Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with rootkit virus, malwarebytes blocking incoming ports.


  • This topic is locked This topic is locked
25 replies to this topic

#1 Yukon_Jack

Yukon_Jack

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 20 February 2013 - 05:48 PM

Malwarebytes keeps blocking malicious threats from various ports (such as 51962, 52214, 52234). and the same popup ads come up over and over. I use Google Chrome and have adblock and adblock plus and have never had anything like this happen. 

 

Here is the DDS log. Thank-you. 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by lastofmykind at 11:35:28 on 2013-02-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.2814.944 [GMT -6:00]
.

 

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\SysWOW64\LxrSII1s.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Last.fm\iPodScrobbler.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=CA&userid=27f0dd94-5490-4972-b129-ab2b8267aeaf&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=CA&userid=27f0dd94-5490-4972-b129-ab2b8267aeaf&searchtype=ds&q={searchTerms}
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mStart Page = hxxp://www.toshiba.ca/welcome
mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=CA&userid=27f0dd94-5490-4972-b129-ab2b8267aeaf&searchtype=ds&q={searchTerms}
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleChromeAutoLaunch_36345B804AC5060B095B5B056AA2600C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~2\FLASHS~1\save.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 65.87.230.4 65.87.230.5
TCP: Interfaces\{AC2A14A1-3D0E-468A-A40B-24892515D760} : DHCPNameServer = 65.87.230.4 65.87.230.5
TCP: Interfaces\{AC2A14A1-3D0E-468A-A40B-24892515D760}\2375942554338363 : DHCPNameServer = 172.16.1.254
TCP: Interfaces\{AC2A14A1-3D0E-468A-A40B-24892515D760}\2375942554434383 : DHCPNameServer = 172.16.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-1-26 482384]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-1-26 203264]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 iPodDrv;iPodDrv;C:\windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]
R2 LxrSII1d;Secure II Driver;C:\windows\System32\drivers\LxrSII1d.sys [2012-3-4 63064]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 busenum;SteelBusSvc;C:\windows\System32\drivers\SteelBus64.sys [2012-11-11 131072]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-2-14 24176]
R3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-1-26 215040]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-5-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-1-26 35008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-14 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-1-26 222208]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\windows\System32\drivers\WsAudioDevice_383S(1).sys [2011-8-26 29288]
.
=============== Created Last 30 ================
.
2013-02-16 06:18:07    9161176    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F2BE039-0E48-40A0-875E-27E576AD0E38}\mpengine.dll
2013-02-15 20:24:19    --------    d-----w-    C:\Program Files (x86)\Panda Security
2013-02-15 01:57:53    --------    d-----w-    C:\Program Files (x86)\ESET
2013-02-14 20:32:39    --------    d-----w-    C:\Users\lastofmykind\AppData\Roaming\Malwarebytes
2013-02-14 20:32:12    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-02-14 20:32:06    24176    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-02-14 20:32:05    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-14 20:31:47    --------    d-----w-    C:\Users\lastofmykind\AppData\Local\Programs
2013-02-14 18:25:10    3072    ----a-w-    C:\windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-02-14 18:25:09    13312    ----a-w-    C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-02-14 18:25:09    13312    ----a-w-    C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-02-14 18:25:08    15360    ----a-w-    C:\windows\System32\RdpGroupPolicyExtension.dll
2013-02-14 18:25:04    19456    ----a-w-    C:\windows\System32\drivers\rdpvideominiport.sys
2013-02-14 18:25:03    57856    ----a-w-    C:\windows\System32\drivers\TsUsbFlt.sys
2013-02-14 18:19:53    9161176    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-14 18:19:44    514560    ----a-w-    C:\windows\SysWow64\qdvd.dll
2013-02-14 18:19:44    366592    ----a-w-    C:\windows\System32\qdvd.dll
2013-02-14 18:19:35    340992    ----a-w-    C:\windows\System32\schannel.dll
2013-02-14 18:19:33    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2013-02-14 18:19:32    458712    ----a-w-    C:\windows\System32\drivers\cng.sys
2013-02-14 18:19:30    154480    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2013-02-14 18:19:28    1448448    ----a-w-    C:\windows\System32\lsasrv.dll
2013-02-14 18:19:27    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2013-02-14 18:19:26    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2013-02-14 15:55:04    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:55:03    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 20:18:58    5553512    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-02-13 20:18:55    3967848    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 20:18:52    3913064    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-02-13 20:18:30    3153408    ----a-w-    C:\windows\System32\win32k.sys
2013-02-13 20:18:22    215040    ----a-w-    C:\windows\System32\winsrv.dll
2013-02-13 20:18:18    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-02-13 20:18:17    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-02-13 20:18:16    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-02-13 20:18:16    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-02-13 20:18:13    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-02-13 20:18:00    1913192    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-02-13 20:17:57    288088    ----a-w-    C:\windows\System32\drivers\FWPKCLNT.SYS
2013-02-06 23:22:02    --------    d-----w-    C:\Users\lastofmykind\AppData\Local\doubleTwist Corporation
2013-02-06 23:21:46    --------    d-----w-    C:\Program Files (x86)\Common Files\doubleTwist
2013-02-06 23:18:47    --------    d-----w-    C:\Program Files (x86)\doubleTwist 2.0
2013-02-06 04:52:47    --------    d-----w-    C:\windows\SysWow64\Adobe
2013-01-31 03:57:36    417792    ----a-w-    C:\Program Files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2013-01-31 01:54:23    --------    d-----w-    C:\Users\lastofmykind\AppData\Local\SteelSeries_ApS
2013-01-31 01:52:39    --------    d-----w-    C:\Users\lastofmykind\AppData\Roaming\SteelSeries
2013-01-31 01:50:57    --------    d-----w-    C:\ProgramData\SteelSeries
2013-01-31 01:48:34    --------    d-----w-    C:\Program Files\SteelSeries
2013-01-20 21:59:04    230320    ----a-w-    C:\windows\System32\drivers\MpFilter.sys
.
==================== Find3M  ====================
.
2013-02-14 16:46:52    71024    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 16:46:52    691568    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-02-07 17:26:41    477616    ----a-w-    C:\windows\SysWow64\npdeployJava1.dll
2013-02-07 17:26:41    473520    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-01-30 10:53:22    273840    ------w-    C:\windows\System32\MpSigStub.exe
2013-01-20 21:59:04    130008    ----a-w-    C:\windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09    2312704    ----a-w-    C:\windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2012-12-16 17:11:22    46080    ----a-w-    C:\windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16    441856    ----a-w-    C:\windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\windows\System32\wow64cpu.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\windows\System32\KernelBase.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\windows\System32\conhost.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-28 05:17:24    330240    ----a-w-    C:\windows\MASetupCaller.dll
2012-11-28 05:17:18    45320    ----a-w-    C:\windows\SysWow64\MAMACExtract.dll
2012-11-23 03:13:57    68608    ----a-w-    C:\windows\System32\taskhost.exe
2012-11-22 05:44:23    800768    ----a-w-    C:\windows\System32\usp10.dll
2012-11-22 04:45:03    626688    ----a-w-    C:\windows\SysWow64\usp10.dll
2012-11-20 05:48:49    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2012-11-20 04:51:09    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2006-05-03 18:06:54    163328    --sha-r-    C:\windows\SysWOW64\flvDX.dll
2007-02-21 19:47:16    31232    --sha-r-    C:\windows\SysWOW64\msfDX.dll
2008-03-16 21:30:52    216064    --sha-r-    C:\windows\SysWOW64\nbDX.dll
2010-01-07 06:00:00    107520    --sha-r-    C:\windows\SysWOW64\TAKDSDecoder.dll
.
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 21 February 2013 - 11:29 PM

Hi  Yukon_Jack

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior
 



#3 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada

Posted 22 February 2013 - 02:28 AM

Thank-you very much!!



