14 00:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGGA.EXE
PRC - [2009/08/17 09:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/10 18:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 13:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 13:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 13:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 17:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 17:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 13:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 14:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 20:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/26 20:50:58 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/25 10:30:53 | 020,313,384 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/06/25 10:30:52 | 000,895,312 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/06/25 10:30:52 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/06/25 10:30:52 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/06/25 10:30:51 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/03 17:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/25 10:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 14:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 14:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 14:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 18:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll


========== Services (SafeList) ==========

SRV - [2012/10/30 14:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 20:50:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 18:36:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/25 10:30:55 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 08:25:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/17 09:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 18:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 13:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 17:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\owner\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/10/30 14:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 14:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 14:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 14:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 14:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/23 02:18:32 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/15 08:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/03/31 02:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 14:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/17 10:13:30 | 000,171,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 14:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/02 13:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {CE3693A1-C0A4-4948-8AA4-150CEF3B498E}
IE - HKLM\..\SearchScopes\{CE3693A1-C0A4-4948-8AA4-150CEF3B498E}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000\..\SearchScopes,DefaultScope = {CE3693A1-C0A4-4948-8AA4-150CEF3B498E}
IE - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000\..\SearchScopes\{CE3693A1-C0A4-4948-8AA4-150CEF3B498E}: "URL" = http://www.google.co...1I7TSNA_enUS454
IE - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1474
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/01 13:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 20:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 20:51:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/22 16:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2012/11/20 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\1e8cbnhk.default\extensions
[2012/11/20 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\1e8cbnhk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/11/20 20:49:01 | 000,035,785 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\1e8cbnhk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/10/26 20:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/01 13:59:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/10/26 20:51:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/17 23:03:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/20 12:02:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\owner\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000..\Run: [EPSON NX125 NX127 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1482579151-2758507890-3868046617-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F244AC38-518F-4202-B9D1-6F6275D158B4}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 01:35:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2012/11/21 01:35:26 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/11/21 01:35:25 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/11/21 01:35:25 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll
[2012/11/21 01:35:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2012/11/21 01:35:00 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OxpsConverter.exe
[2012/11/21 01:34:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys
[2012/11/21 01:30:43 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll
[2012/11/21 01:30:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll
[2012/11/20 23:44:25 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2012/11/20 23:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/20 23:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/20 23:44:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/11/20 23:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/14 23:41:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/14 23:36:36 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/11/14 23:36:08 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/11/14 23:32:42 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012/11/14 23:32:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012/11/14 23:31:41 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012/11/14 23:31:39 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012/11/14 23:30:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/11/14 23:30:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/11/14 23:30:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/11/14 23:30:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/11/14 23:30:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/11/14 23:30:52 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/11/14 23:30:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/11/14 23:30:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/11/14 22:27:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
[2012/11/14 22:27:00 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/10/26 20:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/24 19:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/22 22:38:32 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/22 21:51:13 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1482579151-2758507890-3868046617-1000UA.job
[2012/11/22 21:39:28 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/22 21:30:52 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/22 21:30:52 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/22 21:26:55 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat
[2012/11/22 20:38:49 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/22 19:14:10 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 19:14:10 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 19:03:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/22 19:03:18 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 13:15:23 | 000,087,040 | ---- | M] () -- C:\Users\owner\Documents\logs.wps
[2012/11/22 13:15:23 | 000,008,196 | ---- | M] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2012/11/21 07:29:02 | 000,361,112 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/21 02:10:53 | 000,007,605 | ---- | M] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2012/11/20 23:44:13 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/20 21:33:45 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
[2012/11/20 21:33:07 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/20 21:32:49 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/11/19 01:23:13 | 000,010,240 | ---- | M] () -- C:\Users\owner\Documents\sci.wps
[2012/11/18 19:52:56 | 000,010,240 | ---- | M] () -- C:\Users\owner\Documents\Totd.wps
[2012/11/14 09:55:59 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1482579151-2758507890-3868046617-1000Core.job
[2012/11/12 18:39:04 | 000,005,632 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/09 13:57:47 | 000,002,460 | ---- | M] () -- C:\Users\owner\Desktop\Google Chrome.lnk
[2012/10/30 14:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/10/30 14:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/10/30 14:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/10/30 14:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/10/30 14:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/10/30 14:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/10/30 14:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/10/29 19:50:20 | 003,003,453 | ---- | M] () -- C:\Users\owner\Desktop\Think Again (Final Version).mp3
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/22 21:26:54 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat
[2012/11/22 13:15:23 | 000,087,040 | ---- | C] () -- C:\Users\owner\Documents\logs.wps
[2012/11/21 02:10:53 | 000,007,605 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2012/11/20 23:44:13 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/19 01:23:12 | 000,010,240 | ---- | C] () -- C:\Users\owner\Documents\sci.wps
[2012/11/18 19:52:56 | 000,010,240 | ---- | C] () -- C:\Users\owner\Documents\Totd.wps
[2012/11/14 23:32:53 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 23:31:39 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/12 18:38:58 | 000,005,632 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/29 19:50:02 | 003,003,453 | ---- | C] () -- C:\Users\owner\Desktop\Think Again (Final Version).mp3
[2012/10/24 19:54:24 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/23 11:19:51 | 000,073,220 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2012/05/23 11:19:51 | 000,021,021 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2012/05/23 11:19:51 | 000,015,670 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2012/05/23 11:19:51 | 000,013,280 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2012/05/23 11:19:51 | 000,010,673 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2012/05/23 11:19:51 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2012/05/23 11:19:51 | 000,001,140 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2012/05/23 11:19:51 | 000,001,140 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2012/05/23 11:19:51 | 000,001,137 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2012/05/23 11:19:51 | 000,001,130 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2012/05/23 11:19:51 | 000,001,130 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2012/05/23 11:19:51 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2012/05/23 11:19:51 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2012/05/23 11:19:50 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2012/05/23 11:19:50 | 000,029,114 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2012/05/23 11:19:50 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2012/05/23 11:15:56 | 000,000,094 | ---- | C] () -- C:\windows\ENX125_127.ini
[2011/10/22 16:42:41 | 000,008,196 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2011/10/20 13:46:32 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/10/20 13:46:30 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/10/20 13:46:29 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/10/20 13:46:29 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/10/20 13:46:29 | 000,074,752 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/10/20 10:44:45 | 000,000,016 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2011/10/20 10:38:06 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/10/20 10:22:03 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2011/10/20 10:20:35 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/10/20 10:17:37 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2011/10/20 10:17:37 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 17:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 04:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 17:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 04:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 04:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 21:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 17:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 13:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 20:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 04:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 04:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/02 21:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 17:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 17:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 17:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 04:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 17:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 17:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 17:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 17:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 08:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 17:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 02:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/10 21:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 21:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 17:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 04:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 04:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 17:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 21:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 17:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 04:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 04:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 04:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 04:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 20:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 04:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 04:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 04:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 04:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 04:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 04:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 04:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 04:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 17:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 14:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 04:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 17:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 04:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 13:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 13:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/07/27 12:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 17:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 17:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 18:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 18:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 20:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 20:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 13:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 18:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 18:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 12:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 12:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 15:59:50 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 15:59:08 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 21:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 17:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009/07/13 13:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 13:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/13 13:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< End of report >

OTL Extras logfile created on: 11/22/2012 9:35:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 29.18% Memory free
3.74 Gb Paging File | 2.08 Gb Available in Paging File | 55.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.27 Gb Total Space | 39.80 Gb Free Space | 17.82% Space Free | Partition Type: NTFS
Drive E: | 7.34 Gb Total Space | 0.07 Gb Free Space | 1.02% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1482579151-2758507890-3868046617-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0361084C-F2E3-4EA7-8BDC-DC1335F93994}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{14C411CA-A094-4E73-93FC-B55B1CF25293}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D257334-DFDF-4675-B0D0-71CCEBB15185}" = lport=2869 | protocol=6 | dir=in | app=system |
"{284D458C-C552-49C9-9C55-DBC64F4E29B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C6C4F5E-26F8-4A0C-AF01-7819FD770A87}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{332B6D8C-CDBE-4FA5-89A4-63425037B515}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38D4DBC9-BD9B-4CA3-BEEF-F7D833B8F1BA}" = rport=137 | protocol=17 | dir=out | app=system |
"{45C63D7A-0BA0-4664-957F-1681E68F623D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4AD6EAB8-BA0C-4CB5-BF73-8D9DA2DB02CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4D1C4A48-8CB5-40DA-AFBF-90AE29F448FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4E50137F-5A51-47C5-8AE3-2BF0752937F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5776422E-052D-454D-93D8-E18135AF8F61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5AE1591B-FD16-4AE6-A486-8CDFD05D1132}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{670AF6D9-1C01-4768-8F17-6920A8702E08}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3B7489D-4999-4C41-8602-D63DB048E77F}" = lport=139 | protocol=6 | dir=in | app=system |
"{A6F6DCBD-3AEA-41C3-AFB7-6BA82F292BE3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B236E5FA-1F87-4DF1-BC8C-AFBBB5640F7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C055CC67-CF95-4819-8377-814DA2554C52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC302F1C-896A-4A0C-BEF4-61C6DCBB9A48}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB2E9DDB-9D96-4DE7-8B97-E898933712C8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DB4EE03F-F630-4324-9695-BCCF752427D4}" = lport=137 | protocol=17 | dir=in | app=system |
"{E9906946-D3EB-4BB6-882F-3810CA5AB6B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{ECFC5B93-0DD0-445C-ACD1-27952F52C8DC}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1463B9DE-8AB8-458E-A30D-70842260E595}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D5B453F-08ED-4BEA-A477-C451460D00E3}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{3CD0A72F-51F6-4ABC-BF37-CDEFE78B7990}" = protocol=6 | dir=out | app=system |
"{3CFB2D8A-2C78-4455-A556-99FE91E21F59}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{41DAF836-CE99-4D65-A121-E83CB316F5E5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{49A9E68B-1A7C-4A7E-8A21-C099E681DA63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AACEA17-0A67-4B5E-AAD5-2D2EF940B0BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6221BA24-FC0B-4E53-B05C-F7D63ADBDC51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{724396F1-B23A-40B9-897E-F2850ED0752A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74A33D3A-5C13-480D-8C07-566218324868}" = protocol=1 | dir=in | [email protected],-28543 |
"{799F26BE-9D93-4C1A-A4BC-3CC793DF2299}" = protocol=58 | dir=in | [email protected],-28545 |
"{888DAD93-35BE-44AE-98B1-AD47F6415810}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{923A3188-B206-497E-AFE9-AD687D3D4D84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AADD2041-5776-4AA5-A026-318CED2106E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6AD6B56-7C80-43B7-B54C-5F81216F0AFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B99E3498-1C5D-44E3-9923-460EE97515B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BB79BF87-1D59-4869-B2AB-1D00565EF089}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3020F99-4E2B-4891-9F53-A3117627223C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C7CB8861-1A3E-4597-8C5B-338417E0C8A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB0021E5-8F61-4933-B6EA-4A6AF914DA7A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DB265DB4-C595-4EA7-B6A4-48D9DA1C7E08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB87F41A-D2C7-46BC-9F70-4DB2B4902D90}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF31CF94-4EAF-4A1D-97F4-46E0C8994AB1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E3452FE2-52D0-4D5E-8659-2DC8F52C99F0}" = protocol=58 | dir=out | [email protected],-28546 |
"{ECDE125D-A9FF-4160-9FE9-AC85491A504D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F23995FA-4C5B-4823-B06D-89E1C493D294}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F6E22C56-491C-4203-B44A-4AAFEED1083C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F858BADA-0C2C-434F-99B9-D91EF1040881}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC3101BE-8268-4F83-A534-C22B0D202D97}" = protocol=1 | dir=out | [email protected],-28544 |
"{FE0E187F-6F4C-4B0E-BA92-C91D95E643D1}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{FFDB5134-39B8-4DAF-94E4-256CBB12C156}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{51D42FE4-D428-42A5-A15F-1267ACA90BAD}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{608859F7-1F31-409E-BBD9-19D8C0220D02}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{E46219F3-04BD-485F-B7F2-270908059FF2}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{23FBBCEA-28F4-4DA7-817A-40818074FAAE}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9128BE13-451C-4088-A2BB-63E3AEE69B03}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{E9501995-7BE6-41F0-8767-1DCE9D513988}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68205FFB-5918-43D4-B0D4-131DE9282046}" = Foxit Reader
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"EPSON NX125 NX127 Series" = EPSON NX125 NX127 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinAVI Video Converter" = WinAVI Video Converter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1482579151-2758507890-3868046617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2012 3:14:52 AM | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1120 Start
Time: 01cdc8808d0bef42 Termination Time: 127 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/22/2012 4:06:08 PM | Computer Name = owner-PC | Source = TOSHIBA Service Station | ID = 0
Description = TSS Load: could not communicate with TMachInfo service

Error - 11/22/2012 4:16:57 PM | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.6.3.25 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e5c Start
Time: 01cdc8edf7f41e21 Termination Time: 297 Application Path: C:\Program Files\iTunes\iTunes.exe

Report
Id:

Error - 11/22/2012 5:19:28 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2012 5:19:28 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7285

Error - 11/22/2012 5:19:28 PM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7285

Error - 11/22/2012 11:08:40 PM | Computer Name = owner-PC | Source = TOSHIBA Service Station | ID = 0
Description = TSS Load: could not communicate with TMachInfo service

Error - 11/22/2012 11:17:46 PM | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f30 Start
Time: 01cdc92754734b49 Termination Time: 5050 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/23/2012 1:19:12 AM | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1654 Start
Time: 01cdc939226a11c7 Termination Time: 5741 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/23/2012 2:26:23 AM | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 149c Start
Time: 01cdc93b04cb140d Termination Time: 748 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 11/22/2012 4:03:00 PM | Computer Name = owner-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 11/22/2012 4:10:17 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%16389

Error - 11/22/2012 4:14:08 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avast! Antivirus service.