#4 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 22 February 2013 - 09:27 AM


Hi Yukon_Jack. Welcome to Bleeping Computer.

Print out these instructions, or copy them to a Notepad file as you will lose internet access during this fix.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe  from Kaspersky's website and not TDSSKiller.zip which appears to be an older version of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Download Security Check by screen317 from  here or    here.
  • Save it to your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please include the TDSSKiller log and the Security Check log in your next reply.

White Warrior
 



#5 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 22 February 2013 - 11:51 AM

Hello, the TDDSSKiller did not show any threats but when I restarted my laptop, I had the same problem. After I paste the log from Security Check, I will also attach a print screen of what is happening.  About every 15 minutes a new "threat" according to malwarebytes pops up. I will attach 2 print screens. The second popup could not be displayed for some reason, but it usually refers to "making my computer faster" or something similar. 

 

Security Check Log:

 

 

 Results of screen317's Security Check version 0.99.59  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.6001)   
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Panda Cloud Cleaner   
 Java™ 6 Update 39  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.168  
 Adobe Reader XI  
 Google Chrome 24.0.1312.56  
 Google Chrome 24.0.1312.57  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#6 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada

Posted 22 February 2013 - 11:57 AM



#7 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 22 February 2013 - 12:04 PM



#8 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 22 February 2013 - 12:06 PM

This morning the culprit was the from the website below, but it seems to change every day. 

 

www DOT earth4energy DOT com   



#9 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 22 February 2013 - 12:07 PM

and I also have Adblock Plus and Adblock for chrome. This only started happening last week. 



#10 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 22 February 2013 - 12:25 PM

and here is another (aprox every 15 minutes they popup, sometimes malwarebytes blocks them but sometimes it does not (it maybe blocks 1 out of 3)

 

 



#11 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 22 February 2013 - 12:47 PM

and another one (15 min again as usual, you'll see the malwarebytes warning in the bottom right corner)

 

warning4_zpsf24de4a3.jpg


Edited by Yukon_Jack, 22 February 2013 - 12:48 PM.


#12 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 24 February 2013 - 08:38 AM


Hi Yukon_Jack.

That's good no rootkits, however, I need to see the TDSKiller log. Can you please copy and paste it in your next post.

Now, we need to run ComboFix.
Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Note: **Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Note: **If you get a message saying "Illegal operation attempted on a Registry Key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt, and the TDSKiller log in your next reply, and let me know how the computer is running now?

White Warrior
 



#13 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 24 February 2013 - 02:58 PM

Hello, I have included the two logs you requested. After my laptop was rebooted, I still had the popups. I am not sure but I think they may be redirect malware?

 

(TDSS)

 

 