Error - 11/22/2012 5:35:23 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 11/22/2012 11:05:49 PM | Computer Name = owner-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 11/22/2012 11:12:37 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%16389

Error - 11/23/2012 1:25:53 AM | Computer Name = owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/23/2012 1:25:54 AM | Computer Name = owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/23/2012 1:25:54 AM | Computer Name = owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/23/2012 1:25:55 AM | Computer Name = owner-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-22 20:18:50
-----------------------------
20:18:50.117 OS Version: Windows 6.1.7601 Service Pack 1
20:18:50.117 Number of processors: 1 586 0x170A
20:18:50.288 ComputerName: OWNER-PC UserName: owner
20:21:00.916 Initialize success
20:21:11.009 AVAST engine defs: 12112201
20:21:25.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:21:25.221 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
20:21:25.252 Disk 0 MBR read successfully
20:21:25.252 Disk 0 MBR scan
20:21:25.268 Disk 0 Windows VISTA default MBR code
20:21:25.283 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:21:25.299 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228633 MB offset 3074048
20:21:25.330 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8341 MB offset 471314432
20:21:25.346 Disk 0 scanning sectors +488396800
20:21:25.424 Disk 0 scanning C:\windows\system32\drivers
20:21:41.039 Service scanning
20:22:15.671 Modules scanning
20:23:41.830 Disk 0 trace - called modules:
20:23:42.361 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:23:42.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851c2648]
20:23:42.376 3 CLASSPNP.SYS[88dc359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85a8e028]
20:23:44.654 AVAST engine scan C:\windows
20:23:47.571 AVAST engine scan C:\windows\system32
20:28:33.176 AVAST engine scan C:\windows\system32\drivers
20:30:18.554 AVAST engine scan C:\Users\owner
21:16:22.916 AVAST engine scan C:\ProgramData
21:24:48.339 Scan finished successfully
21:26:54.939 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
21:26:55.155 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 23 November 2012 - 03:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm both logs show no real apparent malware

Lets check out the MBR

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#5
mr. mason
Posted 23 November 2012 - 02:11 PM

mr. mason

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I had to redo the scan because my computer powered down while i was copying my first report. it intially detected something and quarantined almost all of the files. I was able to pull up the quarantine and it consisted of configuration settings and DTA files. One was labled object and the others were labled tsk0000 the last number of each TSK file was varied between 0-6.

12:07:50.0562 1880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:07:51.0451 1880 ============================================================
12:07:51.0451 1880 Current date / time: 2012/11/23 12:07:51.0451
12:07:51.0451 1880 SystemInfo:
12:07:51.0451 1880
12:07:51.0451 1880 OS Version: 6.1.7601 ServicePack: 1.0
12:07:51.0451 1880 Product type: Workstation
12:07:51.0451 1880 ComputerName: OWNER-PC
12:07:51.0451 1880 UserName: owner
12:07:51.0451 1880 Windows directory: C:\windows
12:07:51.0451 1880 System windows directory: C:\windows
12:07:51.0451 1880 Processor architecture: Intel x86
12:07:51.0451 1880 Number of processors: 1
12:07:51.0451 1880 Page size: 0x1000
12:07:51.0451 1880 Boot type: Safe boot with network
12:07:51.0451 1880 ============================================================
12:07:54.0540 1880 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:07:54.0540 1880 ============================================================
12:07:54.0540 1880 \Device\Harddisk0\DR0:
12:07:54.0540 1880 MBR partitions:
12:07:54.0540 1880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BE8C800
12:07:54.0540 1880 ============================================================
12:07:54.0603 1880 C: <-> \Device\Harddisk0\DR0\Partition1
12:07:54.0603 1880 ============================================================
12:07:54.0603 1880 Initialize success
12:07:54.0603 1880 ============================================================
12:08:34.0305 0536 ============================================================
12:08:34.0305 0536 Scan started
12:08:34.0305 0536 Mode: Manual; SigCheck; TDLFS;
12:08:34.0305 0536 ============================================================
12:08:36.0036 0536 ================ Scan system memory ========================
12:08:36.0036 0536 System memory - ok
12:08:36.0036 0536 ================ Scan services =============================
12:08:36.0333 0536 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
12:08:36.0769 0536 1394ohci - ok
12:08:36.0847 0536 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
12:08:36.0863 0536 ACPI - ok
12:08:36.0925 0536 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
12:08:37.0222 0536 AcpiPmi - ok
12:08:37.0378 0536 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:08:37.0393 0536 AdobeARMservice - ok
12:08:37.0518 0536 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:08:37.0549 0536 AdobeFlashPlayerUpdateSvc - ok
12:08:37.0627 0536 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
12:08:37.0643 0536 adp94xx - ok
12:08:37.0659 0536 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
12:08:37.0674 0536 adpahci - ok
12:08:37.0690 0536 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
12:08:37.0705 0536 adpu320 - ok
12:08:37.0752 0536 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
12:08:38.0080 0536 AeLookupSvc - ok
12:08:38.0142 0536 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
12:08:38.0485 0536 AFD - ok
12:08:38.0610 0536 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
12:08:38.0797 0536 AgereSoftModem - ok
12:08:38.0829 0536 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
12:08:38.0844 0536 agp440 - ok
12:08:38.0953 0536 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
12:08:39.0000 0536 aic78xx - ok
12:08:39.0078 0536 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
12:08:39.0219 0536 ALG - ok
12:08:39.0312 0536 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
12:08:39.0312 0536 aliide - ok
12:08:39.0375 0536 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
12:08:39.0390 0536 amdagp - ok
12:08:39.0437 0536 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
12:08:39.0453 0536 amdide - ok
12:08:39.0484 0536 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
12:08:39.0577 0536 AmdK8 - ok
12:08:39.0609 0536 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
12:08:39.0765 0536 AmdPPM - ok
12:08:39.0843 0536 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
12:08:39.0858 0536 amdsata - ok
12:08:39.0905 0536 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
12:08:39.0921 0536 amdsbs - ok
12:08:39.0952 0536 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
12:08:39.0967 0536 amdxata - ok
12:08:40.0045 0536 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
12:08:40.0248 0536 AppID - ok
12:08:40.0295 0536 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
12:08:40.0545 0536 AppIDSvc - ok
12:08:40.0607 0536 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
12:08:40.0810 0536 Appinfo - ok
12:08:40.0919 0536 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:08:40.0919 0536 Apple Mobile Device - ok
12:08:40.0997 0536 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
12:08:41.0013 0536 arc - ok
12:08:41.0028 0536 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
12:08:41.0044 0536 arcsas - ok
12:08:41.0075 0536 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
12:08:41.0106 0536 aswFsBlk - ok
12:08:41.0231 0536 [ 026A545EACA7DAC6421D76A81061F5DE ] aswKbd C:\windows\system32\drivers\aswKbd.sys
12:08:41.0247 0536 aswKbd - ok
12:08:41.0325 0536 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
12:08:41.0325 0536 aswMonFlt - ok
12:08:41.0403 0536 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
12:08:41.0418 0536 aswRdr - ok
12:08:41.0512 0536 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
12:08:41.0543 0536 aswSnx - ok
12:08:41.0621 0536 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\windows\system32\drivers\aswSP.sys
12:08:41.0637 0536 aswSP - ok
12:08:41.0668 0536 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\windows\system32\drivers\aswTdi.sys
12:08:41.0683 0536 aswTdi - ok
12:08:41.0746 0536 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
12:08:41.0949 0536 AsyncMac - ok
12:08:42.0027 0536 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
12:08:42.0058 0536 atapi - ok
12:08:42.0136 0536 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:08:42.0245 0536 AudioEndpointBuilder - ok
12:08:42.0292 0536 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
12:08:42.0370 0536 Audiosrv - ok
12:08:42.0463 0536 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:08:42.0463 0536 avast! Antivirus - ok
12:08:42.0510 0536 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
12:08:42.0666 0536 AxInstSV - ok
12:08:42.0744 0536 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
12:08:42.0838 0536 b06bdrv - ok
12:08:42.0916 0536 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
12:08:42.0994 0536 b57nd60x - ok
12:08:43.0072 0536 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
12:08:43.0212 0536 BDESVC - ok
12:08:43.0243 0536 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
12:08:43.0368 0536 Beep - ok
12:08:43.0446 0536 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
12:08:43.0587 0536 BFE - ok
12:08:43.0649 0536 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
12:08:43.0774 0536 BITS - ok
12:08:43.0805 0536 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
12:08:43.0899 0536 blbdrive - ok
12:08:43.0977 0536 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:08:43.0992 0536 Bonjour Service - ok
12:08:44.0039 0536 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
12:08:44.0070 0536 bowser - ok
12:08:44.0117 0536 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
12:08:44.0226 0536 BrFiltLo - ok
12:08:44.0226 0536 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
12:08:44.0351 0536 BrFiltUp - ok
12:08:44.0398 0536 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
12:08:44.0491 0536 Browser - ok
12:08:44.0538 0536 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
12:08:44.0585 0536 Brserid - ok
12:08:44.0601 0536 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
12:08:44.0694 0536 BrSerWdm - ok
12:08:44.0710 0536 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
12:08:44.0757 0536 BrUsbMdm - ok
12:08:44.0772 0536 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
12:08:44.0881 0536 BrUsbSer - ok
12:08:44.0897 0536 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
12:08:44.0975 0536 BTHMODEM - ok
12:08:45.0037 0536 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
12:08:45.0147 0536 bthserv - ok
12:08:45.0193 0536 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
12:08:45.0318 0536 cdfs - ok
12:08:45.0412 0536 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
12:08:45.0474 0536 cdrom - ok
12:08:45.0537 0536 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
12:08:45.0693 0536 CertPropSvc - ok
12:08:45.0786 0536 [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
12:08:45.0802 0536 cfWiMAXService - ok
12:08:45.0849 0536 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
12:08:45.0911 0536 circlass - ok
12:08:45.0958 0536 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
12:08:45.0973 0536 CLFS - ok
12:08:46.0083 0536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:46.0098 0536 clr_optimization_v2.0.50727_32 - ok
12:08:46.0223 0536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:08:46.0254 0536 clr_optimization_v4.0.30319_32 - ok
12:08:46.0285 0536 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
12:08:46.0363 0536 CmBatt - ok
12:08:46.0426 0536 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
12:08:46.0441 0536 cmdide - ok
12:08:46.0488 0536 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
12:08:46.0519 0536 CNG - ok
12:08:46.0566 0536 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
12:08:46.0597 0536 Compbatt - ok
12:08:46.0675 0536 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
12:08:46.0722 0536 CompositeBus - ok
12:08:46.0753 0536 COMSysApp - ok
12:08:46.0816 0536 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
12:08:46.0816 0536 ConfigFree Service - ok
12:08:46.0863 0536 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
12:08:46.0878 0536 crcdisk - ok
12:08:46.0941 0536 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
12:08:47.0081 0536 CryptSvc - ok
12:08:47.0128 0536 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
12:08:47.0237 0536 DcomLaunch - ok
12:08:47.0284 0536 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
12:08:47.0409 0536 defragsvc - ok
12:08:47.0455 0536 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
12:08:47.0580 0536 DfsC - ok
12:08:47.0611 0536 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
12:08:47.0705 0536 Dhcp - ok
12:08:47.0752 0536 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
12:08:47.0877 0536 discache - ok
12:08:47.0923 0536 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
12:08:47.0939 0536 Disk - ok
12:08:48.0001 0536 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
12:08:48.0111 0536 Dnscache - ok
12:08:48.0157 0536 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
12:08:48.0267 0536 dot3svc - ok
12:08:48.0313 0536 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
12:08:48.0469 0536 DPS - ok
12:08:48.0516 0536 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
12:08:48.0563 0536 drmkaud - ok
12:08:48.0625 0536 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
12:08:48.0657 0536 DXGKrnl - ok
12:08:48.0719 0536 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
12:08:48.0828 0536 EapHost - ok
12:08:48.0937 0536 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
12:08:49.0140 0536 ebdrv - ok
12:08:49.0187 0536 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
12:08:49.0281 0536 EFS - ok
12:08:49.0374 0536 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
12:08:49.0468 0536 ehRecvr - ok
12:08:49.0499 0536 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
12:08:49.0624 0536 ehSched - ok
12:08:49.0686 0536 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