09:52:45.0351 3496  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:52:46.0198 3496  ============================================================
09:52:46.0198 3496  Current date / time: 2013/02/24 09:52:46.0198
09:52:46.0198 3496  SystemInfo:
09:52:46.0198 3496  
09:52:46.0199 3496  OS Version: 6.1.7601 ServicePack: 1.0
09:52:46.0199 3496  Product type: Workstation
09:52:46.0199 3496  ComputerName: BEN-PC
09:52:46.0199 3496  UserName: lastofmykind
09:52:46.0199 3496  Windows directory: C:\windows
09:52:46.0199 3496  System windows directory: C:\windows
09:52:46.0199 3496  Running under WOW64
09:52:46.0199 3496  Processor architecture: Intel x64
09:52:46.0199 3496  Number of processors: 2
09:52:46.0199 3496  Page size: 0x1000
09:52:46.0200 3496  Boot type: Normal boot
09:52:46.0200 3496  ============================================================
09:52:53.0498 3496  Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:52:53.0510 3496  ============================================================
09:52:53.0510 3496  \Device\Harddisk0\DR0:
09:52:53.0511 3496  MBR partitions:
09:52:53.0511 3496  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2D115800
09:52:53.0511 3496  ============================================================
09:52:53.0597 3496  C: <-> \Device\Harddisk0\DR0\Partition1
09:52:53.0620 3496  ============================================================
09:52:53.0621 3496  Initialize success
09:52:53.0621 3496  ============================================================
09:53:38.0512 5436  ============================================================
09:53:38.0513 5436  Scan started
09:53:38.0513 5436  Mode: Manual; 
09:53:38.0513 5436  ============================================================
09:53:39.0457 5436  ================ Scan system memory ========================
09:53:39.0458 5436  System memory - ok
09:53:39.0459 5436  ================ Scan services =============================
09:53:39.0793 5436  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:53:39.0797 5436  !SASCORE - ok
09:53:40.0060 5436  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
09:53:40.0067 5436  1394ohci - ok
09:53:40.0123 5436  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
09:53:40.0131 5436  ACPI - ok
09:53:40.0157 5436  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
09:53:40.0188 5436  AcpiPmi - ok
09:53:40.0415 5436  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:53:40.0418 5436  AdobeARMservice - ok
09:53:40.0701 5436  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:53:40.0707 5436  AdobeFlashPlayerUpdateSvc - ok
09:53:40.0767 5436  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
09:53:40.0779 5436  adp94xx - ok
09:53:40.0817 5436  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
09:53:40.0825 5436  adpahci - ok
09:53:40.0950 5436  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
09:53:40.0956 5436  adpu320 - ok
09:53:41.0048 5436  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
09:53:41.0051 5436  AeLookupSvc - ok
09:53:41.0197 5436  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
09:53:41.0208 5436  AFD - ok
09:53:41.0269 5436  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
09:53:41.0293 5436  AgereSoftModem - ok
09:53:41.0349 5436  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
09:53:41.0353 5436  agp440 - ok
09:53:41.0440 5436  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
09:53:41.0444 5436  ALG - ok
09:53:41.0461 5436  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
09:53:41.0491 5436  aliide - ok
09:53:41.0577 5436  [ 98A2774D3F18C107874C8C1163EBE484 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
09:53:41.0582 5436  AMD External Events Utility - ok
09:53:41.0617 5436  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
09:53:41.0647 5436  amdide - ok
09:53:41.0694 5436  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
09:53:41.0697 5436  AmdK8 - ok
09:53:41.0734 5436  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
09:53:41.0737 5436  AmdPPM - ok
09:53:41.0790 5436  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
09:53:41.0795 5436  amdsata - ok
09:53:41.0838 5436  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
09:53:41.0845 5436  amdsbs - ok
09:53:41.0874 5436  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
09:53:41.0882 5436  amdxata - ok
09:53:41.0945 5436  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
09:53:41.0948 5436  AppID - ok
09:53:41.0993 5436  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
09:53:41.0996 5436  AppIDSvc - ok
09:53:42.0058 5436  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
09:53:42.0061 5436  Appinfo - ok
09:53:42.0208 5436  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:53:42.0211 5436  Apple Mobile Device - ok
09:53:42.0247 5436  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
09:53:42.0251 5436  arc - ok
09:53:42.0268 5436  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
09:53:42.0272 5436  arcsas - ok
09:53:42.0346 5436  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
09:53:42.0349 5436  AsyncMac - ok
09:53:42.0406 5436  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
09:53:42.0407 5436  atapi - ok
09:53:42.0713 5436  [ 173F4C05F87085E9BDA3F7037BC9F40E ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
09:53:42.0896 5436  atikmdag - ok
09:53:42.0965 5436  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\windows\system32\DRIVERS\AtiPcie.sys
09:53:42.0968 5436  AtiPcie - ok
09:53:43.0053 5436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:53:43.0067 5436  AudioEndpointBuilder - ok
09:53:43.0089 5436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
09:53:43.0100 5436  AudioSrv - ok
09:53:43.0159 5436  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
09:53:43.0164 5436  AxInstSV - ok
09:53:43.0213 5436  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
09:53:43.0225 5436  b06bdrv - ok
09:53:43.0250 5436  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
09:53:43.0257 5436  b57nd60a - ok
09:53:43.0299 5436  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
09:53:43.0303 5436  BDESVC - ok
09:53:43.0368 5436  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
09:53:43.0370 5436  Beep - ok
09:53:43.0445 5436  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
09:53:43.0460 5436  BFE - ok
09:53:43.0561 5436  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
09:53:43.0581 5436  BITS - ok
09:53:43.0644 5436  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
09:53:43.0647 5436  blbdrive - ok
09:53:43.0736 5436  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:53:43.0746 5436  Bonjour Service - ok
09:53:43.0837 5436  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
09:53:43.0840 5436  bowser - ok
09:53:43.0871 5436  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
09:53:43.0873 5436  BrFiltLo - ok
09:53:43.0910 5436  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
09:53:43.0912 5436  BrFiltUp - ok
09:53:43.0978 5436  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
09:53:43.0983 5436  Browser - ok
09:53:44.0013 5436  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
09:53:44.0021 5436  Brserid - ok
09:53:44.0042 5436  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
09:53:44.0044 5436  BrSerWdm - ok
09:53:44.0065 5436  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
09:53:44.0068 5436  BrUsbMdm - ok
09:53:44.0093 5436  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
09:53:44.0095 5436  BrUsbSer - ok
09:53:44.0108 5436  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
09:53:44.0113 5436  BTHMODEM - ok
09:53:44.0164 5436  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
09:53:44.0168 5436  bthserv - ok
09:53:44.0235 5436  [ 02D9FABF4EAB733A804477385B871E6D ] busenum         C:\windows\system32\DRIVERS\SteelBus64.sys
09:53:44.0240 5436  busenum - ok
09:53:44.0278 5436  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
09:53:44.0282 5436  cdfs - ok
09:53:44.0338 5436  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
09:53:44.0343 5436  cdrom - ok
09:53:44.0396 5436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
09:53:44.0399 5436  CertPropSvc - ok
09:53:44.0546 5436  [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
09:53:44.0552 5436  cfWiMAXService - ok
09:53:44.0589 5436  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
09:53:44.0592 5436  circlass - ok
09:53:44.0678 5436  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
09:53:44.0687 5436  CLFS - ok
09:53:44.0762 5436  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:53:44.0768 5436  clr_optimization_v2.0.50727_32 - ok
09:53:44.0850 5436  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:53:44.0855 5436  clr_optimization_v2.0.50727_64 - ok
09:53:44.0999 5436  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:53:45.0041 5436  clr_optimization_v4.0.30319_32 - ok
09:53:45.0101 5436  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:53:45.0106 5436  clr_optimization_v4.0.30319_64 - ok
09:53:45.0150 5436  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
09:53:45.0152 5436  CmBatt - ok
09:53:45.0175 5436  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
09:53:45.0177 5436  cmdide - ok
09:53:45.0250 5436  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
09:53:45.0261 5436  CNG - ok
09:53:45.0303 5436  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
09:53:45.0305 5436  Compbatt - ok
09:53:45.0363 5436  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
09:53:45.0366 5436  CompositeBus - ok
09:53:45.0376 5436  COMSysApp - ok
09:53:45.0435 5436  [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
09:53:45.0438 5436  ConfigFree Gadget Service - ok
09:53:45.0483 5436  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
09:53:45.0486 5436  ConfigFree Service - ok
09:53:45.0570 5436  cpuz136 - ok
09:53:45.0598 5436  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
09:53:45.0600 5436  crcdisk - ok
09:53:45.0665 5436  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
09:53:45.0670 5436  CryptSvc - ok
09:53:45.0748 5436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