12:08:49.0717 0536 elxstor - ok
12:08:49.0764 0536 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
12:08:49.0827 0536 ErrDev - ok
12:08:49.0905 0536 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
12:08:50.0014 0536 EventSystem - ok
12:08:50.0061 0536 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
12:08:50.0139 0536 exfat - ok
12:08:50.0170 0536 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
12:08:50.0263 0536 fastfat - ok
12:08:50.0341 0536 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
12:08:50.0451 0536 Fax - ok
12:08:50.0497 0536 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
12:08:50.0591 0536 fdc - ok
12:08:50.0638 0536 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
12:08:50.0716 0536 fdPHost - ok
12:08:50.0747 0536 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
12:08:50.0841 0536 FDResPub - ok
12:08:50.0887 0536 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
12:08:50.0903 0536 FileInfo - ok
12:08:50.0903 0536 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
12:08:50.0950 0536 Filetrace - ok
12:08:50.0981 0536 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
12:08:51.0059 0536 flpydisk - ok
12:08:51.0090 0536 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
12:08:51.0106 0536 FltMgr - ok
12:08:51.0153 0536 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
12:08:51.0277 0536 FontCache - ok
12:08:51.0371 0536 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:08:51.0371 0536 FontCache3.0.0.0 - ok
12:08:51.0402 0536 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
12:08:51.0418 0536 FsDepends - ok
12:08:51.0465 0536 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
12:08:51.0496 0536 Fs_Rec - ok
12:08:51.0527 0536 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
12:08:51.0543 0536 fvevol - ok
12:08:51.0605 0536 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
12:08:51.0621 0536 gagp30kx - ok
12:08:51.0730 0536 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
12:08:51.0745 0536 GameConsoleService - ok
12:08:51.0777 0536 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:08:51.0777 0536 GEARAspiWDM - ok
12:08:51.0823 0536 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
12:08:51.0933 0536 gpsvc - ok
12:08:52.0042 0536 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:08:52.0042 0536 gupdate - ok
12:08:52.0057 0536 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:08:52.0057 0536 gupdatem - ok
12:08:52.0120 0536 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:08:52.0151 0536 gusvc - ok
12:08:52.0182 0536 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
12:08:52.0307 0536 hcw85cir - ok
12:08:52.0401 0536 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:08:52.0494 0536 HdAudAddService - ok
12:08:52.0557 0536 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
12:08:52.0650 0536 HDAudBus - ok
12:08:52.0697 0536 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
12:08:52.0775 0536 HidBatt - ok
12:08:52.0791 0536 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
12:08:52.0884 0536 HidBth - ok
12:08:52.0915 0536 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
12:08:53.0009 0536 HidIr - ok
12:08:53.0040 0536 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
12:08:53.0165 0536 hidserv - ok
12:08:53.0243 0536 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\drivers\hidusb.sys
12:08:53.0321 0536 HidUsb - ok
12:08:53.0352 0536 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
12:08:53.0493 0536 hkmsvc - ok
12:08:53.0524 0536 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:08:53.0586 0536 HomeGroupListener - ok
12:08:53.0586 0536 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:08:53.0711 0536 HomeGroupProvider - ok
12:08:53.0742 0536 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
12:08:53.0758 0536 HpSAMD - ok
12:08:53.0805 0536 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
12:08:53.0883 0536 HTTP - ok
12:08:53.0914 0536 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
12:08:53.0914 0536 hwpolicy - ok
12:08:54.0007 0536 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
12:08:54.0101 0536 i8042prt - ok
12:08:54.0163 0536 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
12:08:54.0163 0536 iaStor - ok
12:08:54.0226 0536 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
12:08:54.0241 0536 iaStorV - ok
12:08:54.0351 0536 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:08:54.0382 0536 idsvc - ok
12:08:54.0600 0536 [ 315AAAA2BC9BC778ADC0454B3CA8DCCE ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
12:08:54.0990 0536 igfx - ok
12:08:55.0053 0536 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
12:08:55.0053 0536 iirsp - ok
12:08:55.0115 0536 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
12:08:55.0224 0536 IKEEXT - ok
12:08:55.0333 0536 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
12:08:55.0583 0536 IntcAzAudAddService - ok
12:08:55.0630 0536 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
12:08:55.0645 0536 intelide - ok
12:08:55.0708 0536 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
12:08:55.0801 0536 intelppm - ok
12:08:55.0864 0536 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
12:08:56.0035 0536 IPBusEnum - ok
12:08:56.0067 0536 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
12:08:56.0160 0536 IpFilterDriver - ok
12:08:56.0254 0536 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
12:08:56.0379 0536 iphlpsvc - ok
12:08:56.0441 0536 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
12:08:56.0519 0536 IPMIDRV - ok
12:08:56.0550 0536 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
12:08:56.0613 0536 IPNAT - ok
12:08:56.0706 0536 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:08:56.0737 0536 iPod Service - ok
12:08:56.0784 0536 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
12:08:56.0847 0536 IRENUM - ok
12:08:56.0909 0536 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
12:08:56.0925 0536 isapnp - ok
12:08:56.0971 0536 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
12:08:56.0987 0536 iScsiPrt - ok
12:08:57.0018 0536 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
12:08:57.0034 0536 kbdclass - ok
12:08:57.0112 0536 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
12:08:57.0190 0536 kbdhid - ok
12:08:57.0221 0536 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
12:08:57.0268 0536 KeyIso - ok
12:08:57.0283 0536 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
12:08:57.0330 0536 KSecDD - ok
12:08:57.0330 0536 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
12:08:57.0346 0536 KSecPkg - ok
12:08:57.0408 0536 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
12:08:57.0517 0536 KtmRm - ok
12:08:57.0564 0536 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
12:08:57.0642 0536 LanmanServer - ok
12:08:57.0689 0536 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:08:57.0814 0536 LanmanWorkstation - ok
12:08:57.0876 0536 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
12:08:57.0985 0536 lltdio - ok
12:08:58.0032 0536 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
12:08:58.0157 0536 lltdsvc - ok
12:08:58.0188 0536 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
12:08:58.0282 0536 lmhosts - ok
12:08:58.0344 0536 [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
12:08:58.0344 0536 LPCFilter - ok
12:08:58.0407 0536 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
12:08:58.0422 0536 LSI_FC - ok
12:08:58.0453 0536 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
12:08:58.0469 0536 LSI_SAS - ok
12:08:58.0485 0536 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
12:08:58.0485 0536 LSI_SAS2 - ok
12:08:58.0500 0536 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
12:08:58.0516 0536 LSI_SCSI - ok
12:08:58.0547 0536 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
12:08:58.0625 0536 luafv - ok
12:08:58.0656 0536 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
12:08:58.0703 0536 Mcx2Svc - ok
12:08:58.0734 0536 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
12:08:58.0750 0536 megasas - ok
12:08:58.0765 0536 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
12:08:58.0781 0536 MegaSR - ok
12:08:58.0812 0536 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
12:08:58.0921 0536 MMCSS - ok
12:08:58.0937 0536 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
12:08:59.0046 0536 Modem - ok
12:08:59.0109 0536 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
12:08:59.0202 0536 monitor - ok
12:08:59.0280 0536 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\drivers\mouclass.sys
12:08:59.0296 0536 mouclass - ok
12:08:59.0343 0536 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
12:08:59.0421 0536 mouhid - ok
12:08:59.0467 0536 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
12:08:59.0483 0536 mountmgr - ok
12:08:59.0592 0536 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:08:59.0608 0536 MozillaMaintenance - ok
12:08:59.0655 0536 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
12:08:59.0655 0536 mpio - ok
12:08:59.0701 0536 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
12:08:59.0748 0536 mpsdrv - ok
12:08:59.0811 0536 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
12:08:59.0982 0536 MpsSvc - ok
12:09:00.0013 0536 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
12:09:00.0091 0536 MRxDAV - ok
12:09:00.0138 0536 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
12:09:00.0232 0536 mrxsmb - ok
12:09:00.0279 0536 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
12:09:00.0325 0536 mrxsmb10 - ok
12:09:00.0341 0536 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
12:09:00.0388 0536 mrxsmb20 - ok
12:09:00.0450 0536 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
12:09:00.0466 0536 msahci - ok
12:09:00.0528 0536 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
12:09:00.0544 0536 msdsm - ok
12:09:00.0575 0536 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
12:09:00.0684 0536 MSDTC - ok
12:09:00.0715 0536 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
12:09:00.0825 0536 Msfs - ok
12:09:00.0840 0536 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
12:09:00.0949 0536 mshidkmdf - ok
12:09:01.0012 0536 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
12:09:01.0027 0536 msisadrv - ok
12:09:01.0090 0536 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
12:09:01.0199 0536 MSiSCSI - ok
12:09:01.0215 0536 msiserver - ok
12:09:01.0277 0536 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
12:09:01.0433 0536 MSKSSRV - ok
12:09:01.0449 0536 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
12:09:01.0558 0536 MSPCLOCK - ok
12:09:01.0573 0536 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
12:09:01.0636 0536 MSPQM - ok
12:09:01.0683 0536 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
12:09:01.0698 0536 MsRPC - ok
12:09:01.0729 0536 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
12:09:01.0745 0536 mssmbios - ok
12:09:01.0807 0536 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
12:09:01.0870 0536 MSTEE - ok
12:09:01.0885 0536 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
12:09:01.0885 0536 MTConfig - ok
12:09:01.0901 0536 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
12:09:01.0917 0536 Mup - ok
12:09:01.0963 0536 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
12:09:02.0088 0536 napagent - ok
12:09:02.0135 0536 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
12:09:02.0260 0536 NativeWifiP - ok
12:09:02.0307 0536 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
12:09:02.0338 0536 NDIS - ok
12:09:02.0385 0536 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
12:09:02.0494 0536 NdisCap - ok
12:09:02.0541 0536 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
12:09:02.0665 0536 NdisTapi - ok
12:09:02.0728 0536 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
12:09:02.0837 0536 Ndisuio - ok
12:09:02.0884 0536 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
12:09:02.0962 0536 NdisWan - ok
12:09:02.0962 0536 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
12:09:02.0993 0536 NDProxy - ok
12:09:03.0040 0536 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
12:09:03.0180 0536 NetBIOS - ok
12:09:03.0211 0536 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
12:09:03.0305 0536 NetBT - ok
12:09:03.0321 0536 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
12:09:03.0383 0536 Netlogon - ok
12:09:03.0445 0536 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
12:09:03.0539 0536 Netman - ok
12:09:03.0555 0536 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
12:09:03.0679 0536 netprofm - ok
12:09:03.0726 0536 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:09:03.0726 0536 NetTcpPortSharing - ok
12:09:03.0789 0536 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
12:09:03.0789 0536 nfrd960 - ok
12:09:03.0851 0536 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
12:09:03.0929 0536 NlaSvc - ok
12:09:03.0960 0536 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
12:09:04.0054 0536 Npfs - ok
12:09:04.0085 0536 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
12:09:04.0179 0536 nsi - ok
12:09:04.0194 0536 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
12:09:04.0257 0536 nsiproxy - ok
12:09:04.0335 0536 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
12:09:04.0366 0536 Ntfs - ok
12:09:04.0413 0536 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
12:09:04.0506 0536 Null - ok
12:09:04.0537 0536 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
12:09:04.0553 0536 nvraid - ok
12:09:04.0600 0536 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
12:09:04.0615 0536 nvstor - ok
12:09:04.0647 0536 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
12:09:04.0662 0536 nv_agp - ok
12:09:04.0771 0536 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:09:04.0787 0536 odserv - ok
12:09:04.0834 0536 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
12:09:04.0912 0536 ohci1394 - ok
12:09:04.0990 0536 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:09:05.0005 0536 ose - ok
12:09:05.0037 0536 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
12:09:05.0161 0536 p2pimsvc - ok
12:09:05.0193 0536 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
12:09:05.0224 0536 p2psvc - ok
12:09:05.0271 0536 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
12:09:05.0286 0536 Parport - ok
12:09:05.0349 0536 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
12:09:05.0349 0536 partmgr - ok
12:09:05.0395 0536 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
12:09:05.0489 0536 Parvdm - ok
12:09:05.0536 0536 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
12:09:05.0583 0536 PcaSvc - ok
12:09:05.0614 0536 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
12:09:05.0629 0536 pci - ok
12:09:05.0707 0536 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
12:09:05.0707 0536 pciide - ok
12:09:05.0770 0536 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
12:09:05.0770 0536 pcmcia - ok
12:09:05.0801 0536 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
12:09:05.0817 0536 pcw - ok
12:09:05.0848 0536 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
12:09:05.0973 0536 PEAUTH - ok
12:09:06.0066 0536 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
12:09:06.0191 0536 pla - ok
12:09:06.0238 0536 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
12:09:06.0300 0536 PlugPlay - ok
12:09:06.0331 0536 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
12:09:06.0425 0536 PNRPAutoReg - ok
12:09:06.0456 0536 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
12:09:06.0503 0536 PNRPsvc - ok
12:09:06.0565 0536 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
12:09:06.0675 0536 PolicyAgent - ok
12:09:06.0721 0536 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
12:09:06.0846 0536 Power - ok
12:09:06.0909 0536 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
12:09:07.0018 0536 PptpMiniport - ok
12:09:07.0049 0536 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
12:09:07.0127 0536 Processor - ok
12:09:07.0174 0536 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
12:09:07.0267 0536 ProfSvc - ok
12:09:07.0283 0536 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
12:09:07.0314 0536 ProtectedStorage - ok
12:09:07.0361 0536 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
12:09:07.0455 0536 Psched - ok
12:09:07.0501 0536 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
12:09:07.0548 0536 ql2300 - ok
12:09:07.0564 0536 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
12:09:07.0579 0536 ql40xx - ok
12:09:07.0626 0536 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
12:09:07.0704 0536 QWAVE - ok
12:09:07.0751 0536 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
12:09:07.0782 0536 QWAVEdrv - ok
12:09:07.0813 0536 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
12:09:07.0891 0536 RasAcd - ok
12:09:07.0938 0536 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
12:09:08.0047 0536 RasAgileVpn - ok
12:09:08.0094 0536 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
12:09:08.0235 0536 RasAuto - ok
12:09:08.0266 0536 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
12:09:08.0344 0536 Rasl2tp - ok
12:09:08.0406 0536 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
12:09:08.0531 0536 RasMan - ok
12:09:08.0562 0536 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
12:09:08.0656 0536 RasPppoe - ok
12:09:08.0703 0536 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
12:09:08.0796 0536 RasSstp - ok
12:09:08.0827 0536 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
12:09:08.0937 0536 rdbss - ok
12:09:08.0983 0536 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
12:09:09.0015 0536 rdpbus - ok
12:09:09.0061 0536 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
12:09:09.0186 0536 RDPCDD - ok
12:09:09.0233 0536 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
12:09:09.0327 0536 RDPENCDD - ok
12:09:09.0342 0536 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
12:09:09.0405 0536 RDPREFMP - ok
12:09:09.0436 0536 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
12:09:09.0545 0536 RDPWD - ok
12:09:09.0592 0536 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
12:09:09.0623 0536 rdyboost - ok
12:09:09.0670 0536 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
12:09:09.0717 0536 RemoteAccess - ok
12:09:09.0763 0536 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
12:09:09.0857 0536 RemoteRegistry - ok
12:09:09.0904 0536 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
12:09:10.0029 0536 RpcEptMapper - ok
12:09:10.0075 0536 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
12:09:10.0153 0536 RpcLocator - ok
12:09:10.0200 0536 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
12:09:10.0247 0536 RpcSs - ok
12:09:10.0309 0536 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
12:09:10.0419 0536 rspndr - ok
12:09:10.0497 0536 [ 07F66CA7DB9608806CA2EF1970DABA58 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
12:09:10.0590 0536 RSUSBSTOR - ok
12:09:10.0653 0536 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
12:09:10.0746 0536 RTL8167 - ok
12:09:10.0855 0536 [ 949F74CB383A1D5DA67AEA9CCD4A8B87 ] RTL8187B C:\windows\system32\DRIVERS\RTL8187B.sys
12:09:10.0965 0536 RTL8187B - ok
12:09:10.0965 0536 RtsUIR - ok
12:09:11.0011 0536 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
12:09:11.0058 0536 SamSs - ok
12:09:11.0136 0536 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
12:09:11.0152 0536 sbp2port - ok
12:09:11.0214 0536 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
12:09:11.0277 0536 SCardSvr - ok
12:09:11.0308 0536 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
12:09:11.0448 0536 scfilter - ok
12:09:11.0495 0536 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
12:09:11.0620 0536 Schedule - ok
12:09:11.0635 0536 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
12:09:11.0698 0536 SCPolicySvc - ok
12:09:11.0729 0536 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
12:09:11.0838 0536 SDRSVC - ok
12:09:11.0885 0536 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
12:09:12.0025 0536 secdrv - ok
12:09:12.0072 0536 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
12:09:12.0150 0536 seclogon - ok
12:09:12.0197 0536 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
12:09:12.0291 0536 SENS - ok
12:09:12.0322 0536 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
12:09:12.0431 0536 SensrSvc - ok
12:09:12.0447 0536 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
12:09:12.0525 0536 Serenum - ok
12:09:12.0587 0536 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
12:09:12.0681 0536 Serial - ok
12:09:12.0712 0536 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
12:09:12.0790 0536 sermouse - ok
12:09:12.0837 0536 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
12:09:12.0961 0536 SessionEnv - ok
12:09:12.0993 0536 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
12:09:13.0102 0536 sffdisk - ok
12:09:13.0133 0536 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
12:09:13.0211 0536 sffp_mmc - ok
12:09:13.0242 0536 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
12:09:13.0320 0536 sffp_sd - ok
12:09:13.0367 0536 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
12:09:13.0429 0536 sfloppy - ok
12:09:13.0492 0536 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
12:09:13.0554 0536 SharedAccess - ok
12:09:13.0601 0536 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:09:13.0726 0536 ShellHWDetection - ok
12:09:13.0757 0536 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
12:09:13.0773 0536 sisagp - ok
12:09:13.0835 0536 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
12:09:13.0835 0536 SiSRaid2 - ok
12:09:13.0851 0536 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
12:09:13.0866 0536 SiSRaid4 - ok
12:09:13.0897 0536 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
12:09:13.0975 0536 Smb - ok
12:09:14.0022 0536 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
12:09:14.0053 0536 SNMPTRAP - ok
12:09:14.0069 0536 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
12:09:14.0085 0536 spldr - ok
12:09:14.0163 0536 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
12:09:14.0256 0536 Spooler - ok
12:09:14.0350 0536 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
12:09:14.0615 0536 sppsvc - ok
12:09:14.0646 0536 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
12:09:14.0724 0536 sppuinotify - ok
12:09:14.0755 0536 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
12:09:14.0818 0536 srv - ok
12:09:14.0833 0536 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
12:09:14.0865 0536 srv2 - ok
12:09:14.0896 0536 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
12:09:14.0989 0536 srvnet - ok
12:09:15.0052 0536 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
12:09:15.0161 0536 SSDPSRV - ok
12:09:15.0177 0536 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
12:09:15.0301 0536 SstpSvc - ok
12:09:15.0348 0536 Steam Client Service - ok
12:09:15.0379 0536 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
12:09:15.0395 0536 stexstor - ok
12:09:15.0457 0536 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
12:09:15.0551 0536 StiSvc - ok
12:09:15.0613 0536 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
12:09:15.0629 0536 swenum - ok
12:09:15.0676 0536 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