09:53:45.0762 5436  DcomLaunch - ok
09:53:45.0805 5436  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
09:53:45.0813 5436  defragsvc - ok
09:53:45.0896 5436  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
09:53:45.0900 5436  DfsC - ok
09:53:45.0977 5436  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
09:53:45.0981 5436  dg_ssudbus - ok
09:53:46.0049 5436  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
09:53:46.0057 5436  Dhcp - ok
09:53:46.0090 5436  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
09:53:46.0092 5436  discache - ok
09:53:46.0131 5436  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
09:53:46.0134 5436  Disk - ok
09:53:46.0194 5436  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
09:53:46.0200 5436  Dnscache - ok
09:53:46.0264 5436  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
09:53:46.0271 5436  dot3svc - ok
09:53:46.0338 5436  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
09:53:46.0342 5436  Dot4 - ok
09:53:46.0430 5436  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
09:53:46.0432 5436  Dot4Print - ok
09:53:46.0487 5436  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
09:53:46.0490 5436  dot4usb - ok
09:53:46.0545 5436  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
09:53:46.0550 5436  DPS - ok
09:53:46.0588 5436  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
09:53:46.0590 5436  drmkaud - ok
09:53:46.0705 5436  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
09:53:46.0725 5436  DXGKrnl - ok
09:53:46.0767 5436  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
09:53:46.0772 5436  EapHost - ok
09:53:46.0922 5436  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
09:53:47.0058 5436  ebdrv - ok
09:53:47.0125 5436  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
09:53:47.0128 5436  EFS - ok
09:53:47.0166 5436  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
09:53:47.0178 5436  elxstor - ok
09:53:47.0197 5436  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
09:53:47.0199 5436  ErrDev - ok
09:53:47.0260 5436  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
09:53:47.0271 5436  EventSystem - ok
09:53:47.0301 5436  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
09:53:47.0307 5436  exfat - ok
09:53:47.0361 5436  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
09:53:47.0367 5436  fastfat - ok
09:53:47.0455 5436  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
09:53:47.0470 5436  Fax - ok
09:53:47.0497 5436  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
09:53:47.0499 5436  fdc - ok
09:53:47.0525 5436  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
09:53:47.0528 5436  fdPHost - ok
09:53:47.0540 5436  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
09:53:47.0543 5436  FDResPub - ok
09:53:47.0586 5436  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
09:53:47.0590 5436  FileInfo - ok
09:53:47.0607 5436  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
09:53:47.0610 5436  Filetrace - ok
09:53:47.0634 5436  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
09:53:47.0636 5436  flpydisk - ok
09:53:47.0715 5436  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
09:53:47.0723 5436  FltMgr - ok
09:53:47.0815 5436  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
09:53:47.0840 5436  FontCache - ok
09:53:47.0938 5436  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:53:47.0941 5436  FontCache3.0.0.0 - ok
09:53:47.0990 5436  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
09:53:47.0993 5436  FsDepends - ok
09:53:48.0053 5436  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
09:53:48.0056 5436  fssfltr - ok
09:53:48.0150 5436  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:53:48.0241 5436  fsssvc - ok
09:53:48.0343 5436  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
09:53:48.0410 5436  Fs_Rec - ok
09:53:48.0528 5436  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
09:53:48.0534 5436  fvevol - ok
09:53:48.0582 5436  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
09:53:48.0585 5436  gagp30kx - ok
09:53:48.0677 5436  [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
09:53:48.0685 5436  GameConsoleService - ok
09:53:48.0757 5436  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:53:48.0760 5436  GEARAspiWDM - ok
09:53:48.0844 5436  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
09:53:48.0861 5436  gpsvc - ok
09:53:49.0030 5436  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:53:49.0034 5436  gupdate - ok
09:53:49.0056 5436  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:53:49.0059 5436  gupdatem - ok
09:53:49.0097 5436  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
09:53:49.0100 5436  hcw85cir - ok
09:53:49.0168 5436  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:53:49.0177 5436  HdAudAddService - ok
09:53:49.0207 5436  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
09:53:49.0212 5436  HDAudBus - ok
09:53:49.0250 5436  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
09:53:49.0252 5436  HidBatt - ok
09:53:49.0272 5436  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
09:53:49.0276 5436  HidBth - ok
09:53:49.0304 5436  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
09:53:49.0314 5436  HidIr - ok
09:53:49.0347 5436  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
09:53:49.0351 5436  hidserv - ok
09:53:49.0400 5436  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
09:53:49.0403 5436  HidUsb - ok
09:53:49.0467 5436  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
09:53:49.0506 5436  hkmsvc - ok
09:53:49.0726 5436  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:53:49.0734 5436  HomeGroupListener - ok
09:53:49.0796 5436  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:53:49.0803 5436  HomeGroupProvider - ok
09:53:49.0997 5436  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
09:53:50.0003 5436  hpqcxs08 - ok
09:53:50.0029 5436  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
09:53:50.0033 5436  hpqddsvc - ok
09:53:50.0100 5436  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
09:53:50.0104 5436  HpSAMD - ok
09:53:50.0184 5436  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
09:53:50.0199 5436  HTTP - ok
09:53:50.0256 5436  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
09:53:50.0258 5436  hwpolicy - ok
09:53:50.0324 5436  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
09:53:50.0328 5436  i8042prt - ok
09:53:50.0377 5436  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
09:53:50.0410 5436  iaStorV - ok
09:53:50.0510 5436  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:53:50.0529 5436  idsvc - ok
09:53:50.0568 5436  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
09:53:50.0571 5436  iirsp - ok
09:53:50.0691 5436  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
09:53:50.0709 5436  IKEEXT - ok
09:53:50.0872 5436  [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
09:53:50.0911 5436  IntcAzAudAddService - ok
09:53:50.0971 5436  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
09:53:50.0973 5436  intelide - ok
09:53:51.0004 5436  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
09:53:51.0007 5436  intelppm - ok
09:53:51.0042 5436  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
09:53:51.0048 5436  IPBusEnum - ok
09:53:51.0111 5436  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
09:53:51.0114 5436  IpFilterDriver - ok
09:53:51.0194 5436  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
09:53:51.0208 5436  iphlpsvc - ok
09:53:51.0274 5436  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
09:53:51.0277 5436  IPMIDRV - ok
09:53:51.0321 5436  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
09:53:51.0325 5436  IPNAT - ok
09:53:51.0412 5436  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:53:51.0425 5436  iPod Service - ok
09:53:51.0520 5436  [ 02DEF37AB75E0032C50724646F708DE8 ] iPodDrv         C:\windows\system32\drivers\iPodDrv.sys
09:53:51.0550 5436  iPodDrv - ok
09:53:51.0582 5436  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
09:53:51.0585 5436  IRENUM - ok
09:53:51.0603 5436  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
09:53:51.0606 5436  isapnp - ok
09:53:51.0664 5436  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
09:53:51.0672 5436  iScsiPrt - ok
09:53:51.0713 5436  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
09:53:51.0716 5436  kbdclass - ok
09:53:51.0782 5436  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
09:53:51.0785 5436  kbdhid - ok
09:53:51.0804 5436  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
09:53:51.0807 5436  KeyIso - ok
09:53:51.0867 5436  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
09:53:51.0871 5436  KSecDD - ok
09:53:51.0932 5436  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
09:53:51.0937 5436  KSecPkg - ok
09:53:51.0989 5436  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
09:53:51.0991 5436  ksthunk - ok
09:53:52.0036 5436  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
09:53:52.0047 5436  KtmRm - ok
09:53:52.0135 5436  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
09:53:52.0144 5436  LanmanServer - ok
09:53:52.0202 5436  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:53:52.0211 5436  LanmanWorkstation - ok
09:53:52.0308 5436  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
09:53:52.0311 5436  lltdio - ok
09:53:52.0348 5436  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
09:53:52.0358 5436  lltdsvc - ok
09:53:52.0376 5436  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
09:53:52.0379 5436  lmhosts - ok
09:53:52.0444 5436  [ 16679269303613C4CE7C8FF03413410F ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
09:53:52.0447 5436  LPCFilter - ok
09:53:52.0479 5436  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
09:53:52.0483 5436  LSI_FC - ok
09:53:52.0524 5436  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
09:53:52.0528 5436  LSI_SAS - ok
09:53:52.0539 5436  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
09:53:52.0542 5436  LSI_SAS2 - ok
09:53:52.0558 5436  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
09:53:52.0563 5436  LSI_SCSI - ok
09:53:52.0616 5436  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
09:53:52.0621 5436  luafv - ok
09:53:52.0700 5436  [ 9DB17B1DD76CF0FD0BB3DA5F1DA078C2 ] LxrSII1d        C:\windows\System32\Drivers\LxrSII1d.sys
09:53:52.0732 5436  LxrSII1d - ok
09:53:52.0743 5436  LxrSII1s - ok
09:53:52.0814 5436  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
09:53:52.0817 5436  MBAMProtector - ok
09:53:52.0935 5436  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:53:52.0944 5436  MBAMScheduler - ok
09:53:52.0978 5436  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:53:52.0993 5436  MBAMService - ok
09:53:53.0034 5436  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
09:53:53.0037 5436  megasas - ok
09:53:53.0068 5436  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
09:53:53.0075 5436  MegaSR - ok
09:53:53.0193 5436  Microsoft SharePoint Workspace Audit Service - ok
09:53:53.0236 5436  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
09:53:53.0241 5436  MMCSS - ok
09:53:53.0273 5436  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
09:53:53.0276 5436  Modem - ok
09:53:53.0331 5436  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
09:53:53.0334 5436  monitor - ok
09:53:53.0395 5436  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
09:53:53.0398 5436  mouclass - ok
09:53:53.0435 5436  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
09:53:53.0438 5436  mouhid - ok
09:53:53.0493 5436  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
09:53:53.0496 5436  mountmgr - ok
09:53:53.0583 5436  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
09:53:53.0589 5436  MpFilter - ok
09:53:53.0655 5436  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
09:53:53.0660 5436  mpio - ok
09:53:53.0702 5436  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
09:53:53.0706 5436  mpsdrv - ok
09:53:53.0790 5436  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
09:53:53.0810 5436  MpsSvc - ok
09:53:53.0887 5436  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
09:53:53.0895 5436  MRxDAV - ok
09:53:53.0972 5436  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
09:53:53.0978 5436  mrxsmb - ok
09:53:54.0070 5436  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
09:53:54.0077 5436  mrxsmb10 - ok
09:53:54.0172 5436  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
09:53:54.0177 5436  mrxsmb20 - ok
09:53:54.0242 5436  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
09:53:54.0245 5436  msahci - ok
09:53:54.0277 5436  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
09:53:54.0281 5436  msdsm - ok
09:53:54.0326 5436  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
09:53:54.0333 5436  MSDTC - ok
09:53:54.0407 5436  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
09:53:54.0410 5436  Msfs - ok
09:53:54.0427 5436  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
09:53:54.0429 5436  mshidkmdf - ok
09:53:54.0487 5436  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
09:53:54.0490 5436  msisadrv - ok
09:53:54.0534 5436  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
09:53:54.0541 5436  MSiSCSI - ok
09:53:54.0550 5436  msiserver - ok
09:53:54.0598 5436  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
09:53:54.0600 5436  MSKSSRV - ok
09:53:54.0747 5436  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:53:54.0748 5436  MsMpSvc - ok
09:53:54.0776 5436  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
09:53:54.0778 5436  MSPCLOCK - ok
09:53:54.0796 5436  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
09:53:54.0798 5436  MSPQM - ok
09:53:54.0861 5436  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
09:53:54.0870 5436  MsRPC - ok
09:53:54.0939 5436  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
09:53:54.0942 5436  mssmbios - ok
09:53:54.0974 5436  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
09:53:54.0977 5436  MSTEE - ok
09:53:55.0004 5436  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
09:53:55.0006 5436  MTConfig - ok
09:53:55.0043 5436  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
09:53:55.0046 5436  Mup - ok
09:53:55.0117 5436  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
09:53:55.0130 5436  napagent - ok
09:53:55.0180 5436  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
09:53:55.0188 5436  NativeWifiP - ok
09:53:55.0272 5436  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
09:53:55.0291 5436  NDIS - ok
09:53:55.0326 5436  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
09:53:55.0329 5436  NdisCap - ok
09:53:55.0345 5436  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
09:53:55.0347 5436  NdisTapi - ok
09:53:55.0417 5436  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
09:53:55.0420 5436  Ndisuio - ok
09:53:55.0487 5436  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
09:53:55.0492 5436  NdisWan - ok
09:53:55.0550 5436  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
09:53:55.0553 5436  NDProxy - ok
09:53:55.0668 5436  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:53:55.0673 5436  Net Driver HPZ12 - ok
09:53:55.0726 5436  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
09:53:55.0729 5436  NetBIOS - ok
09:53:55.0785 5436  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
09:53:55.0791 5436  NetBT - ok
09:53:55.0815 5436  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
09:53:55.0818 5436  Netlogon - ok
09:53:55.0864 5436  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
09:53:55.0874 5436  Netman - ok
09:53:55.0935 5436  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
09:53:55.0947 5436  netprofm - ok
09:53:55.0981 5436  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:53:55.0985 5436  NetTcpPortSharing - ok
09:53:56.0046 5436  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
09:53:56.0050 5436  nfrd960 - ok
09:53:56.0121 5436  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
09:53:56.0125 5436  NisDrv - ok
09:53:56.0216 5436  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
09:53:56.0224 5436  NisSrv - ok
09:53:56.0258 5436  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
09:53:56.0269 5436  NlaSvc - ok
09:53:56.0318 5436  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
09:53:56.0321 5436  Npfs - ok
09:53:56.0350 5436  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
09:53:56.0355 5436  nsi - ok
09:53:56.0386 5436  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
09:53:56.0388 5436  nsiproxy - ok
09:53:56.0504 5436  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
09:53:56.0537 5436  Ntfs - ok
09:53:56.0586 5436  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
09:53:56.0588 5436  Null - ok
09:53:56.0618 5436  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
09:53:56.0622 5436  nvraid - ok
09:53:56.0691 5436  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
09:53:56.0697 5436  nvstor - ok
09:53:56.0726 5436  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
09:53:56.0730 5436  nv_agp - ok
09:53:56.0756 5436  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
09:53:56.0781 5436  ohci1394 - ok
09:53:56.0876 5436  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:53:56.0881 5436  ose - ok
09:53:57.0100 5436  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:53:57.0313 5436  osppsvc - ok
09:53:57.0370 5436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
09:53:57.0381 5436  p2pimsvc - ok
09:53:57.0412 5436  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
09:53:57.0425 5436  p2psvc - ok
09:53:57.0468 5436  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
09:53:57.0473 5436  Parport - ok
09:53:57.0557 5436  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
09:53:57.0560 5436  partmgr - ok
09:53:57.0601 5436  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
09:53:57.0609 5436  PcaSvc - ok
09:53:57.0678 5436  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
09:53:57.0683 5436  pci - ok
09:53:57.0708 5436  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
09:53:57.0711 5436  pciide - ok
09:53:57.0754 5436  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
09:53:57.0760 5436  pcmcia - ok
09:53:57.0787 5436  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
09:53:57.0790 5436  pcw - ok
09:53:57.0832 5436  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
09:53:57.0846 5436  PEAUTH - ok
09:53:57.0945 5436  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
09:53:57.0950 5436  PerfHost - ok
09:53:58.0030 5436  [ 663962900E7FEA522126BA287715BB4A ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
09:53:58.0033 5436  PGEffect - ok
09:53:58.0125 5436  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
09:53:58.0156 5436  pla - ok
09:53:58.0224 5436  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
09:53:58.0237 5436  PlugPlay - ok
09:53:58.0330 5436  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:53:58.0336 5436  Pml Driver HPZ12 - ok
09:53:58.0364 5436  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
09:53:58.0369 5436  PNRPAutoReg - ok
09:53:58.0403 5436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
09:53:58.0412 5436  PNRPsvc - ok
09:53:58.0488 5436  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
09:53:58.0503 5436  PolicyAgent - ok
09:53:58.0543 5436  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
09:53:58.0551 5436  Power - ok
09:53:58.0608 5436  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
09:53:58.0612 5436  PptpMiniport - ok
09:53:58.0654 5436  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
09:53:58.0658 5436  Processor - ok
09:53:58.0748 5436  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
09:53:58.0756 5436  ProfSvc - ok
09:53:58.0771 5436  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
09:53:58.0774 5436  ProtectedStorage - ok
09:53:58.0843 5436  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
09:53:58.0847 5436  Psched - ok
09:53:58.0929 5436  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\windows\system32\DRIVERS\psi_mf.sys
09:53:58.0963 5436  PSI - ok
09:53:59.0035 5436  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
09:53:59.0065 5436  ql2300 - ok
09:53:59.0125 5436  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
09:53:59.0130 5436  ql40xx - ok
09:53:59.0178 5436  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
09:53:59.0188 5436  QWAVE - ok
09:53:59.0204 5436  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
09:53:59.0207 5436  QWAVEdrv - ok
09:53:59.0234 5436  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
09:53:59.0238 5436  RasAcd - ok
09:53:59.0277 5436  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
09:53:59.0280 5436  RasAgileVpn - ok
09:53:59.0318 5436  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
09:53:59.0325 5436  RasAuto - ok
09:53:59.0394 5436  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
09:53:59.0399 5436  Rasl2tp - ok
09:53:59.0464 5436  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
09:53:59.0476 5436  RasMan - ok
09:53:59.0502 5436  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
09:53:59.0506 5436  RasPppoe - ok
09:53:59.0521 5436  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
09:53:59.0524 5436  RasSstp - ok
09:53:59.0611 5436  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
09:53:59.0619 5436  rdbss - ok
09:53:59.0653 5436  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
09:53:59.0659 5436  rdpbus - ok
09:53:59.0690 5436  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
09:53:59.0693 5436  RDPCDD - ok
09:53:59.0727 5436  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
09:53:59.0729 5436  RDPENCDD - ok
09:53:59.0775 5436  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
09:53:59.0776 5436  RDPREFMP - ok
09:54:00.0281 5436  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
09:54:00.0284 5436  RdpVideoMiniport - ok
09:54:00.0338 5436  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
09:54:00.0344 5436  RDPWD - ok
09:54:00.0408 5436  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
09:54:00.0414 5436  rdyboost - ok
09:54:00.0448 5436  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
09:54:00.0455 5436  RemoteAccess - ok
09:54:00.0486 5436  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
09:54:00.0494 5436  RemoteRegistry - ok
09:54:00.0511 5436  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
09:54:00.0517 5436  RpcEptMapper - ok
09:54:00.0553 5436  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
09:54:00.0558 5436  RpcLocator - ok
09:54:00.0628 5436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
09:54:00.0639 5436  RpcSs - ok
09:54:00.0687 5436  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
09:54:00.0691 5436  rspndr - ok
09:54:00.0775 5436  [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
09:54:00.0781 5436  RSUSBSTOR - ok
09:54:00.0855 5436  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
09:54:00.0861 5436  RTL8167 - ok
09:54:00.0966 5436  [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] rtl8192se       C:\windows\system32\DRIVERS\rtl8192se.sys
09:54:00.0989 5436  rtl8192se - ok
09:54:01.0009 5436  RtsUIR - ok
09:54:01.0038 5436  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
09:54:01.0042 5436  SamSs - ok
09:54:01.0112 5436  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:54:01.0114 5436  SASDIFSV - ok
09:54:01.0155 5436  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:54:01.0157 5436  SASKUTIL - ok
09:54:01.0215 5436  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
09:54:01.0220 5436  sbp2port - ok
09:54:01.0257 5436  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
09:54:01.0265 5436  SCardSvr - ok
09:54:01.0324 5436  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
09:54:01.0327 5436  scfilter - ok
09:54:01.0436 5436  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
09:54:01.0462 5436  Schedule - ok
09:54:01.0521 5436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
09:54:01.0523 5436  SCPolicySvc - ok
09:54:01.0593 5436  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
09:54:01.0601 5436  SDRSVC - ok
09:54:01.0633 5436  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
09:54:01.0636 5436  secdrv - ok
09:54:01.0690 5436  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
09:54:01.0696 5436  seclogon - ok
09:54:01.0829 5436  [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
09:54:02.0402 5436  Secunia PSI Agent - ok
09:54:02.0490 5436  [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
09:54:02.0845 5436  Secunia Update Agent - ok
09:54:02.0903 5436  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
09:54:02.0908 5436  SENS - ok
09:54:02.0929 5436  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
09:54:02.0934 5436  SensrSvc - ok
09:54:02.0958 5436  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
09:54:02.0961 5436  Serenum - ok
09:54:02.0999 5436  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
09:54:03.0003 5436  Serial - ok
09:54:03.0023 5436  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
09:54:03.0025 5436  sermouse - ok
09:54:03.0107 5436  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
09:54:03.0113 5436  SessionEnv - ok
09:54:03.0176 5436  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
09:54:03.0178 5436  sffdisk - ok
09:54:03.0204 5436  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
09:54:03.0207 5436  sffp_mmc - ok
09:54:03.0227 5436  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
09:54:03.0230 5436  sffp_sd - ok
09:54:03.0263 5436  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
09:54:03.0265 5436  sfloppy - ok
09:54:03.0325 5436  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
09:54:03.0335 5436  SharedAccess - ok
09:54:03.0410 5436  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:54:03.0421 5436  ShellHWDetection - ok
09:54:03.0461 5436  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
09:54:03.0464 5436  SiSRaid2 - ok
09:54:03.0491 5436  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
09:54:03.0495 5436  SiSRaid4 - ok
09:54:03.0581 5436  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:54:03.0586 5436  SkypeUpdate - ok
09:54:03.0709 5436  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
09:54:03.0754 5436  Smb - ok
09:54:03.0907 5436  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
09:54:03.0986 5436  SNMPTRAP - ok
09:54:04.0003 5436  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
09:54:04.0006 5436  spldr - ok
09:54:04.0082 5436  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
09:54:04.0098 5436  Spooler - ok
09:54:04.0255 5436  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
09:54:04.0373 5436  sppsvc - ok
09:54:04.0425 5436  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
09:54:04.0433 5436  sppuinotify - ok
09:54:04.0525 5436  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
09:54:04.0538 5436  srv - ok
09:54:04.0611 5436  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
09:54:04.0621 5436  srv2 - ok
09:54:04.0701 5436  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
09:54:04.0706 5436  srvnet - ok
09:54:04.0749 5436  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
09:54:04.0758 5436  SSDPSRV - ok
09:54:04.0785 5436  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
09:54:04.0791 5436  SstpSvc - ok
09:54:04.0875 5436  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
09:54:04.0882 5436  ssudmdm - ok
09:54:04.0913 5436  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
09:54:04.0917 5436  stexstor - ok
09:54:05.0017 5436  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
09:54:05.0035 5436  stisvc - ok
09:54:05.0105 5436  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
09:54:05.0109 5436  swenum - ok
09:54:05.0171 5436  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
09:54:05.0187 5436  swprv - ok
09:54:05.0266 5436  [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
09:54:05.0274 5436  SynTP - ok
09:54:05.0398 5436  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
09:54:05.0438 5436  SysMain - ok
09:54:05.0522 5436  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
09:54:05.0529 5436  TabletInputService - ok
09:54:05.0555 5436  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
09:54:05.0567 5436  TapiSrv - ok
09:54:05.0600 5436  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
09:54:05.0607 5436  TBS - ok
09:54:05.0729 5436  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
09:54:05.0769 5436  Tcpip - ok
09:54:05.0826 5436  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
09:54:05.0857 5436  TCPIP6 - ok
09:54:05.0931 5436  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
09:54:05.0935 5436  tcpipreg - ok
09:54:06.0027 5436  Tcpz-x64 - ok
09:54:06.0085 5436  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
09:54:06.0089 5436  tdcmdpst - ok
09:54:06.0112 5436  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
09:54:06.0115 5436  TDPIPE - ok
09:54:06.0178 5436  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
09:54:06.0181 5436  TDTCP - ok
09:54:06.0252 5436  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
09:54:06.0257 5436  tdx - ok
09:54:06.0308 5436  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
09:54:06.0312 5436  TermDD - ok
09:54:06.0403 5436  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
09:54:06.0421 5436  TermService - ok
09:54:06.0457 5436  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
09:54:06.0463 5436  Themes - ok
09:54:06.0482 5436  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
09:54:06.0488 5436  THREADORDER - ok
09:54:06.0614 5436  [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
09:54:06.0617 5436  TMachInfo - ok
09:54:06.0682 5436  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\windows\system32\TODDSrv.exe
09:54:06.0689 5436  TODDSrv - ok
09:54:06.0824 5436  [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
09:54:06.0835 5436  TosCoSrv - ok
09:54:06.0934 5436  [ 32FF64D06A91DAA0331C624AFF442679 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
09:54:06.0939 5436  TOSHIBA eco Utility Service - ok
09:54:07.0008 5436  [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
09:54:07.0013 5436  TOSHIBA HDD SSD Alert Service - ok
09:54:07.0092 5436  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
09:54:07.0104 5436  tos_sps64 - ok
09:54:07.0192 5436  [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
09:54:07.0210 5436  TPCHSrv - ok
09:54:07.0245 5436  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
09:54:07.0253 5436  TrkWks - ok
09:54:07.0348 5436  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:54:07.0352 5436  TrustedInstaller - ok
09:54:07.0415 5436  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
09:54:07.0418 5436  tssecsrv - ok
09:54:07.0499 5436  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
09:54:07.0503 5436  TsUsbFlt - ok
09:54:07.0571 5436  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
09:54:07.0576 5436  tunnel - ok
09:54:07.0640 5436  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
09:54:07.0644 5436  TVALZ - ok
09:54:07.0707 5436  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
09:54:07.0710 5436  TVALZFL - ok
09:54:07.0740 5436  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
09:54:07.0747 5436  uagp35 - ok
09:54:07.0823 5436  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
09:54:07.0833 5436  udfs - ok
09:54:07.0889 5436  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
09:54:07.0898 5436  UI0Detect - ok
09:54:07.0924 5436  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
09:54:07.0927 5436  uliagpkx - ok
09:54:07.0995 5436  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\drivers\umbus.sys
09:54:07.0999 5436  umbus - ok
09:54:08.0059 5436  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
09:54:08.0062 5436  UmPass - ok
09:54:08.0168 5436  [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
09:54:08.0192 5436  UnlockerDriver5 - ok
09:54:08.0236 5436  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
09:54:08.0250 5436  upnphost - ok
09:54:08.0326 5436  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
09:54:08.0330 5436  USBAAPL64 - ok
09:54:08.0420 5436  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
09:54:08.0425 5436  usbaudio - ok
09:54:08.0458 5436  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
09:54:08.0463 5436  usbccgp - ok
09:54:08.0484 5436  USBCCID - ok
09:54:08.0547 5436  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
09:54:08.0552 5436  usbcir - ok
09:54:08.0585 5436  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
09:54:08.0589 5436  usbehci - ok
09:54:08.0637 5436  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
09:54:08.0646 5436  usbhub - ok
09:54:08.0834 5436  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
09:54:08.0838 5436  usbohci - ok
09:54:08.0882 5436  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
09:54:08.0885 5436  usbprint - ok
09:54:08.0914 5436  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
09:54:08.0919 5436  USBSTOR - ok
09:54:08.0969 5436  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
09:54:08.0973 5436  usbuhci - ok
09:54:09.0047 5436  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
09:54:09.0053 5436  usbvideo - ok
09:54:09.0089 5436  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
09:54:09.0095 5436  UxSms - ok
09:54:09.0118 5436  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
09:54:09.0121 5436  VaultSvc - ok
09:54:09.0196 5436  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
09:54:09.0200 5436  vdrvroot - ok
09:54:09.0277 5436  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
09:54:09.0294 5436  vds - ok
09:54:09.0342 5436  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
09:54:09.0346 5436  vga - ok
09:54:09.0369 5436  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
09:54:09.0372 5436  VgaSave - ok
09:54:09.0442 5436  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
09:54:09.0448 5436  vhdmp - ok
09:54:09.0481 5436  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
09:54:09.0484 5436  viaide - ok
09:54:09.0504 5436  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
09:54:09.0508 5436  volmgr - ok
09:54:09.0587 5436  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
09:54:09.0596 5436  volmgrx - ok
09:54:09.0670 5436  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
09:54:09.0678 5436  volsnap - ok
09:54:09.0724 5436  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
09:54:09.0731 5436  vsmraid - ok
09:54:09.0839 5436  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
09:54:09.0876 5436  VSS - ok
09:54:09.0900 5436  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
09:54:09.0903 5436  vwifibus - ok
09:54:09.0979 5436  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
09:54:09.0982 5436  vwififlt - ok
09:54:10.0083 5436  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
09:54:10.0087 5436  vwifimp - ok
09:54:10.0134 5436  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
09:54:10.0147 5436  W32Time - ok
09:54:10.0178 5436  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
09:54:10.0181 5436  WacomPen - ok
09:54:10.0242 5436  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
09:54:10.0247 5436  WANARP - ok
09:54:10.0257 5436  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
09:54:10.0261 5436  Wanarpv6 - ok
09:54:10.0378 5436  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
09:54:10.0406 5436  WatAdminSvc - ok
09:54:10.0534 5436  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
09:54:10.0570 5436  wbengine - ok
09:54:10.0621 5436  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
09:54:10.0631 5436  WbioSrvc - ok
09:54:10.0707 5436  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
09:54:10.0720 5436  wcncsvc - ok
09:54:10.0754 5436  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:54:10.0761 5436  WcsPlugInService - ok
09:54:10.0798 5436  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
09:54:10.0801 5436  Wd - ok
09:54:10.0881 5436  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
09:54:10.0901 5436  Wdf01000 - ok
09:54:10.0941 5436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
09:54:10.0949 5436  WdiServiceHost - ok
09:54:10.0971 5436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
09:54:10.0977 5436  WdiSystemHost - ok
09:54:11.0051 5436  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
09:54:11.0062 5436  WebClient - ok
09:54:11.0109 5436  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
09:54:11.0120 5436  Wecsvc - ok
09:54:11.0140 5436  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
09:54:11.0148 5436  wercplsupport - ok
09:54:11.0174 5436  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
09:54:11.0181 5436  WerSvc - ok
09:54:11.0198 5436  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
09:54:11.0201 5436  WfpLwf - ok
09:54:11.0232 5436  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
09:54:11.0235 5436  WIMMount - ok
09:54:11.0270 5436  WinDefend - ok
09:54:11.0286 5436  WinHttpAutoProxySvc - ok
09:54:11.0364 5436  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
09:54:11.0371 5436  Winmgmt - ok
09:54:11.0483 5436  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
09:54:11.0529 5436  WinRM - ok
09:54:11.0621 5436  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
09:54:11.0625 5436  WinUsb - ok
09:54:11.0691 5436  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
09:54:11.0713 5436  Wlansvc - ok
09:54:11.0931 5436  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:54:11.0978 5436  wlidsvc - ok
09:54:12.0036 5436  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
09:54:12.0039 5436  WmiAcpi - ok
09:54:12.0080 5436  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
09:54:12.0088 5436  wmiApSrv - ok
09:54:12.0312 5436  WMPNetworkSvc - ok
09:54:12.0379 5436  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
09:54:12.0387 5436  WPCSvc - ok
09:54:12.0443 5436  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
09:54:12.0452 5436  WPDBusEnum - ok
09:54:12.0518 5436  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
09:54:12.0521 5436  ws2ifsl - ok
09:54:12.0651 5436  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudioDevice_383S(1) C:\windows\system32\drivers\WsAudioDevice_383S(1).sys
09:54:12.0685 5436  WsAudioDevice_383S(1) - ok
09:54:12.0752 5436  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
09:54:12.0760 5436  wscsvc - ok
09:54:12.0813 5436  WSearch - ok
09:54:12.0947 5436  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
09:54:13.0000 5436  wuauserv - ok
09:54:13.0068 5436  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
09:54:13.0073 5436  WudfPf - ok
09:54:13.0103 5436  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
09:54:13.0110 5436  WUDFRd - ok
09:54:13.0143 5436  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
09:54:13.0151 5436  wudfsvc - ok
09:54:13.0190 5436  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
09:54:13.0225 5436  WwanSvc - ok
09:54:13.0390 5436  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:54:13.0402 5436  YahooAUService - ok
09:54:13.0425 5436  ================ Scan global ===============================
09:54:13.0458 5436  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
09:54:13.0527 5436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
09:54:13.0554 5436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
09:54:13.0588 5436  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
09:54:13.0629 5436  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
09:54:13.0641 5436  [Global] - ok
09:54:13.0642 5436  ================ Scan MBR ==================================
09:54:13.0655 5436  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
09:54:14.0016 5436  \Device\Harddisk0\DR0 - ok
09:54:14.0017 5436  ================ Scan VBR ==================================
09:54:14.0042 5436  [ 20A47391D99A891E342C7E417E6A3C6F ] \Device\Harddisk0\DR0\Partition1
09:54:14.0045 5436  \Device\Harddisk0\DR0\Partition1 - ok
09:54:14.0046 5436  ============================================================
09:54:14.0046 5436  Scan finished
09:54:14.0046 5436  ============================================================
09:54:14.0080 7124  Detected object count: 0
09:54:14.0080 7124  Actual detected object count: 0
 
 
(Combofix)
 
ComboFix 13-02-24.01 - lastofmykind 24/02/2013  10:23:52.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.2814.1017 [GMT -6:00]
Running from: c:\users\lastofmykind\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\_ctypes.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\_elementtree.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\_hashlib.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\_socket.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\_ssl.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\pyexpat.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\pysqlite2._sqlite.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\python26.dll
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\pythoncom26.dll
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\PyWinTypes26.dll
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\select.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\unicodedata.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32api.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32com.shell.shell.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32crypt.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32event.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32file.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32inet.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32pdh.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32process.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32profile.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32security.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\win32ts.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\windows._cacheinvalidation.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wx._controls_.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wx._core_.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wx._gdi_.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wx._html2.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wx._misc_.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wx._windows_.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wx._wizard.pyd
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wxbase293u_net_vc.dll
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wxbase293u_vc.dll
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wxmsw293u_adv_vc.dll
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wxmsw293u_core_vc.dll
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wxmsw293u_html_vc.dll
c:\users\LASTOF~1\AppData\Local\Temp\_MEI32882\wxmsw293u_webview_vc.dll
c:\users\LASTOF~1\AppData\Local\Temp\34d80461-26c7-4268-b914-6f5055c6a1d2\CliSecureRT64.dll
c:\users\lastofmykind\AppData\Local\assembly\tmp
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\_ctypes.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\_elementtree.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\_hashlib.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\_socket.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\_ssl.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\pyexpat.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\pysqlite2._sqlite.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\python26.dll
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\pythoncom26.dll
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\PyWinTypes26.dll
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\select.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\unicodedata.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32api.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32com.shell.shell.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32crypt.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32event.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32file.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32inet.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32pdh.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32process.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32profile.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32security.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\win32ts.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\windows._cacheinvalidation.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wx._controls_.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wx._core_.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wx._gdi_.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wx._html2.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wx._misc_.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wx._windows_.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wx._wizard.pyd
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wxbase293u_net_vc.dll
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wxbase293u_vc.dll
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wxmsw293u_adv_vc.dll
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wxmsw293u_core_vc.dll
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wxmsw293u_html_vc.dll
c:\users\lastofmykind\AppData\Local\Temp\_MEI32882\wxmsw293u_webview_vc.dll
c:\users\lastofmykind\AppData\Local\Temp\34d80461-26c7-4268-b914-6f5055c6a1d2\CliSecureRT64.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\zip32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-24 to 2013-02-24  )))))))))))))))))))))))))))))))
.
.
2013-02-21 15:14 . 2013-02-21 15:14    --------    d-----w-    c:\program files\iPod
2013-02-21 15:14 . 2013-02-21 15:17    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-21 15:14 . 2013-02-21 15:16    --------    d-----w-    c:\program files\iTunes
2013-02-15 22:04 . 2013-02-15 22:04    208448    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 20:24 . 2013-02-15 20:24    --------    d-----w-    c:\program files (x86)\Panda Security
2013-02-15 01:57 . 2013-02-15 01:57    --------    d-----w-    c:\program files (x86)\ESET
2013-02-14 20:32 . 2013-02-14 20:32    --------    d-----w-    c:\users\lastofmykind\AppData\Roaming\Malwarebytes
2013-02-14 20:32 . 2013-02-14 20:32    --------    d-----w-    c:\programdata\Malwarebytes
2013-02-14 20:32 . 2012-12-14 22:49    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-14 20:32 . 2013-02-14 20:32    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-14 20:31 . 2013-02-14 20:31    --------    d-----w-    c:\users\lastofmykind\AppData\Local\Programs
2013-02-14 18:25 . 2012-08-23 15:09    3072    ----a-w-    c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-14 18:25 . 2012-08-23 13:41    13312    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-02-14 18:25 . 2012-08-23 13:40    13312    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-02-14 18:25 . 2012-08-23 13:24    15360    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2013-02-14 18:25 . 2012-08-23 14:10    19456    ----a-w-    c:\windows\system32\drivers\rdpvideominiport.sys
2013-02-14 18:25 . 2012-08-23 14:07    57856    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2013-02-14 18:19 . 2012-05-04 11:00    366592    ----a-w-    c:\windows\system32\qdvd.dll
2013-02-14 18:19 . 2012-05-04 09:59    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2013-02-14 18:19 . 2012-08-24 18:05    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-02-14 18:19 . 2012-08-24 16:57    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-02-14 18:19 . 2012-08-24 18:09    458712    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-02-14 18:19 . 2012-08-24 18:13    154480    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-02-14 18:19 . 2012-08-24 18:03    1448448    ----a-w-    c:\windows\system32\lsasrv.dll
2013-02-14 18:19 . 2012-08-24 16:57    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-02-14 18:19 . 2012-08-24 16:53    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-02-14 15:55 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:55 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 15:36 . 2013-01-09 01:22    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-13 20:18 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-13 20:18 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 20:18 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 20:18 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 20:18 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-13 20:18 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-13 20:18 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-13 20:18 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-13 20:18 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-13 20:18 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-13 20:18 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 20:17 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-06 23:22 . 2013-02-06 23:22    --------    d-----w-    c:\users\lastofmykind\AppData\Local\doubleTwist Corporation
2013-02-06 23:21 . 2013-02-06 23:21    --------    d-----w-    c:\program files (x86)\Common Files\doubleTwist
2013-02-06 23:18 . 2013-02-06 23:21    --------    d-----w-    c:\program files (x86)\doubleTwist 2.0
2013-02-06 04:52 . 2013-02-14 18:09    --------    d-----w-    c:\windows\SysWow64\Adobe
2013-01-31 03:57 . 2008-05-14 00:23    417792    ----a-w-    c:\program files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2013-01-31 01:54 . 2013-01-31 01:54    --------    d-----w-    c:\users\lastofmykind\AppData\Local\SteelSeries_ApS
2013-01-31 01:52 . 2013-01-31 01:52    --------    d-----w-    c:\users\lastofmykind\AppData\Roaming\SteelSeries
2013-01-31 01:50 . 2013-01-31 01:50    --------    d-----w-    c:\programdata\SteelSeries
2013-01-31 01:48 . 2013-01-31 01:48    --------    d-----w-    c:\program files\SteelSeries
2013-01-30 03:21 . 2013-01-30 03:21    --------    d-----w-    c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-23 06:41 . 2012-07-31 16:52    477616    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-02-23 06:41 . 2010-09-15 03:58    473520    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-02-14 16:46 . 2012-04-04 14:06    691568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 16:46 . 2011-06-07 20:01    71024    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 16:09 . 2010-04-09 21:22    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-08 00:28 . 2013-02-24 14:03    9162192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7A9B92C-57BB-4FE2-A464-8DFB3F3F275A}\mpengine.dll
2013-02-08 00:28 . 2013-02-22 21:38    9162192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-30 10:53 . 2010-04-05 18:04    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-20 21:59 . 2013-01-20 21:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 21:59 . 2010-10-25 03:25    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-13 20:18    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 09:00    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:00    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-08 23:26    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-08 23:25    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-08 23:25    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-08 23:25    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-08 23:26    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-08 23:26    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-08 23:25    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-08 23:26    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-08 23:26    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-08 23:25    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-08 23:26    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-08 23:26    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-08 23:26    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-08 23:26    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-08 23:26    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-08 23:26    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-08 23:25    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-08 23:25    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-08 23:26    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-08 23:26    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-08 23:26    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 23:26    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 23:26    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 23:25    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-08 23:25    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 23:26    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-08 23:26    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-08 23:26    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-08 23:26    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-08 23:26    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-08 23:25    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-08 23:25    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-08 23:25    362496    ----a-w-    c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-08 23:25    243200    ----a-w-    c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-08 23:25    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-08 23:25    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-08 23:25    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-08 23:25    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-08 23:25    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:25    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 5629312]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleChromeAutoLaunch_36345B804AC5060B095B5B056AA2600C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-02-21 1274320]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-11-28 237056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 Tcpz-x64;Tcpz-x64;c:\users\Ben\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-08 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-08-02 29288]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-07 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 14952]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63064]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-11-11 131072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 07:08    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:46]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 18:06]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 18:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50    755816    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mStart Page = hxxp://www.toshiba.ca/welcome
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=CA&userid=27f0dd94-5490-4972-b129-ab2b8267aeaf&searchtype=ds&q={searchTerms}
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.87.230.4 65.87.230.5
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\LxrSII1s.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2013-02-24  10:53:42 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-24 16:53
.
Pre-Run: 117,261,156,352 bytes free
Post-Run: 116,788,047,872 bytes free
.
- - End Of File - - EE0C2685C47732B5EAE548B8422C6881


#14 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 25 February 2013 - 06:19 PM

Hi Yukon_Jack.

That cleaned some of it up, but more to get yet.

  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

White Warrior
 



#15 Yukon_Jack

Yukon_Jack
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:49 AM

Posted 25 February 2013 - 07:46 PM

OK thanks, I just finished the scan (posted below). Just for my own curiosity, what do you think I have/had? 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by lastofmykind on 25/02/2013 at 18:16:13.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2197133454-1600747301-3502648955-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2197133454-1600747301-3502648955-1003\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2197133454-1600747301-3502648955-1003\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2197133454-1600747301-3502648955-1003\software\microsoft\internet explorer\search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0d7562ae-8ef6-416d-a838-ab665251703a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\lastofmykind\AppData\Roaming\red kawa"
Successfully deleted: [Folder] "C:\Users\lastofmykind\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\lastofmykind\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\red kawa"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/02/2013 at 18:35:03.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users