12:09:15.0738 0536 swprv - ok
12:09:15.0801 0536 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
12:09:15.0816 0536 SynTP - ok
12:09:15.0894 0536 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
12:09:15.0957 0536 SysMain - ok
12:09:15.0988 0536 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
12:09:16.0050 0536 TabletInputService - ok
12:09:16.0081 0536 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
12:09:16.0175 0536 TapiSrv - ok
12:09:16.0222 0536 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
12:09:16.0315 0536 TBS - ok
12:09:16.0425 0536 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
12:09:16.0487 0536 Tcpip - ok
12:09:16.0565 0536 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
12:09:16.0596 0536 TCPIP6 - ok
12:09:16.0659 0536 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
12:09:16.0737 0536 tcpipreg - ok
12:09:16.0799 0536 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
12:09:16.0799 0536 tdcmdpst - ok
12:09:16.0846 0536 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
12:09:16.0971 0536 TDPIPE - ok
12:09:16.0986 0536 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
12:09:17.0064 0536 TDTCP - ok
12:09:17.0095 0536 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
12:09:17.0205 0536 tdx - ok
12:09:17.0267 0536 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
12:09:17.0283 0536 TermDD - ok
12:09:17.0314 0536 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
12:09:17.0392 0536 TermService - ok
12:09:17.0423 0536 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
12:09:17.0454 0536 Themes - ok
12:09:17.0485 0536 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
12:09:17.0548 0536 THREADORDER - ok
12:09:17.0595 0536 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:09:17.0610 0536 TMachInfo - ok
12:09:17.0641 0536 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\Windows\system32\TODDSrv.exe
12:09:17.0673 0536 TODDSrv - ok
12:09:17.0751 0536 [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
12:09:17.0766 0536 TosCoSrv - ok
12:09:17.0875 0536 [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:09:17.0891 0536 TOSHIBA HDD SSD Alert Service - ok
12:09:17.0969 0536 [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32 C:\windows\system32\DRIVERS\tos_sps32.sys
12:09:17.0985 0536 tos_sps32 - ok
12:09:18.0047 0536 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
12:09:18.0141 0536 TrkWks - ok
12:09:18.0219 0536 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:09:18.0312 0536 TrustedInstaller - ok
12:09:18.0328 0536 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
12:09:18.0437 0536 tssecsrv - ok
12:09:18.0484 0536 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
12:09:18.0577 0536 TsUsbFlt - ok
12:09:18.0640 0536 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
12:09:18.0749 0536 tunnel - ok
12:09:18.0796 0536 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
12:09:18.0796 0536 TVALZ - ok
12:09:18.0843 0536 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
12:09:18.0858 0536 uagp35 - ok
12:09:18.0905 0536 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
12:09:19.0061 0536 udfs - ok
12:09:19.0108 0536 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
12:09:19.0186 0536 UI0Detect - ok
12:09:19.0217 0536 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
12:09:19.0233 0536 uliagpkx - ok
12:09:19.0264 0536 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
12:09:19.0373 0536 umbus - ok
12:09:19.0420 0536 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
12:09:19.0435 0536 UmPass - ok
12:09:19.0467 0536 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
12:09:19.0513 0536 upnphost - ok
12:09:19.0607 0536 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
12:09:19.0654 0536 USBAAPL - ok
12:09:19.0732 0536 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys
12:09:19.0779 0536 usbaudio - ok
12:09:19.0810 0536 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\drivers\usbccgp.sys
12:09:19.0919 0536 usbccgp - ok
12:09:19.0919 0536 USBCCID - ok
12:09:19.0966 0536 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
12:09:20.0013 0536 usbcir - ok
12:09:20.0059 0536 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
12:09:20.0091 0536 usbehci - ok
12:09:20.0137 0536 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
12:09:20.0169 0536 usbhub - ok
12:09:20.0215 0536 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
12:09:20.0309 0536 usbohci - ok
12:09:20.0371 0536 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
12:09:20.0418 0536 usbprint - ok
12:09:20.0465 0536 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
12:09:20.0543 0536 usbscan - ok
12:09:20.0574 0536 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
12:09:20.0683 0536 USBSTOR - ok
12:09:20.0730 0536 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
12:09:20.0777 0536 usbuhci - ok
12:09:20.0824 0536 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
12:09:20.0933 0536 UxSms - ok
12:09:20.0964 0536 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
12:09:20.0995 0536 VaultSvc - ok
12:09:21.0058 0536 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
12:09:21.0073 0536 vdrvroot - ok
12:09:21.0120 0536 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
12:09:21.0245 0536 vds - ok
12:09:21.0307 0536 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
12:09:21.0401 0536 vga - ok
12:09:21.0448 0536 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
12:09:21.0479 0536 VgaSave - ok
12:09:21.0541 0536 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
12:09:21.0557 0536 vhdmp - ok
12:09:21.0588 0536 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
12:09:21.0604 0536 viaagp - ok
12:09:21.0651 0536 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
12:09:21.0729 0536 ViaC7 - ok
12:09:21.0775 0536 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
12:09:21.0791 0536 viaide - ok
12:09:21.0822 0536 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
12:09:21.0838 0536 volmgr - ok
12:09:21.0885 0536 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
12:09:21.0900 0536 volmgrx - ok
12:09:21.0947 0536 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
12:09:21.0963 0536 volsnap - ok
12:09:22.0009 0536 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
12:09:22.0025 0536 vsmraid - ok
12:09:22.0103 0536 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
12:09:22.0228 0536 VSS - ok
12:09:22.0259 0536 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
12:09:22.0290 0536 vwifibus - ok
12:09:22.0337 0536 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
12:09:22.0415 0536 vwififlt - ok
12:09:22.0462 0536 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
12:09:22.0555 0536 W32Time - ok
12:09:22.0571 0536 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
12:09:22.0633 0536 WacomPen - ok
12:09:22.0680 0536 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
12:09:22.0805 0536 WANARP - ok
12:09:22.0805 0536 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
12:09:22.0836 0536 Wanarpv6 - ok
12:09:22.0945 0536 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
12:09:22.0977 0536 WatAdminSvc - ok
12:09:23.0039 0536 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
12:09:23.0195 0536 wbengine - ok
12:09:23.0226 0536 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
12:09:23.0320 0536 WbioSrvc - ok
12:09:23.0382 0536 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
12:09:23.0429 0536 wcncsvc - ok
12:09:23.0445 0536 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:09:23.0523 0536 WcsPlugInService - ok
12:09:23.0554 0536 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
12:09:23.0554 0536 Wd - ok
12:09:23.0601 0536 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
12:09:23.0679 0536 Wdf01000 - ok
12:09:23.0725 0536 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
12:09:23.0881 0536 WdiServiceHost - ok
12:09:23.0881 0536 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
12:09:23.0913 0536 WdiSystemHost - ok
12:09:23.0944 0536 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
12:09:24.0022 0536 WebClient - ok
12:09:24.0069 0536 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
12:09:24.0147 0536 Wecsvc - ok
12:09:24.0178 0536 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
12:09:24.0271 0536 wercplsupport - ok
12:09:24.0303 0536 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
12:09:24.0396 0536 WerSvc - ok
12:09:24.0443 0536 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
12:09:24.0505 0536 WfpLwf - ok
12:09:24.0537 0536 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
12:09:24.0552 0536 WIMMount - ok
12:09:24.0630 0536 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:09:24.0708 0536 WinDefend - ok
12:09:24.0724 0536 WinHttpAutoProxySvc - ok
12:09:24.0802 0536 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
12:09:24.0849 0536 Winmgmt - ok
12:09:24.0927 0536 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
12:09:25.0098 0536 WinRM - ok
12:09:25.0192 0536 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
12:09:25.0270 0536 WinUsb - ok
12:09:25.0332 0536 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
12:09:25.0441 0536 Wlansvc - ok
12:09:25.0504 0536 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
12:09:25.0597 0536 WmiAcpi - ok
12:09:25.0644 0536 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
12:09:25.0722 0536 wmiApSrv - ok
12:09:25.0878 0536 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:09:25.0956 0536 WMPNetworkSvc - ok
12:09:25.0987 0536 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
12:09:26.0050 0536 WPCSvc - ok
12:09:26.0081 0536 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
12:09:26.0190 0536 WPDBusEnum - ok
12:09:26.0221 0536 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
12:09:26.0331 0536 ws2ifsl - ok
12:09:26.0362 0536 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
12:09:26.0440 0536 wscsvc - ok
12:09:26.0455 0536 WSearch - ok
12:09:26.0549 0536 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
12:09:26.0596 0536 wuauserv - ok
12:09:26.0643 0536 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
12:09:26.0705 0536 WudfPf - ok
12:09:26.0736 0536 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
12:09:26.0845 0536 WUDFRd - ok
12:09:26.0892 0536 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
12:09:26.0986 0536 wudfsvc - ok
12:09:27.0033 0536 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
12:09:27.0064 0536 WwanSvc - ok
12:09:27.0111 0536 ================ Scan global ===============================
12:09:27.0157 0536 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
12:09:27.0204 0536 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
12:09:27.0220 0536 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
12:09:27.0267 0536 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
12:09:27.0313 0536 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
12:09:27.0313 0536 [Global] - ok
12:09:27.0313 0536 ================ Scan MBR ==================================
12:09:27.0329 0536 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
12:09:27.0579 0536 \Device\Harddisk0\DR0 - ok
12:09:27.0579 0536 ================ Scan VBR ==================================
12:09:27.0610 0536 [ 980DFCB675C16389197891948B813BF7 ] \Device\Harddisk0\DR0\Partition1
12:09:27.0610 0536 \Device\Harddisk0\DR0\Partition1 - ok
12:09:27.0610 0536 ============================================================
12:09:27.0610 0536 Scan finished
12:09:27.0610 0536 ============================================================
12:09:27.0625 0284 Detected object count: 0
12:09:27.0625 0284 Actual detected object count:

Edited by mr. mason, 23 November 2012 - 02:47 PM.

  • 0

#6
Essexboy
Posted 23 November 2012 - 02:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are there any files in the Avast virus chest ?

Also could you give me a screenshot of task manager showing the high CPU usage
  • 0

#7
mr. mason
Posted 23 November 2012 - 03:01 PM

mr. mason

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
yes, there are 4 items. The oldest item was dated at august 21. Its listed as 0.2823200105315616. The last three items have been there since the third of this month. the first one there is hmfvtru/vekumdavtbv.class. the second one is listed as iLividSetupV1.exe. the last is untyuerg.class.

How do i take a screenshot ?
  • 0

#8
Essexboy
Posted 23 November 2012 - 04:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Open task manager and leave on the desktop
Go start > all programs > accessories and select snipping tool


Then draw around task manager and then attach the screenshot

The files in the chest are classified as Potentially Unwanted Programmes ... And iLivid is definitely one of those
  • 0

#9
mr. mason
Posted 23 November 2012 - 04:28 PM

mr. mason

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Posted Image

Edited by mr. mason, 23 November 2012 - 04:32 PM.

  • 0

#10
Essexboy
Posted 24 November 2012 - 07:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you select the other tab .. Processes please

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
Posted Image
Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

Advertisements

#11
mr. mason
Posted 24 November 2012 - 02:29 PM

mr. mason

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
the scan's gonna take awhile. while we're waiting, here's the tab you asked for.


Posted Image

Edited by mr. mason, 24 November 2012 - 02:31 PM.

  • 0

#12
Essexboy
Posted 24 November 2012 - 02:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you have task manager open at processes could you select all users and click the CPU arrow so that the process using the most is at the top


  • 0

#13
mr. mason
Posted 24 November 2012 - 02:54 PM

mr. mason

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Posted Image
  • 0

#14
Essexboy
Posted 24 November 2012 - 03:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok that shows that svchost is the culprit

I will wait for the AVP report to look in that area
  • 0

#15
mr. mason
Posted 25 November 2012 - 12:40 PM

mr. mason

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ok, so the scan is still going and so far i've picked up two viruses, both are listed as trojans. one is Rootkit.win32.tdss.gq

the other is listed as trojan.win32.genome.yzrg
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP