Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspect Malware/Virus - Help Request


  • Please log in to reply

#1
downtrou

downtrou

    Member

  • Member
  • PipPip
  • 79 posts
Hi there

First, thanks in advance for any assistance given!

Using Win 7 Pro, SP1, 64bit, Avast IS8 & Malware Bytes (MWB)

I had PUP Tarma Installer detected on 3 Aug 2013 by MWB and quarantined it (think this was from a flash scan I did). I tried to do a rollback/restore but in doing so I created a restore point and this deleted previous restore points (not what I wished to do). Things seemed to be OK from here on.

Then about 3-4 days ago I downloaded CopyTrans and when MWB next ran it picked up Backdoor.Zegost & MySearchDial which it has also quarantined.

I have pasted the OTL scan result for review - please let me know if this is OK or if I need to do some fixing please.

Cheers
dt

OTL logfile created on: 8/15/2013 9:03:34 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan Hunter\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.73 Gb Total Physical Memory | 3.40 Gb Available Physical Memory | 43.97% Memory free
15.47 Gb Paging File | 10.43 Gb Available in Paging File | 67.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.70 Gb Total Space | 62.71 Gb Free Space | 21.87% Space Free | Partition Type: NTFS

Computer Name: INFIELD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/15 09:01:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan Hunter\Downloads\OTL.exe
PRC - [2013/07/13 17:24:51 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Users\Dan Hunter\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/05 14:54:26 | 000,104,448 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe
PRC - [2013/05/25 10:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dan Hunter\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 20:37:30 | 001,402,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
PRC - [2013/05/11 20:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 18:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 18:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 18:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/03/23 11:56:36 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes\mbamservice.exe
PRC - [2012/12/14 15:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes\mbamgui.exe
PRC - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe
PRC - [2012/10/29 14:04:13 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Dan Hunter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/12/21 23:11:26 | 003,961,464 | ---- | M] (Eye-Fi, Inc.) -- C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
PRC - [2011/08/31 02:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/31 02:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/31 01:26:55 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2011/04/22 22:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 22:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/16 04:06:16 | 000,506,728 | ---- | M] (Outertech) -- C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/05/07 03:33:08 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/04/20 09:07:42 | 000,677,192 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/04/20 09:07:14 | 002,721,120 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/04/09 09:58:04 | 000,462,888 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe
PRC - [2010/03/19 06:00:30 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/19 06:00:26 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/17 12:14:00 | 000,714,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/07/29 13:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/04/04 11:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/07/25 09:19:00 | 000,116,064 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtPSS.exe
PRC - [2008/07/25 04:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/25 10:49:46 | 000,396,240 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/25 10:49:45 | 013,599,184 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/25 10:49:44 | 004,052,944 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/25 10:48:54 | 000,601,552 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/25 10:48:53 | 000,123,344 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/25 10:48:51 | 001,597,392 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/03/14 06:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/12/19 05:08:32 | 014,588,632 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
MOD - [2012/11/14 09:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/09/23 19:43:36 | 000,313,992 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
MOD - [2011/12/21 22:59:12 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
MOD - [2011/12/21 22:56:16 | 000,209,408 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
MOD - [2011/10/05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/22 23:26:14 | 000,047,880 | ---- | M] () -- C:\Program Files (x86)\ClipboardHistory\ClipboardHotkey.dll
MOD - [2009/02/26 12:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 15:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 18:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/09 18:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/09/04 17:31:53 | 008,882,136 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2012/06/25 15:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/06/25 15:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/06/25 15:05:28 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/04/23 16:23:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/03/15 06:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010/05/26 13:08:30 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/05/11 11:57:30 | 000,836,016 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/04/24 11:08:32 | 000,259,440 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/06 10:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/22 02:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/29 08:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 11:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/08/03 10:42:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/27 12:05:49 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/05 14:54:26 | 000,104,448 | ---- | M] () [Auto | Running] -- C:\Users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe -- (YouTubeDownloaderConverter)
SRV - [2013/05/11 20:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/31 02:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/22 22:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/04/13 03:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/04/09 09:58:04 | 000,462,888 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010/03/19 06:00:30 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/19 06:00:26 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 09:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/12/04 12:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/07 02:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/28 05:07:18 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/28 05:07:18 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/28 05:07:18 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/05/09 18:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 18:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 18:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 18:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013/05/09 18:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013/05/09 18:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 18:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/05/09 18:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/12/14 15:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 17:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 00:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/03 07:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/03/15 05:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/15 05:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 10:43:02 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/14 07:57:08 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2010/07/28 20:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 14:15:54 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/18 11:30:04 | 000,770,152 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2010/05/09 11:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/22 02:37:34 | 007,686,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/04/09 05:47:00 | 000,060,536 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/04/08 03:51:00 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/25 06:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/24 10:39:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/12 13:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/10 10:25:48 | 000,269,864 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2010/03/04 04:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2010/03/04 04:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2010/02/27 09:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/25 04:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/25 04:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/18 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/31 13:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/29 13:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/25 04:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/15 05:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 15:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/11 08:53:22 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36wgps64.sys -- (t36wgps)
DRV:64bit: - [2009/06/30 09:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/30 03:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/27 05:51:58 | 000,432,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmdm.sys -- (t36gmdm)
DRV:64bit: - [2009/06/27 05:51:58 | 000,376,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmgmt.sys -- (t36gmgmt)
DRV:64bit: - [2009/06/27 05:51:56 | 000,329,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gbus.sys -- (t36gbus)
DRV:64bit: - [2009/06/27 05:51:56 | 000,019,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmdfl.sys -- (t36gmdfl)
DRV:64bit: - [2009/06/23 10:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 12:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/20 03:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/20 02:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/18 05:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/16 15:48:46 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2008/02/01 02:24:32 | 000,093,184 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=866412678&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE:64bit: - HKLM\..\SearchScopes\{03055344-2064-458A-6CD1-7ADB87C2DCC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://start.mysearc...r=866412678&ir=
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-4CEDDEAE4530}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=866412678&ir=
IE - HKLM\..\SearchScopes\{5C99FC0D-0AD2-4FEB-5588-42B7EA7BACBE}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...0-4CEDDEAE4530}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-4CEDDEAE4530}
IE - HKCU\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE - HKCU\..\SearchScopes\{03055344-2064-458A-6CD1-7ADB87C2DCC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...0-4CEDDEAE4530}
IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://start.mysearc...r=866412678&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gamevenus.com/CertifiedBrowser: C:\Users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\npCertifiedBrowser.dll (GVU Technologies)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/01 09:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/27 12:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/06/29 17:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/06/29 17:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/04/17 23:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/06/27 12:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/25 21:53:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/27 12:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/25 21:53:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/27 12:05:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://start.mysearc...r=866412678&ir=
CHR - Extension: news.net = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai\1.0.12_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Yontoo = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Vid-Saver = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.17.20_0\

Hosts file not found
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\BreakingNews\x64\ScriptHost.dll File not found
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2:64bit: - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [BreakingNews] C:\Program Files\BreakingNews\BreakingNews\DesktopContainer.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Administrator\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4:64bit: - HKLM..\RunOnce: [*Restore] C:\windows\SysNative\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswredemption.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswredemption64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CDFAAA2-6906-44E8-97A7-0891B3845CFD}: DhcpNameServer = 10.4.182.20 10.4.81.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{609D201B-CF3C-425A-954A-08951BDF685B}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81755B35-9285-47B2-A349-012E29DAC63F}: DhcpNameServer = 10.10.10.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/14 05:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2013/07/18 12:03:46 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/15 08:35:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/15 08:30:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4083666848-272780497-3955155416-1000UA.job
[2013/08/14 17:30:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4083666848-272780497-3955155416-1000Core.job
[2013/08/14 15:01:00 | 000,000,312 | ---- | M] () -- C:\windows\tasks\Registry Optimizer_DEFAULT.job
[2013/08/14 09:43:40 | 002,863,630 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/14 09:43:40 | 001,245,236 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/14 09:43:40 | 000,005,966 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/14 09:42:21 | 000,017,504 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 09:42:21 | 000,017,504 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 09:35:38 | 000,421,392 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/08/14 09:35:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/14 09:35:11 | 1933,905,919 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/14 05:45:45 | 000,000,320 | ---- | M] () -- C:\windows\tasks\Registry Optimizer_UPDATES.job
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumdfb9.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumdfb11.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumdfb10.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd9.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd11.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd10.dll
[2011/10/29 07:44:22 | 000,722,802 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/10/08 09:14:43 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 15:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/30 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2013/06/29 12:04:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GVU Technologies
[2012/11/22 19:06:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
[2013/03/07 08:07:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2012/10/31 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TFPU
[2012/07/10 23:18:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Toshiba
[2013/05/25 18:32:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/07/10 21:34:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinBatch
[2013/04/06 01:09:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Yontoo
[2013/07/06 04:05:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\YSB Tax Calendar

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Looks like a lot of adware. Don't see anything really bad.


Download the adwCleaner
Pause your anti-virus. Close all browsers.
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the Delete option
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Tonight while you sleep, why don't you let Avast do a boot-time scan:


First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Security. Click on AntiVirus. Scroll down to the bottom and find Boot-time scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Then change When a threat is found ... to: Move to Chest. OK. Now click on Schedule Now. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.

Ron
  • 0

#3
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Thanks for the quick reply, will get onto this in about an hr.. will post feedback when complete.

Cheers
dt
  • 0

#4
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Hi Ron

SO you know..

Have been held up with doing this, life has got in the way as it tends to :)

I will do all of this this evening and the boot scan overnight (it is only 10am sunday here) and I will get back to you with the results in approx 24hrs.

Cheers
dt
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
No hurry. I don't keep track and I don't close topics.
  • 0

#6
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
No probs, just in case, wanted to be courteous!
  • 0

#7
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Hi there

Tried to run adwCleaner - said was out of date version, clicked link. Went to foreign website. Can no longer access this forum from pc, nor many other pages.

I know i left this a few days now but appreciate advice on what to do now please.

Cheers
dt
  • 0

#8
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Ps have done another otl scan, here's the log:
OTL logfile created on: 8/22/2013 11:52:26 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan Hunter\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
7.73 Gb Total Physical Memory | 4.66 Gb Available Physical Memory | 60.24% Memory free
15.47 Gb Paging File | 11.67 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.70 Gb Total Space | 59.92 Gb Free Space | 20.90% Space Free | Partition Type: NTFS
Computer Name: INFIELD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/08/15 09:01:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan Hunter\Downloads\OTL.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/13 17:24:51 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Users\Dan Hunter\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/05 14:54:26 | 000,104,448 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe
PRC - [2013/05/25 10:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dan Hunter\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 20:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 18:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 18:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 18:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/03/23 11:56:36 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes\mbamservice.exe
PRC - [2012/12/14 15:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes\mbamgui.exe
PRC - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe
PRC - [2012/10/29 14:04:13 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Dan Hunter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/12/21 23:11:26 | 003,961,464 | ---- | M] (Eye-Fi, Inc.) -- C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
PRC - [2011/08/31 02:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/31 02:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/31 01:26:55 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2011/04/22 22:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 22:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/16 04:06:16 | 000,506,728 | ---- | M] (Outertech) -- C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/20 09:07:42 | 000,677,192 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/04/20 09:07:14 | 002,721,120 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/04/09 09:58:04 | 000,462,888 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe
PRC - [2010/03/19 06:00:30 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/19 06:00:26 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/17 12:14:00 | 000,714,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/04/04 11:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/07/25 04:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe

========== Modules (No Company Name) ==========
MOD - [2013/08/16 13:21:41 | 000,410,576 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppgooglenaclpluginchrome.dll
MOD - [2013/08/16 13:21:40 | 013,594,064 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
MOD - [2013/08/16 13:21:39 | 004,053,456 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll
MOD - [2013/08/16 13:20:49 | 000,709,584 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\29.0.1547.57\libglesv2.dll
MOD - [2013/08/16 13:20:48 | 000,099,792 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\29.0.1547.57\libegl.dll
MOD - [2013/08/16 13:20:46 | 001,604,560 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Local\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll
MOD - [2013/03/14 06:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 09:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Dan Hunter\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/12/21 22:59:12 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
MOD - [2011/12/21 22:56:16 | 000,209,408 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
MOD - [2011/10/05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/22 23:26:14 | 000,047,880 | ---- | M] () -- C:\Program Files (x86)\ClipboardHistory\ClipboardHotkey.dll

========== Services (SafeList) ==========
SRV:64bit: - [2013/05/27 15:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 18:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/09 18:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/09/04 17:31:53 | 008,882,136 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2012/06/25 15:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/06/25 15:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/06/25 15:05:28 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/04/23 16:23:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/03/15 06:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010/05/26 13:08:30 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/05/11 11:57:30 | 000,836,016 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/04/24 11:08:32 | 000,259,440 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/06 10:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/22 02:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/29 08:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 11:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/08/21 19:35:34 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/27 12:05:49 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/05 14:54:26 | 000,104,448 | ---- | M] () [Auto | Running] -- C:\Users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe -- (YouTubeDownloaderConverter)
SRV - [2013/05/11 20:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/31 02:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/22 22:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/04/13 03:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/04/09 09:58:04 | 000,462,888 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010/03/19 06:00:30 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/19 06:00:26 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 09:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/12/04 12:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/07 02:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/06/28 05:07:18 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/28 05:07:18 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/28 05:07:18 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/05/09 18:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 18:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 18:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 18:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013/05/09 18:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013/05/09 18:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 18:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/05/09 18:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/12/14 15:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 17:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 00:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/03 07:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/03/15 05:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/15 05:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 10:43:02 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/14 07:57:08 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2010/07/28 20:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 14:15:54 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/18 11:30:04 | 000,770,152 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2010/05/09 11:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/04/22 02:37:34 | 007,686,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/04/09 05:47:00 | 000,060,536 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/04/08 03:51:00 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/03/25 06:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/24 10:39:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/12 13:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/10 10:25:48 | 000,269,864 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2010/03/04 04:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2010/03/04 04:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2010/02/27 09:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/25 04:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/25 04:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/18 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/31 13:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/29 13:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/25 04:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/15 05:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 15:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/11 08:53:22 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36wgps64.sys -- (t36wgps)
DRV:64bit: - [2009/06/30 09:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/30 03:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/27 05:51:58 | 000,432,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmdm.sys -- (t36gmdm)
DRV:64bit: - [2009/06/27 05:51:58 | 000,376,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmgmt.sys -- (t36gmgmt)
DRV:64bit: - [2009/06/27 05:51:56 | 000,329,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gbus.sys -- (t36gbus)
DRV:64bit: - [2009/06/27 05:51:56 | 000,019,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmdfl.sys -- (t36gmdfl)
DRV:64bit: - [2009/06/23 10:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 12:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/20 03:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/20 02:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/18 05:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/16 15:48:46 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2008/02/01 02:24:32 | 000,093,184 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=866412678&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE:64bit: - HKLM\..\SearchScopes\{03055344-2064-458A-6CD1-7ADB87C2DCC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://start.mysearc...r=866412678&ir=
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-4CEDDEAE4530}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=866412678&ir=
IE - HKLM\..\SearchScopes\{5C99FC0D-0AD2-4FEB-5588-42B7EA7BACBE}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...0-4CEDDEAE4530}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-4CEDDEAE4530}
IE - HKCU\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE - HKCU\..\SearchScopes\{03055344-2064-458A-6CD1-7ADB87C2DCC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...0-4CEDDEAE4530}
IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://start.mysearc...r=866412678&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gamevenus.com/CertifiedBrowser: C:\Users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\npCertifiedBrowser.dll (GVU Technologies)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/01 09:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/27 12:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/06/29 17:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/06/29 17:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/04/17 23:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/06/27 12:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/21 10:22:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/27 12:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/21 10:22:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/27 12:05:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://start.mysearc...r=866412678&ir=
CHR - Extension: news.net = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai\1.0.12_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Yontoo = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Vid-Saver = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.17.20_0\
Hosts file not found
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\BreakingNews\x64\ScriptHost.dll File not found
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2:64bit: - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [BreakingNews] C:\Program Files\BreakingNews\BreakingNews\DesktopContainer.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Administrator\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4:64bit: - HKLM..\RunOnce: [*Restore] C:\windows\SysNative\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswredemption.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswredemption64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33BDBCA3-788C-402E-9212-776AFD2DEE02}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CDFAAA2-6906-44E8-97A7-0891B3845CFD}: DhcpNameServer = 10.4.182.20 10.4.81.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{609D201B-CF3C-425A-954A-08951BDF685B}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81755B35-9285-47B2-A349-012E29DAC63F}: DhcpNameServer = 10.10.10.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/08/14 05:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/08/22 11:35:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/22 11:30:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4083666848-272780497-3955155416-1000UA.job
[2013/08/21 17:30:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4083666848-272780497-3955155416-1000Core.job
[2013/08/21 15:01:00 | 000,000,312 | ---- | M] () -- C:\windows\tasks\Registry Optimizer_DEFAULT.job
[2013/08/21 10:21:15 | 000,000,320 | ---- | M] () -- C:\windows\tasks\Registry Optimizer_UPDATES.job
[2013/08/18 10:58:37 | 000,017,504 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 10:58:37 | 000,017,504 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 09:43:40 | 002,863,630 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/14 09:43:40 | 001,245,236 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/14 09:43:40 | 000,005,966 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/14 09:35:38 | 000,421,392 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/08/14 09:35:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/14 09:35:11 | 1933,905,919 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumdfb9.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumdfb11.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumdfb10.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd9.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd11.dll
[2012/09/16 23:49:40 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd10.dll
[2011/10/29 07:44:22 | 000,722,802 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/10/08 09:14:43 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
========== ZeroAccess Check ==========
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 15:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/07/30 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2013/06/29 12:04:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GVU Technologies
[2012/11/22 19:06:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nico Mak Computing
[2013/03/07 08:07:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2012/10/31 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TFPU
[2012/07/10 23:18:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Toshiba
[2013/05/25 18:32:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/07/10 21:34:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinBatch
[2013/04/06 01:09:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Yontoo
[2013/07/06 04:05:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\YSB Tax Calendar
========== Purity Check ==========


< End of report >
  • 0

#9
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
OK - Malwarebytes found some more problems in a general scan, requested I reboot and now I have been able to access this site via the PC/Laptop and perform the adwCleaner scan.

Note : It did not show a notepad on completion, it just stated "Uncheck Items you want to remove" DO just select "Clean" and do a reboot?

# AdwCleaner v3.000 - Report created 22/08/2013 at 13:44:36
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Administrator - INFIELD
# Running from : C:\Users\Dan Hunter\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Administrator\Desktop\HDVidCodec.lnk
File Found : C:\Users\Dan Hunter\AppData\Roaming\Mozilla\Firefox\Profiles\yxjhm1c3.default\searchplugins\SweetIM Search.xml
File Found : C:\windows\SysWOW64\roboot64.exe
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\HDvidCodec.com
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Vid-Saver
Folder Found C:\Program Files (x86)\WinZip Registry Optimizer
Folder Found C:\Program Files (x86)\Yontoo
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Found C:\Users\Administrator\AppData\Local\Vid-Saver
Folder Found C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Found C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Found C:\Users\Administrator\AppData\Roaming\Yontoo
Folder Found C:\Users\Dan Hunter\AppData\LocalLow\Conduit
Folder Found C:\Users\Dan Hunter\AppData\Roaming\Mozilla\Firefox\Profiles\yxjhm1c3.default\ConduitCommon

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Dan Hunter\AppData\Roaming\Mozilla\Firefox\Profiles\yxjhm1c3.default\prefs.js ]


[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wui0y439.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [18311 octets] - [22/08/2013 13:06:19]
AdwCleaner[R1].txt - [18372 octets] - [22/08/2013 13:13:23]
AdwCleaner[R2].txt - [1337 octets] - [22/08/2013 13:21:43]
AdwCleaner[R3].txt - [1198 octets] - [22/08/2013 13:29:05]
AdwCleaner[R4].txt - [2337 octets] - [22/08/2013 13:44:36]
AdwCleaner[S0].txt - [18010 octets] - [22/08/2013 13:14:49]
AdwCleaner[S1].txt - [1402 octets] - [22/08/2013 13:22:32]
AdwCleaner[S2].txt - [1260 octets] - [22/08/2013 13:30:53]

########## EOF - \AdwCleaner\AdwCleaner[R4].txt - [2578 octets] ##########

Edited by downtrou, 21 August 2013 - 09:47 PM.

  • 0

#10
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
I ran JRT and here is the report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Professional x64
Ran by Administrator on Thu 22/08/2013 at 13:59:09.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033343391}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{33333333-3333-3333-3333-330033343391}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}



~~~ Files

Successfully deleted: [File] "C:\windows\syswow64\roboot64.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\yontoo"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\vid-saver"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\vid-saver"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 22/08/2013 at 14:06:00.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


My laptop is like it has gone back to a new install but with my profile still there in the background.. strange or is this normal?

i.e. I can see my desktop as it was under exploring but my visible desktop is new/default one...

Edited by downtrou, 21 August 2013 - 10:15 PM.

  • 0

Advertisements


#11
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
I Logged off then on and it appears to be normal again.. sorry if this is causing you confusion.

I am now going to stop doing anything further and wait for you to provide some advice/next steps.

dt
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#13
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
1. aswMBR Complete

Log -


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-23 10:32:28
-----------------------------
10:32:28.221 OS Version: Windows x64 6.1.7601 Service Pack 1
10:32:28.221 Number of processors: 4 586 0x2505
10:32:28.222 ComputerName: INFIELD UserName:
10:32:33.611 Initialize success
10:32:33.743 AVAST engine defs: 13082201
10:32:54.396 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:32:54.398 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
10:32:54.683 Disk 0 MBR read successfully
10:32:54.685 Disk 0 MBR scan
10:32:54.688 Disk 0 Windows VISTA default MBR code
10:32:54.698 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:32:54.710 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293578 MB offset 3074048
10:32:54.737 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10166 MB offset 604321792
10:32:54.948 Disk 0 scanning C:\windows\system32\drivers
10:33:09.598 Service scanning
10:33:39.986 Modules scanning
10:33:41.891 AVAST engine scan C:\windows
10:33:46.720 AVAST engine scan C:\windows\system32
10:37:49.907 AVAST engine scan C:\windows\system32\drivers
10:38:16.326 AVAST engine scan C:\Users\Administrator
10:40:15.090 AVAST engine scan C:\ProgramData
10:44:03.760 Scan finished successfully
10:45:07.863 Disk 0 MBR has been saved successfully to "C:\Users\Dan Hunter\Desktop\Scan Results\MBR.dat"
10:45:07.867 The log file has been saved successfully to "C:\Users\Dan Hunter\Desktop\Scan Results\aswMBR.txt"


2. ComboFix Complete
Log -


ComboFix 13-08-22.01 - Administrator 23/08/2013 10:51:36.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.7920.5686 [GMT 10:00]
Running from: c:\users\Dan Hunter\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\TBD8834.tmp
C:\TBDF73B.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-07-23 to 2013-08-23 )))))))))))))))))))))))))))))))
.
.
2013-08-23 00:58 . 2013-08-23 00:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-23 00:58 . 2013-08-23 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-22 03:59 . 2013-08-22 03:59 -------- d-----w- c:\windows\ERUNT
2013-08-22 03:44 . 2013-08-22 03:44 -------- d-----w- c:\program files (x86)\HDvidCodec.com
2013-08-22 03:06 . 2013-08-22 03:44 -------- d-----w- C:\AdwCleaner
2013-08-14 01:11 . 2013-08-14 01:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 01:11 . 2013-08-14 01:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-13 19:56 . 2013-08-13 19:56 -------- d-----w- c:\users\Dan Hunter\AppData\Roaming\WindSolutions
2013-08-13 19:56 . 2013-08-13 19:56 -------- d-----w- c:\programdata\WindSolutions
2013-08-10 23:42 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88C46DA6-AE8D-410F-8842-87E6D0C19093}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 09:35 . 2012-03-30 02:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 09:35 . 2011-10-07 18:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-05 18:05 . 2013-07-05 18:05 10240 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{BF2CAF71-704E-4F3A-9A89-7D962B445272}\IconBF2CAF712.exe
2013-06-27 19:07 . 2013-03-27 11:54 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:07 . 2013-03-27 11:32 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:07 . 2013-03-27 11:32 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-25 12:16 . 2013-06-25 12:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 12:16 . 2012-07-06 01:41 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 12:16 . 2010-05-19 05:28 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 14:57 . 2011-10-09 23:58 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 23:43 . 2013-07-09 20:52 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-09 20:52 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-09 20:52 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-09 20:52 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-09 20:52 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-09 20:52 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-09 20:52 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-09 20:52 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-09 20:52 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-09 20:52 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-09 20:52 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-09 20:52 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-09 20:52 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-09 20:52 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-09 20:52 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-09 20:52 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-09 20:52 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-09 20:52 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-09 20:52 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-09 20:52 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-09 20:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-09 20:52 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-09 20:43 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-09 20:44 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-09 20:43 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-03 23:15 . 2013-06-03 23:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-03 23:15 . 2013-06-03 23:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Administrator\AppData\Roaming\Spotify\Spotify.exe" [2012-08-10 7601880]
"Spotify Web Helper"="c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-10 1193176]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-20 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-18 111640]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-05-09 51880]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-05-09 51880]
"aswredemption.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-05-09 51880]
"aswredemption64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2013-05-09 50904]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-14 1091432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-4-20 2721120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 YouTubeDownloaderConverter;YouTubeDownloaderConverter;c:\users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe;c:\users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes\mbamscheduler.exe;c:\program files (x86)\Malwarebytes\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes\mbamservice.exe;c:\program files (x86)\Malwarebytes\mbamservice.exe [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 t36gbus;Ericsson F3607gw for TOSHIBA Mobile Broadband Device (Win7);c:\windows\system32\DRIVERS\t36gbus.sys;c:\windows\SYSNATIVE\DRIVERS\t36gbus.sys [x]
S3 t36gmdfl;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem Filter (Win7);c:\windows\system32\DRIVERS\t36gmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\t36gmdfl.sys [x]
S3 t36gmdm;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem (Win7);c:\windows\system32\DRIVERS\t36gmdm.sys;c:\windows\SYSNATIVE\DRIVERS\t36gmdm.sys [x]
S3 t36gmgmt;Ericsson F3607gw for TOSHIBA Mobile Broadband Device Mgmt (Win7);c:\windows\system32\DRIVERS\t36gmgmt.sys;c:\windows\SYSNATIVE\DRIVERS\t36gmgmt.sys [x]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\t36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\t36wgps64.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 09:35]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4083666848-272780497-3955155416-1000Core.job
- c:\users\Dan Hunter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 10:10]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4083666848-272780497-3955155416-1000UA.job
- c:\users\Dan Hunter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 10:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"IntelMyWiFiDashboard"="c:\program files\Intel\CCDashboard\bin\CCDashServer.exe" [2012-04-16 4962816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-20 296960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wui0y439.default\
FF - ExtSQL: 2013-06-27 12:05; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-BreakingNews - c:\program files\BreakingNews\BreakingNews\DesktopContainer.exe
c:\users\Dan Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - c:\program files\BreakingNews\x64\ScriptHost.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-WinZip Registry Optimizer_is1 - c:\program files (x86)\WinZip Registry Optimizer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4083666848-272780497-3955155416-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:04,b2,96,b8,b4,74,ce,01
.
[HKEY_USERS\S-1-5-21-4083666848-272780497-3955155416-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,56,d1,07,18,52,dc,45,8f,93,56,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,56,d1,07,18,52,dc,45,8f,93,56,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-08-23 11:01:13
ComboFix-quarantined-files.txt 2013-08-23 01:01
.
Pre-Run: 73,319,497,728 bytes free
Post-Run: 74,284,228,608 bytes free
.
- - End Of File - - F9D744AE9E3D7981FC45573DEEC16B09

3. TDSSKiller Complete
Log 1 -


11:12:33.0067 8028 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:12:34.0682 8028 ============================================================
11:12:34.0682 8028 Current date / time: 2013/08/23 11:12:34.0682
11:12:34.0682 8028 SystemInfo:
11:12:34.0682 8028
11:12:34.0682 8028 OS Version: 6.1.7601 ServicePack: 1.0
11:12:34.0682 8028 Product type: Workstation
11:12:34.0682 8028 ComputerName: INFIELD
11:12:34.0682 8028 UserName: Administrator
11:12:34.0682 8028 Windows directory: C:\windows
11:12:34.0682 8028 System windows directory: C:\windows
11:12:34.0682 8028 Running under WOW64
11:12:34.0682 8028 Processor architecture: Intel x64
11:12:34.0682 8028 Number of processors: 4
11:12:34.0682 8028 Page size: 0x1000
11:12:34.0682 8028 Boot type: Normal boot
11:12:34.0682 8028 ============================================================
11:12:35.0186 8028 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:12:35.0237 8028 ============================================================
11:12:35.0237 8028 \Device\Harddisk0\DR0:
11:12:35.0247 8028 MBR partitions:
11:12:35.0247 8028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D65000
11:12:35.0247 8028 ============================================================
11:12:35.0318 8028 C: <-> \Device\Harddisk0\DR0\Partition1
11:12:35.0318 8028 ============================================================
11:12:35.0318 8028 Initialize success
11:12:35.0318 8028 ============================================================
11:13:08.0843 6224 ============================================================
11:13:08.0843 6224 Scan started
11:13:08.0843 6224 Mode: Manual;
11:13:08.0843 6224 ============================================================
11:13:09.0670 6224 ================ Scan system memory ========================
11:13:09.0670 6224 System memory - ok
11:13:09.0670 6224 ================ Scan services =============================
11:13:09.0841 6224 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:13:09.0841 6224 1394ohci - ok
11:13:09.0904 6224 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:13:09.0904 6224 ACPI - ok
11:13:09.0919 6224 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:13:09.0919 6224 AcpiPmi - ok
11:13:10.0013 6224 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
11:13:10.0013 6224 AdobeActiveFileMonitor9.0 - ok
11:13:10.0107 6224 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:13:10.0107 6224 AdobeARMservice - ok
11:13:10.0247 6224 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:13:10.0247 6224 AdobeFlashPlayerUpdateSvc - ok
11:13:10.0309 6224 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
11:13:10.0325 6224 adp94xx - ok
11:13:10.0341 6224 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
11:13:10.0341 6224 adpahci - ok
11:13:10.0387 6224 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
11:13:10.0387 6224 adpu320 - ok
11:13:10.0434 6224 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:13:10.0434 6224 AeLookupSvc - ok
11:13:10.0481 6224 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
11:13:10.0497 6224 AFD - ok
11:13:10.0528 6224 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
11:13:10.0528 6224 agp440 - ok
11:13:10.0543 6224 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
11:13:10.0543 6224 ALG - ok
11:13:10.0559 6224 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
11:13:10.0559 6224 aliide - ok
11:13:10.0606 6224 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
11:13:10.0606 6224 amdide - ok
11:13:10.0637 6224 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
11:13:10.0637 6224 AmdK8 - ok
11:13:10.0699 6224 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
11:13:10.0699 6224 AmdPPM - ok
11:13:10.0746 6224 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
11:13:10.0746 6224 amdsata - ok
11:13:10.0777 6224 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
11:13:10.0777 6224 amdsbs - ok
11:13:10.0793 6224 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:13:10.0793 6224 amdxata - ok
11:13:10.0840 6224 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
11:13:10.0840 6224 AMPPAL - ok
11:13:10.0855 6224 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
11:13:10.0855 6224 AMPPALP - ok
11:13:10.0996 6224 [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:13:11.0011 6224 AMPPALR3 - ok
11:13:11.0043 6224 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
11:13:11.0043 6224 AppID - ok
11:13:11.0074 6224 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:13:11.0074 6224 AppIDSvc - ok
11:13:11.0121 6224 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
11:13:11.0121 6224 Appinfo - ok
11:13:11.0339 6224 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:13:11.0339 6224 Apple Mobile Device - ok
11:13:11.0355 6224 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
11:13:11.0355 6224 AppMgmt - ok
11:13:11.0401 6224 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
11:13:11.0401 6224 arc - ok
11:13:11.0417 6224 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
11:13:11.0417 6224 arcsas - ok
11:13:11.0464 6224 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
11:13:11.0464 6224 aswFsBlk - ok
11:13:11.0511 6224 [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW C:\windows\system32\drivers\aswFW.sys
11:13:11.0511 6224 aswFW - ok
11:13:11.0526 6224 [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd C:\windows\system32\drivers\aswKbd.sys
11:13:11.0526 6224 aswKbd - ok
11:13:11.0573 6224 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
11:13:11.0573 6224 aswMonFlt - ok
11:13:11.0620 6224 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\windows\system32\DRIVERS\aswNdis.sys
11:13:11.0620 6224 aswNdis - ok
11:13:11.0635 6224 [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2 C:\windows\system32\drivers\aswNdis2.sys
11:13:11.0651 6224 aswNdis2 - ok
11:13:11.0667 6224 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
11:13:11.0667 6224 aswRdr - ok
11:13:11.0713 6224 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
11:13:11.0713 6224 aswRvrt - ok
11:13:11.0776 6224 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
11:13:11.0791 6224 aswSnx - ok
11:13:11.0823 6224 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\windows\system32\drivers\aswSP.sys
11:13:11.0823 6224 aswSP - ok
11:13:11.0823 6224 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
11:13:11.0823 6224 aswTdi - ok
11:13:11.0854 6224 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\windows\system32\drivers\aswVmm.sys
11:13:11.0854 6224 aswVmm - ok
11:13:11.0869 6224 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:13:11.0869 6224 AsyncMac - ok
11:13:11.0901 6224 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
11:13:11.0901 6224 atapi - ok
11:13:11.0932 6224 [ 474EE95924D3FDA71D834A3847136F11 ] ATSwpWDF C:\windows\system32\Drivers\ATSwpWDF.sys
11:13:11.0947 6224 ATSwpWDF - ok
11:13:11.0994 6224 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:13:11.0994 6224 AudioEndpointBuilder - ok
11:13:12.0010 6224 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
11:13:12.0025 6224 AudioSrv - ok
11:13:12.0088 6224 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:13:12.0088 6224 avast! Antivirus - ok
11:13:12.0135 6224 [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
11:13:12.0135 6224 avast! Firewall - ok
11:13:12.0181 6224 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
11:13:12.0181 6224 AxInstSV - ok
11:13:12.0228 6224 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
11:13:12.0228 6224 b06bdrv - ok
11:13:12.0259 6224 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
11:13:12.0259 6224 b57nd60a - ok
11:13:12.0369 6224 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
11:13:12.0369 6224 BBSvc - ok
11:13:12.0384 6224 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
11:13:12.0384 6224 BBUpdate - ok
11:13:12.0415 6224 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
11:13:12.0415 6224 BDESVC - ok
11:13:12.0415 6224 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
11:13:12.0431 6224 Beep - ok
11:13:12.0478 6224 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
11:13:12.0493 6224 BFE - ok
11:13:12.0556 6224 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
11:13:12.0571 6224 BITS - ok
11:13:12.0603 6224 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:13:12.0603 6224 blbdrive - ok
11:13:12.0649 6224 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:13:12.0665 6224 Bonjour Service - ok
11:13:12.0696 6224 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:13:12.0696 6224 bowser - ok
11:13:12.0712 6224 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
11:13:12.0712 6224 BrFiltLo - ok
11:13:12.0727 6224 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
11:13:12.0727 6224 BrFiltUp - ok
11:13:12.0759 6224 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
11:13:12.0759 6224 BridgeMP - ok
11:13:12.0805 6224 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
11:13:12.0805 6224 Browser - ok
11:13:12.0837 6224 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:13:12.0837 6224 Brserid - ok
11:13:12.0852 6224 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:13:12.0852 6224 BrSerWdm - ok
11:13:12.0868 6224 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:13:12.0868 6224 BrUsbMdm - ok
11:13:12.0883 6224 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:13:12.0883 6224 BrUsbSer - ok
11:13:12.0899 6224 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
11:13:12.0899 6224 BTHMODEM - ok
11:13:12.0915 6224 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
11:13:12.0915 6224 bthserv - ok
11:13:12.0930 6224 [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:13:12.0930 6224 BTHSSecurityMgr - ok
11:13:12.0977 6224 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\windows\system32\drivers\BVRPMPR5a64.SYS
11:13:12.0977 6224 BVRPMPR5a64 - ok
11:13:12.0993 6224 catchme - ok
11:13:13.0008 6224 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:13:13.0024 6224 cdfs - ok
11:13:13.0055 6224 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
11:13:13.0055 6224 cdrom - ok
11:13:13.0102 6224 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
11:13:13.0102 6224 CertPropSvc - ok
11:13:13.0164 6224 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
11:13:13.0164 6224 cfWiMAXService - ok
11:13:13.0195 6224 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
11:13:13.0195 6224 circlass - ok
11:13:13.0227 6224 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\windows\system32\CISVC.EXE
11:13:13.0227 6224 CISVC - ok
11:13:13.0258 6224 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
11:13:13.0258 6224 CLFS - ok
11:13:13.0305 6224 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:13:13.0305 6224 clr_optimization_v2.0.50727_32 - ok
11:13:13.0336 6224 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:13:13.0336 6224 clr_optimization_v2.0.50727_64 - ok
11:13:13.0414 6224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:13:13.0414 6224 clr_optimization_v4.0.30319_32 - ok
11:13:13.0461 6224 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:13:13.0461 6224 clr_optimization_v4.0.30319_64 - ok
11:13:13.0492 6224 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:13:13.0492 6224 CmBatt - ok
11:13:13.0523 6224 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
11:13:13.0523 6224 cmdide - ok
11:13:13.0570 6224 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
11:13:13.0585 6224 CNG - ok
11:13:13.0601 6224 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
11:13:13.0601 6224 Compbatt - ok
11:13:13.0632 6224 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
11:13:13.0632 6224 CompositeBus - ok
11:13:13.0632 6224 COMSysApp - ok
11:13:13.0663 6224 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
11:13:13.0663 6224 ConfigFree Service - ok
11:13:13.0679 6224 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
11:13:13.0679 6224 crcdisk - ok
11:13:13.0726 6224 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\windows\system32\cryptsvc.dll
11:13:13.0726 6224 CryptSvc - ok
11:13:13.0788 6224 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
11:13:13.0788 6224 CSC - ok
11:13:13.0819 6224 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
11:13:13.0819 6224 CscService - ok
11:13:13.0882 6224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
11:13:13.0897 6224 DcomLaunch - ok
11:13:13.0913 6224 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
11:13:13.0929 6224 defragsvc - ok
11:13:13.0960 6224 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:13:13.0960 6224 DfsC - ok
11:13:14.0007 6224 [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
11:13:14.0007 6224 dg_ssudbus - ok
11:13:14.0038 6224 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
11:13:14.0038 6224 Dhcp - ok
11:13:14.0053 6224 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
11:13:14.0053 6224 discache - ok
11:13:14.0069 6224 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
11:13:14.0069 6224 Disk - ok
11:13:14.0319 6224 [ 8DC1DCA91C55B8DFC7E7FBB079216D6F ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
11:13:14.0365 6224 DisplayLinkService - ok
11:13:14.0412 6224 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:13:14.0412 6224 Dnscache - ok
11:13:14.0459 6224 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
11:13:14.0459 6224 dot3svc - ok
11:13:14.0506 6224 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
11:13:14.0506 6224 DPS - ok
11:13:14.0521 6224 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:13:14.0521 6224 drmkaud - ok
11:13:14.0584 6224 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:13:14.0599 6224 DXGKrnl - ok
11:13:14.0646 6224 [ 324FCD2DD8A4229DDEF3CC954FF12FA5 ] e1kexpress C:\windows\system32\DRIVERS\e1k62x64.sys
11:13:14.0646 6224 e1kexpress - ok
11:13:14.0677 6224 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
11:13:14.0677 6224 EapHost - ok
11:13:14.0755 6224 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
11:13:14.0787 6224 ebdrv - ok
11:13:14.0818 6224 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\windows\system32\Drivers\wwuss64.sys
11:13:14.0818 6224 ecnssndis - ok
11:13:14.0833 6224 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\windows\system32\Drivers\wwussf64.sys
11:13:14.0833 6224 ecnssndisfltr - ok
11:13:14.0865 6224 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
11:13:14.0880 6224 EFS - ok
11:13:14.0927 6224 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
11:13:14.0927 6224 ehRecvr - ok
11:13:14.0958 6224 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
11:13:14.0958 6224 ehSched - ok
11:13:14.0989 6224 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
11:13:15.0005 6224 elxstor - ok
11:13:15.0021 6224 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
11:13:15.0021 6224 ErrDev - ok
11:13:15.0052 6224 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
11:13:15.0067 6224 EventSystem - ok
11:13:15.0083 6224 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
11:13:15.0083 6224 exfat - ok
11:13:15.0099 6224 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
11:13:15.0099 6224 fastfat - ok
11:13:15.0161 6224 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
11:13:15.0161 6224 Fax - ok
11:13:15.0177 6224 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
11:13:15.0177 6224 fdc - ok
11:13:15.0192 6224 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
11:13:15.0192 6224 fdPHost - ok
11:13:15.0208 6224 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
11:13:15.0208 6224 FDResPub - ok
11:13:15.0223 6224 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:13:15.0223 6224 FileInfo - ok
11:13:15.0255 6224 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:13:15.0255 6224 Filetrace - ok
11:13:15.0270 6224 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
11:13:15.0270 6224 flpydisk - ok
11:13:15.0301 6224 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:13:15.0301 6224 FltMgr - ok
11:13:15.0364 6224 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
11:13:15.0379 6224 FontCache - ok
11:13:15.0473 6224 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:13:15.0473 6224 FontCache3.0.0.0 - ok
11:13:15.0489 6224 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:13:15.0489 6224 FsDepends - ok
11:13:15.0535 6224 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:13:15.0535 6224 Fs_Rec - ok
11:13:15.0582 6224 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:13:15.0582 6224 fvevol - ok
11:13:15.0613 6224 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
11:13:15.0613 6224 gagp30kx - ok
11:13:15.0660 6224 [ 1A0B9D84BEB3306F728BC3009D432F5C ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
11:13:15.0660 6224 GameConsoleService - ok
11:13:15.0691 6224 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:13:15.0691 6224 GEARAspiWDM - ok
11:13:15.0754 6224 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
11:13:15.0754 6224 gpsvc - ok
11:13:15.0785 6224 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:13:15.0785 6224 hcw85cir - ok
11:13:15.0832 6224 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:13:15.0832 6224 HdAudAddService - ok
11:13:15.0847 6224 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
11:13:15.0847 6224 HDAudBus - ok
11:13:15.0879 6224 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
11:13:15.0879 6224 HECIx64 - ok
11:13:15.0894 6224 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
11:13:15.0894 6224 HidBatt - ok
11:13:15.0910 6224 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
11:13:15.0910 6224 HidBth - ok
11:13:15.0925 6224 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
11:13:15.0925 6224 HidIr - ok
11:13:15.0957 6224 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
11:13:15.0957 6224 hidserv - ok
11:13:15.0988 6224 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:13:15.0988 6224 HidUsb - ok
11:13:16.0035 6224 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
11:13:16.0035 6224 hkmsvc - ok
11:13:16.0081 6224 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:13:16.0081 6224 HomeGroupListener - ok
11:13:16.0128 6224 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:13:16.0144 6224 HomeGroupProvider - ok
11:13:16.0159 6224 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:13:16.0159 6224 HpSAMD - ok
11:13:16.0206 6224 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:13:16.0222 6224 HTTP - ok
11:13:16.0222 6224 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:13:16.0222 6224 hwpolicy - ok
11:13:16.0269 6224 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
11:13:16.0269 6224 i8042prt - ok
11:13:16.0300 6224 [ 5E60DD5F090AB4A563C7204C289C4650 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:13:16.0315 6224 iaStor - ok
11:13:16.0331 6224 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:13:16.0347 6224 iaStorV - ok
11:13:16.0393 6224 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:13:16.0393 6224 idsvc - ok
11:13:16.0643 6224 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
11:13:16.0690 6224 igfx - ok
11:13:16.0721 6224 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
11:13:16.0721 6224 iirsp - ok
11:13:16.0783 6224 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
11:13:16.0783 6224 IKEEXT - ok
11:13:16.0815 6224 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
11:13:16.0815 6224 Impcd - ok
11:13:16.0893 6224 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:13:16.0908 6224 IntcAzAudAddService - ok
11:13:16.0955 6224 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
11:13:16.0955 6224 IntcDAud - ok
11:13:16.0971 6224 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
11:13:16.0971 6224 intelide - ok
11:13:16.0986 6224 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:13:16.0986 6224 intelppm - ok
11:13:17.0017 6224 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:13:17.0017 6224 IPBusEnum - ok
11:13:17.0064 6224 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:13:17.0064 6224 IpFilterDriver - ok
11:13:17.0127 6224 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:13:17.0127 6224 iphlpsvc - ok
11:13:17.0189 6224 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:13:17.0189 6224 IPMIDRV - ok
11:13:17.0205 6224 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:13:17.0205 6224 IPNAT - ok
11:13:17.0298 6224 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:13:17.0298 6224 iPod Service - ok
11:13:17.0329 6224 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
11:13:17.0329 6224 IRENUM - ok
11:13:17.0345 6224 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:13:17.0345 6224 isapnp - ok
11:13:17.0361 6224 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:13:17.0376 6224 iScsiPrt - ok
11:13:17.0376 6224 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
11:13:17.0376 6224 kbdclass - ok
11:13:17.0392 6224 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
11:13:17.0392 6224 kbdhid - ok
11:13:17.0407 6224 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
11:13:17.0407 6224 KeyIso - ok
11:13:17.0454 6224 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:13:17.0454 6224 KSecDD - ok
11:13:17.0501 6224 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:13:17.0501 6224 KSecPkg - ok
11:13:17.0517 6224 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:13:17.0517 6224 ksthunk - ok
11:13:17.0548 6224 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
11:13:17.0548 6224 KtmRm - ok
11:13:17.0595 6224 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
11:13:17.0610 6224 LanmanServer - ok
11:13:17.0641 6224 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:13:17.0657 6224 LanmanWorkstation - ok
11:13:17.0673 6224 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:13:17.0673 6224 lltdio - ok
11:13:17.0704 6224 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
11:13:17.0704 6224 lltdsvc - ok
11:13:17.0719 6224 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
11:13:17.0719 6224 lmhosts - ok
11:13:17.0782 6224 [ F4D93FB055CFBFF19ABD30525CF1073D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:13:17.0782 6224 LMS - ok
11:13:17.0813 6224 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
11:13:17.0813 6224 LSI_FC - ok
11:13:17.0844 6224 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
11:13:17.0844 6224 LSI_SAS - ok
11:13:17.0860 6224 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
11:13:17.0860 6224 LSI_SAS2 - ok
11:13:17.0875 6224 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
11:13:17.0875 6224 LSI_SCSI - ok
11:13:17.0891 6224 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
11:13:17.0891 6224 luafv - ok
11:13:17.0922 6224 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys
11:13:17.0938 6224 MBAMProtector - ok
11:13:17.0969 6224 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe
11:13:17.0985 6224 MBAMScheduler - ok
11:13:18.0016 6224 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes\mbamservice.exe
11:13:18.0016 6224 MBAMService - ok
11:13:18.0047 6224 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
11:13:18.0047 6224 Mcx2Svc - ok
11:13:18.0156 6224 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:13:18.0156 6224 MDM - ok
11:13:18.0187 6224 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
11:13:18.0187 6224 megasas - ok
11:13:18.0219 6224 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
11:13:18.0219 6224 MegaSR - ok
11:13:18.0250 6224 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
11:13:18.0250 6224 MMCSS - ok
11:13:18.0265 6224 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
11:13:18.0265 6224 Modem - ok
11:13:18.0265 6224 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:13:18.0265 6224 monitor - ok
11:13:18.0312 6224 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:13:18.0312 6224 mouclass - ok
11:13:18.0328 6224 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:13:18.0328 6224 mouhid - ok
11:13:18.0375 6224 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:13:18.0375 6224 mountmgr - ok
11:13:18.0437 6224 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:13:18.0437 6224 MozillaMaintenance - ok
11:13:18.0484 6224 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
11:13:18.0484 6224 mpio - ok
11:13:18.0499 6224 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:13:18.0499 6224 mpsdrv - ok
11:13:18.0562 6224 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
11:13:18.0577 6224 MpsSvc - ok
11:13:18.0624 6224 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:13:18.0624 6224 MRxDAV - ok
11:13:18.0671 6224 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:13:18.0671 6224 mrxsmb - ok
11:13:18.0687 6224 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:13:18.0687 6224 mrxsmb10 - ok
11:13:18.0733 6224 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:13:18.0733 6224 mrxsmb20 - ok
11:13:18.0765 6224 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
11:13:18.0765 6224 msahci - ok
11:13:18.0796 6224 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:13:18.0796 6224 msdsm - ok
11:13:18.0827 6224 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
11:13:18.0827 6224 MSDTC - ok
11:13:18.0874 6224 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:13:18.0874 6224 Msfs - ok
11:13:18.0874 6224 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:13:18.0889 6224 mshidkmdf - ok
11:13:18.0889 6224 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:13:18.0889 6224 msisadrv - ok
11:13:18.0921 6224 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:13:18.0921 6224 MSiSCSI - ok
11:13:18.0921 6224 msiserver - ok
11:13:18.0936 6224 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:13:18.0936 6224 MSKSSRV - ok
11:13:18.0952 6224 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:13:18.0952 6224 MSPCLOCK - ok
11:13:18.0952 6224 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:13:18.0952 6224 MSPQM - ok
11:13:18.0999 6224 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:13:18.0999 6224 MsRPC - ok
11:13:19.0014 6224 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
11:13:19.0014 6224 mssmbios - ok
11:13:19.0030 6224 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:13:19.0030 6224 MSTEE - ok
11:13:19.0045 6224 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
11:13:19.0045 6224 MTConfig - ok
11:13:19.0061 6224 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
11:13:19.0061 6224 Mup - ok
11:13:19.0139 6224 [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:13:19.0139 6224 MyWiFiDHCPDNS - ok
11:13:19.0201 6224 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
11:13:19.0201 6224 napagent - ok
11:13:19.0233 6224 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:13:19.0233 6224 NativeWifiP - ok
11:13:19.0295 6224 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
11:13:19.0295 6224 NDIS - ok
11:13:19.0311 6224 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:13:19.0311 6224 NdisCap - ok
11:13:19.0326 6224 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:13:19.0326 6224 NdisTapi - ok
11:13:19.0389 6224 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:13:19.0389 6224 Ndisuio - ok
11:13:19.0435 6224 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:13:19.0435 6224 NdisWan - ok
11:13:19.0467 6224 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:13:19.0467 6224 NDProxy - ok
11:13:19.0513 6224 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\windows\system32\DRIVERS\netaapl64.sys
11:13:19.0513 6224 Netaapl - ok
11:13:19.0529 6224 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:13:19.0529 6224 NetBIOS - ok
11:13:19.0576 6224 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:13:19.0576 6224 NetBT - ok
11:13:19.0591 6224 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
11:13:19.0607 6224 Netlogon - ok
11:13:19.0638 6224 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
11:13:19.0638 6224 Netman - ok
11:13:19.0669 6224 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
11:13:19.0669 6224 netprofm - ok
11:13:19.0701 6224 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:13:19.0701 6224 NetTcpPortSharing - ok
11:13:19.0888 6224 [ 51E0FF2FBE9C7E116A91E0BC20D5789B ] NETw5s64 C:\windows\system32\DRIVERS\NETw5s64.sys
11:13:19.0919 6224 NETw5s64 - ok
11:13:21.0011 6224 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\windows\system32\DRIVERS\Netwsw00.sys
11:13:21.0073 6224 NETwNs64 - ok
11:13:21.0105 6224 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
11:13:21.0105 6224 nfrd960 - ok
11:13:21.0167 6224 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
11:13:21.0167 6224 NlaSvc - ok
11:13:21.0198 6224 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
11:13:21.0198 6224 Npfs - ok
11:13:21.0214 6224 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
11:13:21.0229 6224 nsi - ok
11:13:21.0245 6224 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:13:21.0245 6224 nsiproxy - ok
11:13:21.0323 6224 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:13:21.0339 6224 Ntfs - ok
11:13:21.0354 6224 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
11:13:21.0354 6224 Null - ok
11:13:21.0385 6224 [ 088CD71003F21F96F01C63955150A1FB ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
11:13:21.0385 6224 nusb3hub - ok
11:13:21.0401 6224 [ D90A2D44E93DAEA47AEA946D9E87000F ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
11:13:21.0401 6224 nusb3xhc - ok
11:13:21.0448 6224 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
11:13:21.0448 6224 nvraid - ok
11:13:21.0463 6224 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
11:13:21.0463 6224 nvstor - ok
11:13:21.0510 6224 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:13:21.0510 6224 nv_agp - ok
11:13:21.0651 6224 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:13:21.0651 6224 odserv - ok
11:13:21.0697 6224 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:13:21.0713 6224 ohci1394 - ok
11:13:21.0760 6224 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:13:21.0760 6224 ose - ok
11:13:21.0791 6224 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:13:21.0807 6224 p2pimsvc - ok
11:13:21.0822 6224 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
11:13:21.0822 6224 p2psvc - ok
11:13:21.0853 6224 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
11:13:21.0853 6224 Parport - ok
11:13:21.0900 6224 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
11:13:21.0900 6224 partmgr - ok
11:13:21.0916 6224 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
11:13:21.0916 6224 PcaSvc - ok
11:13:21.0963 6224 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
11:13:23.0429 6224 pci - ok
11:13:23.0460 6224 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
11:13:23.0460 6224 pciide - ok
11:13:23.0507 6224 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
11:13:23.0507 6224 pcmcia - ok
11:13:23.0538 6224 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
11:13:23.0538 6224 pcw - ok
11:13:23.0585 6224 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:13:23.0585 6224 PEAUTH - ok
11:13:23.0647 6224 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
11:13:23.0663 6224 PeerDistSvc - ok
11:13:23.0710 6224 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
11:13:23.0710 6224 PerfHost - ok
11:13:23.0772 6224 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
11:13:23.0772 6224 PGEffect - ok
11:13:23.0850 6224 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
11:13:23.0881 6224 pla - ok
11:13:23.0928 6224 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:13:23.0944 6224 PlugPlay - ok
11:13:23.0959 6224 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:13:23.0959 6224 PNRPAutoReg - ok
11:13:24.0006 6224 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:13:24.0022 6224 PNRPsvc - ok
11:13:24.0053 6224 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:13:24.0053 6224 PolicyAgent - ok
11:13:24.0084 6224 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
11:13:24.0100 6224 Power - ok
11:13:24.0100 6224 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:13:24.0115 6224 PptpMiniport - ok
11:13:24.0131 6224 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
11:13:24.0131 6224 Processor - ok
11:13:24.0178 6224 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
11:13:24.0193 6224 ProfSvc - ok
11:13:24.0225 6224 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
11:13:24.0225 6224 ProtectedStorage - ok
11:13:24.0271 6224 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:13:24.0271 6224 Psched - ok
11:13:24.0303 6224 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
11:13:24.0303 6224 PxHlpa64 - ok
11:13:24.0365 6224 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
11:13:24.0381 6224 ql2300 - ok
11:13:24.0396 6224 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
11:13:24.0396 6224 ql40xx - ok
11:13:24.0412 6224 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
11:13:24.0427 6224 QWAVE - ok
11:13:24.0443 6224 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:13:24.0443 6224 QWAVEdrv - ok
11:13:24.0443 6224 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:13:24.0443 6224 RasAcd - ok
11:13:24.0474 6224 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:13:24.0474 6224 RasAgileVpn - ok
11:13:24.0490 6224 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
11:13:24.0490 6224 RasAuto - ok
11:13:24.0537 6224 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:13:24.0537 6224 Rasl2tp - ok
11:13:24.0583 6224 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
11:13:24.0583 6224 RasMan - ok
11:13:25.0254 6224 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:13:25.0254 6224 RasPppoe - ok
11:13:25.0270 6224 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:13:25.0270 6224 RasSstp - ok
11:13:25.0317 6224 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:13:25.0317 6224 rdbss - ok
11:13:25.0348 6224 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
11:13:25.0348 6224 rdpbus - ok
11:13:25.0348 6224 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:13:25.0363 6224 RDPCDD - ok
11:13:25.0410 6224 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
11:13:25.0410 6224 RDPDR - ok
11:13:25.0426 6224 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:13:25.0426 6224 RDPENCDD - ok
11:13:25.0441 6224 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:13:25.0441 6224 RDPREFMP - ok
11:13:25.0488 6224 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
11:13:25.0488 6224 RdpVideoMiniport - ok
11:13:25.0535 6224 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:13:25.0535 6224 RDPWD - ok
11:13:25.0582 6224 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:13:25.0582 6224 rdyboost - ok
11:13:25.0660 6224 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:13:25.0660 6224 RegSrvc - ok
11:13:27.0844 6224 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
11:13:27.0844 6224 RemoteAccess - ok
11:13:27.0906 6224 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:13:27.0922 6224 RemoteRegistry - ok
11:13:27.0937 6224 [ BB5C401DDAE44D3700C784B9512B8E7E ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
11:13:27.0953 6224 risdpcie - ok
11:13:27.0953 6224 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:13:27.0969 6224 RpcEptMapper - ok
11:13:27.0984 6224 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
11:13:27.0984 6224 RpcLocator - ok
11:13:28.0031 6224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
11:13:28.0031 6224 RpcSs - ok
11:13:28.0062 6224 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:13:28.0062 6224 rspndr - ok
11:13:28.0109 6224 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
11:13:28.0109 6224 s3cap - ok
11:13:28.0125 6224 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
11:13:28.0140 6224 SamSs - ok
11:13:28.0156 6224 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:13:28.0156 6224 sbp2port - ok
11:13:28.0203 6224 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
11:13:28.0218 6224 SCardSvr - ok
11:13:28.0250 6224 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:13:28.0265 6224 scfilter - ok
11:13:28.0328 6224 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
11:13:28.0343 6224 Schedule - ok
11:13:28.0390 6224 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
11:13:28.0390 6224 SCPolicySvc - ok
11:13:28.0437 6224 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
11:13:28.0437 6224 sdbus - ok
11:13:28.0484 6224 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:13:28.0499 6224 SDRSVC - ok
11:13:28.0515 6224 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:13:28.0515 6224 secdrv - ok
11:13:28.0562 6224 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
11:13:28.0562 6224 seclogon - ok
11:13:28.0608 6224 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
11:13:28.0608 6224 SENS - ok
11:13:28.0640 6224 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
11:13:28.0655 6224 SensrSvc - ok
11:13:28.0671 6224 [ 45ED52A6D4C9C56C4BF58AC4771EEE71 ] Ser2pl C:\windows\system32\DRIVERS\ser2pl64.sys
11:13:28.0671 6224 Ser2pl - ok
11:13:28.0686 6224 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
11:13:28.0686 6224 Serenum - ok
11:13:28.0702 6224 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
11:13:28.0702 6224 Serial - ok
11:13:28.0718 6224 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
11:13:28.0718 6224 sermouse - ok
11:13:28.0780 6224 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
11:13:28.0780 6224 SessionEnv - ok
11:13:28.0796 6224 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:13:28.0796 6224 sffdisk - ok
11:13:28.0842 6224 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:13:28.0842 6224 sffp_mmc - ok
11:13:28.0858 6224 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:13:28.0858 6224 sffp_sd - ok
11:13:28.0889 6224 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
11:13:28.0889 6224 sfloppy - ok
11:13:28.0936 6224 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
11:13:28.0936 6224 SharedAccess - ok
11:13:28.0952 6224 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:13:28.0967 6224 ShellHWDetection - ok
11:13:28.0983 6224 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
11:13:28.0983 6224 SiSRaid2 - ok
11:13:29.0014 6224 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
11:13:29.0014 6224 SiSRaid4 - ok
11:13:29.0186 6224 [ D0776778A9FC5E37F2E9EB21FC8A9709 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:13:29.0217 6224 Skype C2C Service - ok
11:13:29.0310 6224 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:13:29.0310 6224 SkypeUpdate - ok
11:13:29.0342 6224 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
11:13:29.0342 6224 Smb - ok
11:13:29.0388 6224 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:13:29.0388 6224 SNMPTRAP - ok
11:13:29.0404 6224 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
11:13:29.0420 6224 spldr - ok
11:13:29.0466 6224 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
11:13:29.0466 6224 Spooler - ok
11:13:29.0591 6224 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
11:13:29.0622 6224 sppsvc - ok
11:13:29.0638 6224 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:13:29.0654 6224 sppuinotify - ok
11:13:29.0700 6224 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
11:13:29.0700 6224 srv - ok
11:13:29.0763 6224 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:13:29.0763 6224 srv2 - ok
11:13:29.0778 6224 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:13:29.0778 6224 srvnet - ok
11:13:29.0825 6224 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:13:29.0825 6224 SSDPSRV - ok
11:13:29.0856 6224 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
11:13:29.0856 6224 SstpSvc - ok
11:13:29.0903 6224 [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
11:13:29.0903 6224 ssudmdm - ok
11:13:29.0934 6224 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
11:13:29.0934 6224 stexstor - ok
11:13:30.0012 6224 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
11:13:30.0028 6224 stisvc - ok
11:13:30.0059 6224 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
11:13:30.0059 6224 storflt - ok
11:13:30.0122 6224 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
11:13:30.0122 6224 StorSvc - ok
11:13:30.0153 6224 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
11:13:30.0153 6224 storvsc - ok
11:13:30.0200 6224 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
11:13:30.0200 6224 swenum - ok
11:13:30.0231 6224 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
11:13:30.0231 6224 swprv - ok
11:13:30.0278 6224 [ CE9B5A79AEE330BC7E88C0441E5727BB ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
11:13:30.0278 6224 SynTP - ok
11:13:30.0340 6224 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
11:13:30.0356 6224 SysMain - ok
11:13:30.0387 6224 [ 21E931E7B8A023198E51145DC280B557 ] t36gbus C:\windows\system32\DRIVERS\t36gbus.sys
11:13:30.0387 6224 t36gbus - ok
11:13:30.0387 6224 [ B913BF54279BFEC014565F1A415882AE ] t36gmdfl C:\windows\system32\DRIVERS\t36gmdfl.sys
11:13:30.0387 6224 t36gmdfl - ok
11:13:30.0418 6224 [ 8D8253A40E4B19127458FCF1D5206DA4 ] t36gmdm C:\windows\system32\DRIVERS\t36gmdm.sys
11:13:30.0418 6224 t36gmdm - ok
11:13:30.0449 6224 [ 0D5EB0BB83241A5B3762A576D6E1145F ] t36gmgmt C:\windows\system32\DRIVERS\t36gmgmt.sys
11:13:30.0449 6224 t36gmgmt - ok
11:13:30.0465 6224 [ 7B2260B796D5DE34EDE7AE483005FCBB ] t36wgps C:\windows\system32\DRIVERS\t36wgps64.sys
11:13:30.0465 6224 t36wgps - ok
11:13:30.0512 6224 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
11:13:30.0512 6224 TabletInputService - ok
11:13:30.0527 6224 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
11:13:30.0527 6224 TapiSrv - ok
11:13:30.0558 6224 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
11:13:30.0558 6224 TBS - ok
11:13:30.0636 6224 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:13:30.0652 6224 Tcpip - ok
11:13:30.0683 6224 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:13:30.0699 6224 TCPIP6 - ok
11:13:30.0746 6224 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:13:30.0746 6224 tcpipreg - ok
11:13:30.0777 6224 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
11:13:30.0777 6224 tdcmdpst - ok
11:13:30.0808 6224 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:13:30.0808 6224 TDPIPE - ok
11:13:30.0855 6224 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:13:30.0855 6224 TDTCP - ok
11:13:30.0902 6224 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:13:30.0902 6224 tdx - ok
11:13:31.0026 6224 [ 1C46C27E9F1938B9589859C70450D275 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
11:13:31.0058 6224 TeamViewer6 - ok
11:13:31.0089 6224 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
11:13:31.0089 6224 TermDD - ok
11:13:31.0151 6224 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
11:13:31.0151 6224 TermService - ok
11:13:31.0198 6224 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
11:13:31.0198 6224 Themes - ok
11:13:31.0229 6224 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
11:13:31.0229 6224 Thpdrv - ok
11:13:31.0245 6224 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
11:13:31.0245 6224 Thpevm - ok
11:13:31.0260 6224 [ F6927BBA3B09AFF26A53A9191F7378F9 ] Thpsrv C:\windows\system32\ThpSrv.exe
11:13:31.0276 6224 Thpsrv - ok
11:13:31.0292 6224 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
11:13:31.0292 6224 THREADORDER - ok
11:13:31.0338 6224 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:13:31.0338 6224 TMachInfo - ok
11:13:31.0354 6224 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\windows\system32\TODDSrv.exe
11:13:31.0370 6224 TODDSrv - ok
11:13:31.0432 6224 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
11:13:31.0432 6224 TomTomHOMEService - ok
11:13:31.0510 6224 [ 15CA4B185EA8AEF71DD86181E6E0157E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:13:31.0510 6224 TosCoSrv - ok
11:13:31.0572 6224 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
11:13:31.0572 6224 TOSHIBA Bluetooth Service - ok
11:13:31.0650 6224 [ 231153874D46A7FCB8F60B05DFF7DF69 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
11:13:31.0650 6224 TOSHIBA eco Utility Service - ok
11:13:31.0697 6224 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:13:31.0697 6224 TOSHIBA HDD SSD Alert Service - ok
11:13:31.0744 6224 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
11:13:31.0744 6224 tosporte - ok
11:13:31.0775 6224 [ 3FA1857F4A99AF19D1F4106697793E0E ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
11:13:31.0775 6224 tosrfbd - ok
11:13:31.0791 6224 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
11:13:31.0791 6224 tosrfbnp - ok
11:13:31.0806 6224 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
11:13:31.0806 6224 Tosrfcom - ok
11:13:31.0822 6224 [ 11699D47B3491D86249C168496D55C92 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
11:13:31.0822 6224 tosrfec - ok
11:13:31.0838 6224 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
11:13:31.0838 6224 Tosrfhid - ok
11:13:31.0853 6224 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
11:13:31.0853 6224 tosrfnds - ok
11:13:31.0869 6224 [ 2254BC85FA003686D6BC2F76E54A60AE ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
11:13:31.0869 6224 TosRfSnd - ok
11:13:31.0900 6224 [ 6248B8AD1D0E9D7CDEBA37B843C9BF33 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
11:13:31.0900 6224 Tosrfusb - ok
11:13:31.0947 6224 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
11:13:31.0947 6224 tos_sps64 - ok
11:13:32.0025 6224 [ 1F7A27DE3F0849A31CE8909E3B3B1E1C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:13:32.0025 6224 TPCHSrv - ok
11:13:32.0072 6224 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
11:13:32.0072 6224 TPM - ok
11:13:32.0087 6224 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
11:13:32.0103 6224 TrkWks - ok
11:13:32.0150 6224 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:13:32.0150 6224 TrustedInstaller - ok
11:13:32.0196 6224 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:13:32.0196 6224 tssecsrv - ok
11:13:32.0259 6224 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:13:32.0259 6224 TsUsbFlt - ok
11:13:32.0306 6224 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:13:32.0306 6224 tunnel - ok
11:13:32.0337 6224 [ EFFCE6E033EBDD0F3C0F14A413558F65 ] TVALZ C:\windows\system32\DRIVERS\TVALZ.SYS
11:13:32.0352 6224 TVALZ - ok
11:13:32.0368 6224 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
11:13:32.0384 6224 TVALZFL - ok
11:13:32.0399 6224 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
11:13:32.0415 6224 uagp35 - ok
11:13:32.0462 6224 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:13:32.0462 6224 udfs - ok
11:13:32.0508 6224 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:13:32.0524 6224 UI0Detect - ok
11:13:32.0555 6224 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:13:32.0555 6224 uliagpkx - ok
11:13:32.0586 6224 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:13:32.0586 6224 umbus - ok
11:13:32.0618 6224 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
11:13:32.0618 6224 UmPass - ok
11:13:32.0649 6224 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
11:13:32.0664 6224 UmRdpService - ok
11:13:32.0758 6224 [ 6862A4D70F47C7953D0E2A2C1B1A3F66 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:13:32.0774 6224 UNS - ok
11:13:32.0805 6224 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
11:13:32.0805 6224 upnphost - ok
11:13:32.0852 6224 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
11:13:32.0852 6224 USBAAPL64 - ok
11:13:32.0867 6224 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
11:13:32.0867 6224 usbaudio - ok
11:13:32.0898 6224 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:13:32.0914 6224 usbccgp - ok
11:13:32.0930 6224 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:13:32.0930 6224 usbcir - ok
11:13:32.0976 6224 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
11:13:32.0976 6224 usbehci - ok
11:13:32.0992 6224 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:13:32.0992 6224 usbhub - ok
11:13:33.0008 6224 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
11:13:33.0008 6224 usbohci - ok
11:13:33.0039 6224 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:13:33.0039 6224 usbprint - ok
11:13:33.0070 6224 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:13:33.0070 6224 USBSTOR - ok
11:13:33.0101 6224 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
11:13:33.0101 6224 usbuhci - ok
11:13:33.0117 6224 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
11:13:33.0132 6224 usbvideo - ok
11:13:33.0164 6224 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
11:13:33.0164 6224 UxSms - ok
11:13:33.0179 6224 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
11:13:33.0179 6224 VaultSvc - ok
11:13:33.0195 6224 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:13:33.0195 6224 vdrvroot - ok
11:13:33.0257 6224 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
11:13:33.0257 6224 vds - ok
11:13:33.0288 6224 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:13:33.0288 6224 vga - ok
11:13:33.0304 6224 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
11:13:33.0304 6224 VgaSave - ok
11:13:33.0351 6224 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:13:33.0351 6224 vhdmp - ok
11:13:33.0398 6224 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
11:13:33.0398 6224 viaide - ok
11:13:33.0444 6224 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
11:13:33.0444 6224 vmbus - ok
11:13:33.0460 6224 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
11:13:33.0460 6224 VMBusHID - ok
11:13:33.0476 6224 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:13:33.0491 6224 volmgr - ok
11:13:33.0522 6224 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:13:33.0522 6224 volmgrx - ok
11:13:33.0554 6224 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
11:13:33.0554 6224 volsnap - ok
11:13:33.0600 6224 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
11:13:33.0600 6224 vsmraid - ok
11:13:33.0678 6224 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
11:13:33.0678 6224 VSS - ok
11:13:33.0694 6224 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:13:33.0694 6224 vwifibus - ok
11:13:33.0710 6224 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:13:33.0710 6224 vwififlt - ok
11:13:33.0725 6224 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:13:33.0725 6224 vwifimp - ok
11:13:33.0756 6224 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
11:13:33.0772 6224 W32Time - ok
11:13:33.0788 6224 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
11:13:33.0788 6224 WacomPen - ok
11:13:33.0819 6224 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:13:33.0819 6224 WANARP - ok
11:13:33.0834 6224 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:13:33.0834 6224 Wanarpv6 - ok
11:13:33.0897 6224 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
11:13:33.0912 6224 WatAdminSvc - ok
11:13:34.0068 6224 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
11:13:34.0084 6224 wbengine - ok
11:13:34.0146 6224 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:13:34.0162 6224 WbioSrvc - ok
11:13:34.0209 6224 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
11:13:34.0209 6224 wcncsvc - ok
11:13:34.0240 6224 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:13:34.0256 6224 WcsPlugInService - ok
11:13:34.0302 6224 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
11:13:34.0302 6224 Wd - ok
11:13:34.0365 6224 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:13:34.0380 6224 Wdf01000 - ok
11:13:34.0396 6224 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
11:13:34.0396 6224 WdiServiceHost - ok
11:13:34.0412 6224 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
11:13:34.0412 6224 WdiSystemHost - ok
11:13:34.0458 6224 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
11:13:34.0458 6224 WebClient - ok
11:13:34.0490 6224 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
11:13:34.0505 6224 Wecsvc - ok
11:13:34.0505 6224 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
11:13:34.0521 6224 wercplsupport - ok
11:13:34.0536 6224 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
11:13:34.0536 6224 WerSvc - ok
11:13:34.0552 6224 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:13:34.0552 6224 WfpLwf - ok
11:13:34.0568 6224 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:13:34.0568 6224 WIMMount - ok
11:13:34.0583 6224 WinDefend - ok
11:13:34.0599 6224 WinHttpAutoProxySvc - ok
11:13:34.0661 6224 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:13:34.0661 6224 Winmgmt - ok
11:13:34.0739 6224 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
11:13:34.0770 6224 WinRM - ok
11:13:34.0833 6224 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
11:13:34.0833 6224 WinUsb - ok
11:13:34.0864 6224 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
11:13:34.0880 6224 Wlansvc - ok
11:13:34.0973 6224 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:13:35.0004 6224 wlidsvc - ok
11:13:35.0051 6224 [ AFD828E124398729DF5A3DAA742A8C85 ] WMCoreService C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe
11:13:35.0051 6224 WMCoreService - ok
11:13:35.0082 6224 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
11:13:35.0082 6224 WmiAcpi - ok
11:13:35.0145 6224 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:13:35.0145 6224 wmiApSrv - ok
11:13:35.0176 6224 WMPNetworkSvc - ok
11:13:35.0207 6224 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
11:13:35.0223 6224 WPCSvc - ok
11:13:35.0270 6224 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:13:35.0270 6224 WPDBusEnum - ok
11:13:35.0301 6224 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:13:35.0301 6224 ws2ifsl - ok
11:13:35.0316 6224 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
11:13:35.0332 6224 wscsvc - ok
11:13:35.0332 6224 WSearch - ok
11:13:35.0441 6224 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
11:13:35.0472 6224 wuauserv - ok
11:13:35.0488 6224 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:13:35.0488 6224 WudfPf - ok
11:13:35.0504 6224 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:13:35.0504 6224 WUDFRd - ok
11:13:35.0550 6224 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:13:35.0550 6224 wudfsvc - ok
11:13:35.0597 6224 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll
11:13:35.0597 6224 WwanSvc - ok
11:13:35.0644 6224 [ 0CF68A402539B105FE732D481F0496A7 ] WwanUsbServ C:\windows\system32\DRIVERS\WwanUsbMp64.sys
11:13:35.0644 6224 WwanUsbServ - ok
11:13:35.0784 6224 [ 0923939BC1C4B802365F24E87C9A0F66 ] YouTubeDownloaderConverter C:\Users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe
11:13:35.0800 6224 YouTubeDownloaderConverter - ok
11:13:35.0956 6224 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
11:13:35.0972 6224 ZeroConfigService - ok
11:13:36.0003 6224 ================ Scan global ===============================
11:13:36.0034 6224 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
11:13:36.0065 6224 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
11:13:36.0081 6224 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
11:13:36.0112 6224 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
11:13:36.0143 6224 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
11:13:36.0143 6224 [Global] - ok
11:13:36.0143 6224 ================ Scan MBR ==================================
11:13:36.0159 6224 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
11:13:36.0393 6224 \Device\Harddisk0\DR0 - ok
11:13:36.0393 6224 ================ Scan VBR ==================================
11:13:36.0408 6224 [ AD7D7194CEB7C2C99EBCFF2BAE491B39 ] \Device\Harddisk0\DR0\Partition1
11:13:36.0408 6224 \Device\Harddisk0\DR0\Partition1 - ok
11:13:36.0408 6224 ============================================================
11:13:36.0408 6224 Scan finished
11:13:36.0408 6224 ============================================================
11:13:36.0424 6356 Detected object count: 0
11:13:36.0424 6356 Actual detected object count: 0
11:13:48.0483 0676 Deinitialize success



3. Log 2




11:14:46.0133 2688 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:14:47.0138 2688 ============================================================
11:14:47.0139 2688 Current date / time: 2013/08/23 11:14:47.0138
11:14:47.0139 2688 SystemInfo:
11:14:47.0139 2688
11:14:47.0139 2688 OS Version: 6.1.7601 ServicePack: 1.0
11:14:47.0139 2688 Product type: Workstation
11:14:47.0139 2688 ComputerName: INFIELD
11:14:47.0139 2688 UserName: Administrator
11:14:47.0139 2688 Windows directory: C:\windows
11:14:47.0139 2688 System windows directory: C:\windows
11:14:47.0139 2688 Running under WOW64
11:14:47.0139 2688 Processor architecture: Intel x64
11:14:47.0139 2688 Number of processors: 4
11:14:47.0139 2688 Page size: 0x1000
11:14:47.0139 2688 Boot type: Normal boot
11:14:47.0139 2688 ============================================================
11:14:47.0594 2688 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:14:47.0642 2688 ============================================================
11:14:47.0642 2688 \Device\Harddisk0\DR0:
11:14:47.0652 2688 MBR partitions:
11:14:47.0652 2688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D65000
11:14:47.0652 2688 ============================================================
11:14:47.0692 2688 C: <-> \Device\Harddisk0\DR0\Partition1
11:14:47.0692 2688 ============================================================
11:14:47.0692 2688 Initialize success
11:14:47.0692 2688 ============================================================
11:15:15.0678 1584 ============================================================
11:15:15.0678 1584 Scan started
11:15:15.0678 1584 Mode: Manual; SigCheck; TDLFS;
11:15:15.0678 1584 ============================================================
11:15:16.0224 1584 ================ Scan system memory ========================
11:15:16.0224 1584 System memory - ok
11:15:16.0225 1584 ================ Scan services =============================
11:15:16.0398 1584 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:15:16.0509 1584 1394ohci - ok
11:15:16.0547 1584 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:15:16.0578 1584 ACPI - ok
11:15:16.0594 1584 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:15:16.0630 1584 AcpiPmi - ok
11:15:16.0729 1584 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
11:15:16.0752 1584 AdobeActiveFileMonitor9.0 - ok
11:15:16.0847 1584 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:15:16.0870 1584 AdobeARMservice - ok
11:15:16.0982 1584 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:15:17.0007 1584 AdobeFlashPlayerUpdateSvc - ok
11:15:17.0050 1584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
11:15:17.0074 1584 adp94xx - ok
11:15:17.0095 1584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
11:15:17.0109 1584 adpahci - ok
11:15:17.0130 1584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
11:15:17.0142 1584 adpu320 - ok
11:15:17.0168 1584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:15:17.0219 1584 AeLookupSvc - ok
11:15:17.0258 1584 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
11:15:17.0288 1584 AFD - ok
11:15:17.0315 1584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
11:15:17.0326 1584 agp440 - ok
11:15:17.0341 1584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
11:15:17.0385 1584 ALG - ok
11:15:17.0403 1584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
11:15:17.0414 1584 aliide - ok
11:15:17.0425 1584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
11:15:17.0436 1584 amdide - ok
11:15:17.0463 1584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
11:15:17.0505 1584 AmdK8 - ok
11:15:17.0540 1584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
11:15:17.0560 1584 AmdPPM - ok
11:15:17.0597 1584 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
11:15:17.0621 1584 amdsata - ok
11:15:17.0638 1584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
11:15:17.0651 1584 amdsbs - ok
11:15:17.0670 1584 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:15:17.0680 1584 amdxata - ok
11:15:17.0722 1584 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
11:15:17.0746 1584 AMPPAL - ok
11:15:17.0753 1584 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
11:15:17.0767 1584 AMPPALP - ok
11:15:17.0892 1584 [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:15:17.0960 1584 AMPPALR3 - ok
11:15:18.0013 1584 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
11:15:18.0097 1584 AppID - ok
11:15:18.0123 1584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:15:18.0186 1584 AppIDSvc - ok
11:15:18.0221 1584 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
11:15:18.0261 1584 Appinfo - ok
11:15:18.0349 1584 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:15:18.0373 1584 Apple Mobile Device - ok
11:15:18.0390 1584 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
11:15:18.0422 1584 AppMgmt - ok
11:15:18.0467 1584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
11:15:18.0491 1584 arc - ok
11:15:18.0506 1584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
11:15:18.0519 1584 arcsas - ok
11:15:18.0561 1584 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
11:15:18.0584 1584 aswFsBlk - ok
11:15:18.0629 1584 [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW C:\windows\system32\drivers\aswFW.sys
11:15:18.0644 1584 aswFW - ok
11:15:18.0689 1584 [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd C:\windows\system32\drivers\aswKbd.sys
11:15:18.0703 1584 aswKbd - ok
11:15:18.0743 1584 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
11:15:18.0759 1584 aswMonFlt - ok
11:15:18.0796 1584 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\windows\system32\DRIVERS\aswNdis.sys
11:15:18.0809 1584 aswNdis - ok
11:15:18.0822 1584 [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2 C:\windows\system32\drivers\aswNdis2.sys
11:15:18.0842 1584 aswNdis2 - ok
11:15:18.0857 1584 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
11:15:18.0869 1584 aswRdr - ok
11:15:18.0921 1584 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
11:15:18.0943 1584 aswRvrt - ok
11:15:19.0006 1584 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
11:15:19.0046 1584 aswSnx - ok
11:15:19.0071 1584 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\windows\system32\drivers\aswSP.sys
11:15:19.0087 1584 aswSP - ok
11:15:19.0099 1584 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
11:15:19.0109 1584 aswTdi - ok
11:15:19.0119 1584 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\windows\system32\drivers\aswVmm.sys
11:15:19.0132 1584 aswVmm - ok
11:15:19.0144 1584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:15:19.0199 1584 AsyncMac - ok
11:15:19.0232 1584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
11:15:19.0241 1584 atapi - ok
11:15:19.0280 1584 [ 474EE95924D3FDA71D834A3847136F11 ] ATSwpWDF C:\windows\system32\Drivers\ATSwpWDF.sys
11:15:19.0315 1584 ATSwpWDF - ok
11:15:19.0361 1584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:15:19.0409 1584 AudioEndpointBuilder - ok
11:15:19.0419 1584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
11:15:19.0458 1584 AudioSrv - ok
11:15:19.0528 1584 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:15:19.0549 1584 avast! Antivirus - ok
11:15:19.0585 1584 [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
11:15:19.0605 1584 avast! Firewall - ok
11:15:19.0646 1584 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
11:15:19.0692 1584 AxInstSV - ok
11:15:19.0730 1584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
11:15:19.0757 1584 b06bdrv - ok
11:15:19.0777 1584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
11:15:19.0806 1584 b57nd60a - ok
11:15:19.0913 1584 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
11:15:19.0938 1584 BBSvc - ok
11:15:19.0953 1584 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
11:15:19.0969 1584 BBUpdate - ok
11:15:19.0997 1584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
11:15:20.0032 1584 BDESVC - ok
11:15:20.0054 1584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
11:15:20.0090 1584 Beep - ok
11:15:20.0142 1584 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
11:15:20.0193 1584 BFE - ok
11:15:20.0270 1584 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
11:15:20.0366 1584 BITS - ok
11:15:20.0398 1584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:15:20.0435 1584 blbdrive - ok
11:15:20.0474 1584 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:15:20.0495 1584 Bonjour Service - ok
11:15:20.0529 1584 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:15:20.0567 1584 bowser - ok
11:15:20.0586 1584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
11:15:20.0622 1584 BrFiltLo - ok
11:15:20.0647 1584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
11:15:20.0670 1584 BrFiltUp - ok
11:15:20.0702 1584 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
11:15:20.0753 1584 BridgeMP - ok
11:15:20.0791 1584 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
11:15:20.0803 1584 Browser - ok
11:15:20.0828 1584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:15:20.0860 1584 Brserid - ok
11:15:20.0893 1584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:15:20.0943 1584 BrSerWdm - ok
11:15:20.0966 1584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:15:21.0012 1584 BrUsbMdm - ok
11:15:21.0030 1584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:15:21.0065 1584 BrUsbSer - ok
11:15:21.0089 1584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
11:15:21.0132 1584 BTHMODEM - ok
11:15:21.0160 1584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
11:15:21.0194 1584 bthserv - ok
11:15:21.0216 1584 [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:15:21.0226 1584 BTHSSecurityMgr - ok
11:15:21.0273 1584 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\windows\system32\drivers\BVRPMPR5a64.SYS
11:15:21.0284 1584 BVRPMPR5a64 - ok
11:15:21.0325 1584 catchme - ok
11:15:21.0354 1584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:15:21.0442 1584 cdfs - ok
11:15:21.0483 1584 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
11:15:21.0525 1584 cdrom - ok
11:15:21.0555 1584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
11:15:21.0620 1584 CertPropSvc - ok
11:15:21.0683 1584 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
11:15:21.0705 1584 cfWiMAXService - ok
11:15:21.0730 1584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
11:15:21.0763 1584 circlass - ok
11:15:21.0796 1584 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\windows\system32\CISVC.EXE
11:15:21.0839 1584 CISVC - ok
11:15:21.0879 1584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
11:15:21.0901 1584 CLFS - ok
11:15:21.0949 1584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:15:21.0973 1584 clr_optimization_v2.0.50727_32 - ok
11:15:21.0996 1584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:15:22.0007 1584 clr_optimization_v2.0.50727_64 - ok
11:15:22.0082 1584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:15:22.0102 1584 clr_optimization_v4.0.30319_32 - ok
11:15:22.0140 1584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:15:22.0157 1584 clr_optimization_v4.0.30319_64 - ok
11:15:22.0176 1584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:15:22.0196 1584 CmBatt - ok
11:15:22.0235 1584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
11:15:22.0245 1584 cmdide - ok
11:15:22.0287 1584 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
11:15:22.0308 1584 CNG - ok
11:15:22.0318 1584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
11:15:22.0328 1584 Compbatt - ok
11:15:22.0364 1584 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
11:15:22.0414 1584 CompositeBus - ok
11:15:22.0420 1584 COMSysApp - ok
11:15:22.0446 1584 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
11:15:22.0455 1584 ConfigFree Service - ok
11:15:22.0476 1584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
11:15:22.0486 1584 crcdisk - ok
11:15:22.0533 1584 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\windows\system32\cryptsvc.dll
11:15:22.0546 1584 CryptSvc - ok
11:15:22.0588 1584 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
11:15:22.0619 1584 CSC - ok
11:15:22.0648 1584 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
11:15:22.0692 1584 CscService - ok
11:15:22.0738 1584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
11:15:22.0777 1584 DcomLaunch - ok
11:15:22.0797 1584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
11:15:22.0850 1584 defragsvc - ok
11:15:22.0887 1584 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:15:22.0919 1584 DfsC - ok
11:15:22.0956 1584 [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
11:15:22.0967 1584 dg_ssudbus - ok
11:15:22.0989 1584 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
11:15:23.0005 1584 Dhcp - ok
11:15:23.0035 1584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
11:15:23.0103 1584 discache - ok
11:15:23.0124 1584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
11:15:23.0134 1584 Disk - ok
11:15:23.0363 1584 [ 8DC1DCA91C55B8DFC7E7FBB079216D6F ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
11:15:23.0490 1584 DisplayLinkService - ok
11:15:23.0553 1584 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:15:23.0597 1584 Dnscache - ok
11:15:23.0634 1584 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
11:15:23.0684 1584 dot3svc - ok
11:15:23.0730 1584 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
11:15:23.0764 1584 DPS - ok
11:15:23.0791 1584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:15:23.0835 1584 drmkaud - ok
11:15:23.0881 1584 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:15:23.0908 1584 DXGKrnl - ok
11:15:23.0977 1584 [ 324FCD2DD8A4229DDEF3CC954FF12FA5 ] e1kexpress C:\windows\system32\DRIVERS\e1k62x64.sys
11:15:24.0014 1584 e1kexpress - ok
11:15:24.0056 1584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
11:15:24.0121 1584 EapHost - ok
11:15:24.0204 1584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
11:15:24.0287 1584 ebdrv - ok
11:15:24.0314 1584 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\windows\system32\Drivers\wwuss64.sys
11:15:24.0324 1584 ecnssndis - ok
11:15:24.0338 1584 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\windows\system32\Drivers\wwussf64.sys
11:15:24.0348 1584 ecnssndisfltr - ok
11:15:24.0384 1584 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
11:15:24.0425 1584 EFS - ok
11:15:24.0481 1584 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
11:15:24.0532 1584 ehRecvr - ok
11:15:24.0559 1584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
11:15:24.0592 1584 ehSched - ok
11:15:24.0628 1584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
11:15:24.0651 1584 elxstor - ok
11:15:24.0663 1584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
11:15:24.0692 1584 ErrDev - ok
11:15:24.0731 1584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
11:15:24.0786 1584 EventSystem - ok
11:15:24.0808 1584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
11:15:24.0860 1584 exfat - ok
11:15:24.0884 1584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
11:15:24.0930 1584 fastfat - ok
11:15:24.0976 1584 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
11:15:25.0011 1584 Fax - ok
11:15:25.0041 1584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
11:15:25.0053 1584 fdc - ok
11:15:25.0076 1584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
11:15:25.0129 1584 fdPHost - ok
11:15:25.0146 1584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
11:15:25.0197 1584 FDResPub - ok
11:15:25.0216 1584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:15:25.0227 1584 FileInfo - ok
11:15:25.0238 1584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:15:25.0286 1584 Filetrace - ok
11:15:25.0304 1584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
11:15:25.0316 1584 flpydisk - ok
11:15:25.0357 1584 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:15:25.0371 1584 FltMgr - ok
11:15:25.0433 1584 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
11:15:25.0482 1584 FontCache - ok
11:15:25.0548 1584 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:15:25.0566 1584 FontCache3.0.0.0 - ok
11:15:25.0591 1584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:15:25.0603 1584 FsDepends - ok
11:15:25.0649 1584 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:15:25.0660 1584 Fs_Rec - ok
11:15:25.0707 1584 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:15:25.0735 1584 fvevol - ok
11:15:25.0749 1584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
11:15:25.0762 1584 gagp30kx - ok
11:15:25.0808 1584 [ 1A0B9D84BEB3306F728BC3009D432F5C ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
11:15:25.0819 1584 GameConsoleService - ok
11:15:25.0852 1584 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:15:25.0860 1584 GEARAspiWDM - ok
11:15:25.0906 1584 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
11:15:25.0962 1584 gpsvc - ok
11:15:25.0975 1584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:15:26.0007 1584 hcw85cir - ok
11:15:26.0047 1584 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:15:26.0082 1584 HdAudAddService - ok
11:15:26.0101 1584 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
11:15:26.0137 1584 HDAudBus - ok
11:15:26.0172 1584 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
11:15:26.0191 1584 HECIx64 - ok
11:15:26.0209 1584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
11:15:26.0227 1584 HidBatt - ok
11:15:26.0243 1584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
11:15:26.0278 1584 HidBth - ok
11:15:26.0298 1584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
11:15:26.0329 1584 HidIr - ok
11:15:26.0360 1584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
11:15:26.0408 1584 hidserv - ok
11:15:26.0439 1584 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:15:26.0477 1584 HidUsb - ok
11:15:26.0513 1584 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
11:15:26.0602 1584 hkmsvc - ok
11:15:26.0637 1584 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:15:26.0664 1584 HomeGroupListener - ok
11:15:26.0702 1584 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:15:26.0737 1584 HomeGroupProvider - ok
11:15:26.0756 1584 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:15:26.0767 1584 HpSAMD - ok
11:15:26.0819 1584 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:15:26.0897 1584 HTTP - ok
11:15:26.0917 1584 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:15:26.0927 1584 hwpolicy - ok
11:15:26.0968 1584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
11:15:26.0981 1584 i8042prt - ok
11:15:27.0008 1584 [ 5E60DD5F090AB4A563C7204C289C4650 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:15:27.0024 1584 iaStor - ok
11:15:27.0057 1584 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:15:27.0072 1584 iaStorV - ok
11:15:27.0123 1584 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:15:27.0146 1584 idsvc - ok
11:15:27.0481 1584 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
11:15:27.0589 1584 igfx - ok
11:15:27.0655 1584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
11:15:27.0677 1584 iirsp - ok
11:15:27.0726 1584 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
11:15:27.0798 1584 IKEEXT - ok
11:15:27.0829 1584 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
11:15:27.0866 1584 Impcd - ok
11:15:27.0952 1584 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:15:28.0003 1584 IntcAzAudAddService - ok
11:15:28.0040 1584 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
11:15:28.0052 1584 IntcDAud - ok
11:15:28.0072 1584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
11:15:28.0082 1584 intelide - ok
11:15:28.0103 1584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:15:28.0116 1584 intelppm - ok
11:15:28.0140 1584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:15:28.0196 1584 IPBusEnum - ok
11:15:28.0226 1584 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:15:28.0275 1584 IpFilterDriver - ok
11:15:28.0312 1584 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:15:28.0350 1584 iphlpsvc - ok
11:15:28.0387 1584 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:15:28.0415 1584 IPMIDRV - ok
11:15:28.0434 1584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:15:28.0500 1584 IPNAT - ok
11:15:28.0613 1584 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:15:28.0641 1584 iPod Service - ok
11:15:28.0661 1584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
11:15:28.0697 1584 IRENUM - ok
11:15:28.0718 1584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:15:28.0728 1584 isapnp - ok
11:15:28.0773 1584 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:15:28.0787 1584 iScsiPrt - ok
11:15:28.0805 1584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
11:15:28.0815 1584 kbdclass - ok
11:15:28.0837 1584 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
11:15:28.0869 1584 kbdhid - ok
11:15:28.0884 1584 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
11:15:28.0898 1584 KeyIso - ok
11:15:28.0936 1584 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:15:28.0962 1584 KSecDD - ok
11:15:29.0008 1584 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:15:29.0022 1584 KSecPkg - ok
11:15:29.0045 1584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:15:29.0109 1584 ksthunk - ok
11:15:29.0144 1584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
11:15:29.0203 1584 KtmRm - ok
11:15:29.0239 1584 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
11:15:29.0297 1584 LanmanServer - ok
11:15:29.0329 1584 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:15:29.0365 1584 LanmanWorkstation - ok
11:15:29.0374 1584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:15:29.0427 1584 lltdio - ok
11:15:29.0453 1584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
11:15:29.0508 1584 lltdsvc - ok
11:15:29.0545 1584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
11:15:29.0621 1584 lmhosts - ok
11:15:29.0673 1584 [ F4D93FB055CFBFF19ABD30525CF1073D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:15:29.0698 1584 LMS - ok
11:15:29.0731 1584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
11:15:29.0745 1584 LSI_FC - ok
11:15:29.0759 1584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
11:15:29.0773 1584 LSI_SAS - ok
11:15:29.0791 1584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
11:15:29.0801 1584 LSI_SAS2 - ok
11:15:29.0813 1584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
11:15:29.0824 1584 LSI_SCSI - ok
11:15:29.0844 1584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
11:15:29.0911 1584 luafv - ok
11:15:29.0952 1584 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys
11:15:29.0978 1584 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
11:15:29.0978 1584 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
11:15:30.0033 1584 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe
11:15:30.0068 1584 MBAMScheduler ( UnsignedFile.Multi.Generic ) - warning
11:15:30.0069 1584 MBAMScheduler - detected UnsignedFile.Multi.Generic (1)
11:15:30.0101 1584 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes\mbamservice.exe
11:15:30.0142 1584 MBAMService ( UnsignedFile.Multi.Generic ) - warning
11:15:30.0142 1584 MBAMService - detected UnsignedFile.Multi.Generic (1)
11:15:30.0174 1584 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
11:15:30.0189 1584 Mcx2Svc - ok
11:15:30.0288 1584 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:15:30.0317 1584 MDM ( UnsignedFile.Multi.Generic ) - warning
11:15:30.0317 1584 MDM - detected UnsignedFile.Multi.Generic (1)
11:15:30.0351 1584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
11:15:30.0372 1584 megasas - ok
11:15:30.0395 1584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
11:15:30.0412 1584 MegaSR - ok
11:15:30.0443 1584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
11:15:30.0501 1584 MMCSS - ok
11:15:30.0524 1584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
11:15:30.0573 1584 Modem - ok
11:15:30.0595 1584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:15:30.0611 1584 monitor - ok
11:15:30.0648 1584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:15:30.0659 1584 mouclass - ok
11:15:30.0669 1584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:15:30.0702 1584 mouhid - ok
11:15:30.0732 1584 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:15:30.0753 1584 mountmgr - ok
11:15:30.0818 1584 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:15:30.0840 1584 MozillaMaintenance - ok
11:15:30.0887 1584 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
11:15:30.0913 1584 mpio - ok
11:15:30.0943 1584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:15:31.0004 1584 mpsdrv - ok
11:15:31.0054 1584 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
11:15:31.0113 1584 MpsSvc - ok
11:15:31.0148 1584 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:15:31.0201 1584 MRxDAV - ok
11:15:31.0239 1584 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:15:31.0283 1584 mrxsmb - ok
11:15:31.0308 1584 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:15:31.0334 1584 mrxsmb10 - ok
11:15:31.0347 1584 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:15:31.0375 1584 mrxsmb20 - ok
11:15:31.0417 1584 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
11:15:31.0427 1584 msahci - ok
11:15:31.0442 1584 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:15:31.0454 1584 msdsm - ok
11:15:31.0497 1584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
11:15:31.0544 1584 MSDTC - ok
11:15:31.0585 1584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:15:31.0678 1584 Msfs - ok
11:15:31.0697 1584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:15:31.0731 1584 mshidkmdf - ok
11:15:31.0740 1584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:15:31.0749 1584 msisadrv - ok
11:15:31.0772 1584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:15:31.0825 1584 MSiSCSI - ok
11:15:31.0829 1584 msiserver - ok
11:15:31.0847 1584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:15:31.0881 1584 MSKSSRV - ok
11:15:31.0895 1584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:15:31.0944 1584 MSPCLOCK - ok
11:15:31.0961 1584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:15:32.0002 1584 MSPQM - ok
11:15:32.0045 1584 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:15:32.0060 1584 MsRPC - ok
11:15:32.0115 1584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
11:15:32.0137 1584 mssmbios - ok
11:15:32.0167 1584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:15:32.0219 1584 MSTEE - ok
11:15:32.0242 1584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
11:15:32.0276 1584 MTConfig - ok
11:15:32.0315 1584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
11:15:32.0327 1584 Mup - ok
11:15:32.0416 1584 [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:15:32.0441 1584 MyWiFiDHCPDNS - ok
11:15:32.0485 1584 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
11:15:32.0554 1584 napagent - ok
11:15:32.0582 1584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:15:32.0617 1584 NativeWifiP - ok
11:15:32.0665 1584 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
11:15:32.0714 1584 NDIS - ok
11:15:32.0729 1584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:15:32.0777 1584 NdisCap - ok
11:15:32.0806 1584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:15:32.0837 1584 NdisTapi - ok
11:15:32.0871 1584 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:15:32.0939 1584 Ndisuio - ok
11:15:32.0977 1584 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:15:33.0010 1584 NdisWan - ok
11:15:33.0049 1584 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:15:33.0084 1584 NDProxy - ok
11:15:33.0122 1584 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\windows\system32\DRIVERS\netaapl64.sys
11:15:33.0132 1584 Netaapl - ok
11:15:33.0150 1584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:15:33.0198 1584 NetBIOS - ok
11:15:33.0234 1584 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:15:33.0290 1584 NetBT - ok
11:15:33.0311 1584 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
11:15:33.0324 1584 Netlogon - ok
11:15:33.0356 1584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
11:15:33.0411 1584 Netman - ok
11:15:33.0435 1584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
11:15:33.0499 1584 netprofm - ok
11:15:33.0535 1584 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:15:33.0544 1584 NetTcpPortSharing - ok
11:15:33.0716 1584 [ 51E0FF2FBE9C7E116A91E0BC20D5789B ] NETw5s64 C:\windows\system32\DRIVERS\NETw5s64.sys
11:15:33.0820 1584 NETw5s64 - ok
11:15:34.0063 1584 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\windows\system32\DRIVERS\Netwsw00.sys
11:15:34.0249 1584 NETwNs64 - ok
11:15:34.0291 1584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
11:15:34.0304 1584 nfrd960 - ok
11:15:34.0363 1584 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
11:15:34.0409 1584 NlaSvc - ok
11:15:34.0429 1584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
11:15:34.0462 1584 Npfs - ok
11:15:34.0485 1584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
11:15:34.0536 1584 nsi - ok
11:15:34.0555 1584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:15:34.0621 1584 nsiproxy - ok
11:15:34.0696 1584 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:15:34.0739 1584 Ntfs - ok
11:15:34.0756 1584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
11:15:34.0808 1584 Null - ok
11:15:34.0838 1584 [ 088CD71003F21F96F01C63955150A1FB ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
11:15:34.0868 1584 nusb3hub - ok
11:15:34.0891 1584 [ D90A2D44E93DAEA47AEA946D9E87000F ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
11:15:34.0917 1584 nusb3xhc - ok
11:15:34.0950 1584 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
11:15:34.0964 1584 nvraid - ok
11:15:34.0974 1584 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
11:15:34.0988 1584 nvstor - ok
11:15:35.0030 1584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:15:35.0055 1584 nv_agp - ok
11:15:35.0146 1584 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:15:35.0176 1584 odserv - ok
11:15:35.0194 1584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:15:35.0226 1584 ohci1394 - ok
11:15:35.0267 1584 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:15:35.0291 1584 ose - ok
11:15:35.0326 1584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:15:35.0345 1584 p2pimsvc - ok
11:15:35.0361 1584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
11:15:35.0380 1584 p2psvc - ok
11:15:35.0416 1584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
11:15:35.0432 1584 Parport - ok
11:15:35.0474 1584 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
11:15:35.0498 1584 partmgr - ok
11:15:35.0514 1584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
11:15:35.0555 1584 PcaSvc - ok
11:15:35.0592 1584 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
11:15:35.0606 1584 pci - ok
11:15:35.0620 1584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
11:15:35.0631 1584 pciide - ok
11:15:35.0651 1584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
11:15:35.0663 1584 pcmcia - ok
11:15:35.0682 1584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
11:15:35.0693 1584 pcw - ok
11:15:35.0728 1584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:15:35.0782 1584 PEAUTH - ok
11:15:35.0830 1584 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
11:15:35.0856 1584 PeerDistSvc - ok
11:15:35.0913 1584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
11:15:35.0963 1584 PerfHost - ok
11:15:36.0009 1584 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
11:15:36.0018 1584 PGEffect - ok
11:15:36.0089 1584 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
11:15:36.0169 1584 pla - ok
11:15:36.0223 1584 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:15:36.0278 1584 PlugPlay - ok
11:15:36.0314 1584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:15:36.0345 1584 PNRPAutoReg - ok
11:15:36.0368 1584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:15:36.0389 1584 PNRPsvc - ok
11:15:36.0437 1584 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:15:36.0497 1584 PolicyAgent - ok
11:15:36.0528 1584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
11:15:36.0581 1584 Power - ok
11:15:36.0597 1584 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:15:36.0642 1584 PptpMiniport - ok
11:15:36.0677 1584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
11:15:36.0706 1584 Processor - ok
11:15:36.0738 1584 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
11:15:36.0753 1584 ProfSvc - ok
11:15:36.0769 1584 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
11:15:36.0783 1584 ProtectedStorage - ok
11:15:36.0830 1584 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:15:36.0897 1584 Psched - ok
11:15:36.0930 1584 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
11:15:36.0939 1584 PxHlpa64 - ok
11:15:36.0992 1584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
11:15:37.0031 1584 ql2300 - ok
11:15:37.0050 1584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
11:15:37.0062 1584 ql40xx - ok
11:15:37.0084 1584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
11:15:37.0102 1584 QWAVE - ok
11:15:37.0110 1584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:15:37.0139 1584 QWAVEdrv - ok
11:15:37.0156 1584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:15:37.0188 1584 RasAcd - ok
11:15:37.0210 1584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:15:37.0264 1584 RasAgileVpn - ok
11:15:37.0286 1584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
11:15:37.0343 1584 RasAuto - ok
11:15:37.0378 1584 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:15:37.0432 1584 Rasl2tp - ok
11:15:37.0471 1584 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
11:15:37.0506 1584 RasMan - ok
11:15:37.0526 1584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:15:37.0579 1584 RasPppoe - ok
11:15:37.0584 1584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:15:37.0623 1584 RasSstp - ok
11:15:37.0663 1584 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:15:37.0727 1584 rdbss - ok
11:15:37.0749 1584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
11:15:37.0778 1584 rdpbus - ok
11:15:37.0803 1584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:15:37.0836 1584 RDPCDD - ok
11:15:37.0879 1584 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
11:15:37.0920 1584 RDPDR - ok
11:15:37.0947 1584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:15:37.0989 1584 RDPENCDD - ok
11:15:38.0000 1584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:15:38.0048 1584 RDPREFMP - ok
11:15:38.0080 1584 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
11:15:38.0118 1584 RdpVideoMiniport - ok
11:15:38.0161 1584 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:15:38.0196 1584 RDPWD - ok
11:15:38.0241 1584 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:15:38.0269 1584 rdyboost - ok
11:15:38.0345 1584 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:15:38.0362 1584 RegSrvc - ok
11:15:38.0390 1584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
11:15:38.0456 1584 RemoteAccess - ok
11:15:38.0487 1584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:15:38.0542 1584 RemoteRegistry - ok
11:15:38.0567 1584 [ BB5C401DDAE44D3700C784B9512B8E7E ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
11:15:38.0577 1584 risdpcie - ok
11:15:38.0591 1584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:15:38.0640 1584 RpcEptMapper - ok
11:15:38.0667 1584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
11:15:38.0679 1584 RpcLocator - ok
11:15:38.0733 1584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
11:15:38.0797 1584 RpcSs - ok
11:15:38.0826 1584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:15:38.0880 1584 rspndr - ok
11:15:38.0913 1584 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
11:15:38.0926 1584 s3cap - ok
11:15:38.0944 1584 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
11:15:38.0958 1584 SamSs - ok
11:15:38.0980 1584 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:15:38.0992 1584 sbp2port - ok
11:15:39.0014 1584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
11:15:39.0050 1584 SCardSvr - ok
11:15:39.0088 1584 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:15:39.0160 1584 scfilter - ok
11:15:39.0207 1584 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
11:15:39.0267 1584 Schedule - ok
11:15:39.0299 1584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
11:15:39.0331 1584 SCPolicySvc - ok
11:15:39.0369 1584 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
11:15:39.0384 1584 sdbus - ok
11:15:39.0423 1584 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:15:39.0452 1584 SDRSVC - ok
11:15:39.0482 1584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:15:39.0562 1584 secdrv - ok
11:15:39.0599 1584 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
11:15:39.0632 1584 seclogon - ok
11:15:39.0657 1584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
11:15:39.0712 1584 SENS - ok
11:15:39.0736 1584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
11:15:39.0762 1584 SensrSvc - ok
11:15:39.0780 1584 [ 45ED52A6D4C9C56C4BF58AC4771EEE71 ] Ser2pl C:\windows\system32\DRIVERS\ser2pl64.sys
11:15:39.0813 1584 Ser2pl - ok
11:15:39.0831 1584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
11:15:39.0844 1584 Serenum - ok
11:15:39.0856 1584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
11:15:39.0883 1584 Serial - ok
11:15:39.0902 1584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
11:15:39.0935 1584 sermouse - ok
11:15:39.0976 1584 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
11:15:40.0024 1584 SessionEnv - ok
11:15:40.0056 1584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:15:40.0070 1584 sffdisk - ok
11:15:40.0086 1584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:15:40.0100 1584 sffp_mmc - ok
11:15:40.0112 1584 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:15:40.0129 1584 sffp_sd - ok
11:15:40.0149 1584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
11:15:40.0178 1584 sfloppy - ok
11:15:40.0227 1584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
11:15:40.0314 1584 SharedAccess - ok
11:15:40.0353 1584 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:15:40.0429 1584 ShellHWDetection - ok
11:15:40.0443 1584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
11:15:40.0453 1584 SiSRaid2 - ok
11:15:40.0472 1584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
11:15:40.0483 1584 SiSRaid4 - ok
11:15:40.0655 1584 [ D0776778A9FC5E37F2E9EB21FC8A9709 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:15:40.0714 1584 Skype C2C Service - ok
11:15:40.0813 1584 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:15:40.0834 1584 SkypeUpdate - ok
11:15:40.0863 1584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
11:15:40.0905 1584 Smb - ok
11:15:40.0946 1584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:15:40.0982 1584 SNMPTRAP - ok
11:15:41.0000 1584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
11:15:41.0012 1584 spldr - ok
11:15:41.0063 1584 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
11:15:41.0096 1584 Spooler - ok
11:15:41.0208 1584 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
11:15:41.0279 1584 sppsvc - ok
11:15:41.0299 1584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:15:41.0353 1584 sppuinotify - ok
11:15:41.0396 1584 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
11:15:41.0431 1584 srv - ok
11:15:41.0471 1584 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:15:41.0500 1584 srv2 - ok
11:15:41.0521 1584 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:15:41.0547 1584 srvnet - ok
11:15:41.0578 1584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:15:41.0635 1584 SSDPSRV - ok
11:15:41.0664 1584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
11:15:41.0699 1584 SstpSvc - ok
11:15:41.0747 1584 [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
11:15:41.0773 1584 ssudmdm - ok
11:15:41.0819 1584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
11:15:41.0834 1584 stexstor - ok
11:15:41.0932 1584 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
11:15:42.0000 1584 stisvc - ok
11:15:42.0046 1584 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
11:15:42.0070 1584 storflt - ok
11:15:42.0112 1584 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
11:15:42.0129 1584 StorSvc - ok
11:15:42.0150 1584 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
11:15:42.0161 1584 storvsc - ok
11:15:42.0205 1584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
11:15:42.0226 1584 swenum - ok
11:15:42.0276 1584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
11:15:42.0352 1584 swprv - ok
11:15:42.0413 1584 [ CE9B5A79AEE330BC7E88C0441E5727BB ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
11:15:42.0441 1584 SynTP - ok
11:15:42.0515 1584 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
11:15:42.0616 1584 SysMain - ok
11:15:42.0652 1584 [ 21E931E7B8A023198E51145DC280B557 ] t36gbus C:\windows\system32\DRIVERS\t36gbus.sys
11:15:42.0666 1584 t36gbus - ok
11:15:42.0682 1584 [ B913BF54279BFEC014565F1A415882AE ] t36gmdfl C:\windows\system32\DRIVERS\t36gmdfl.sys
11:15:42.0692 1584 t36gmdfl - ok
11:15:42.0713 1584 [ 8D8253A40E4B19127458FCF1D5206DA4 ] t36gmdm C:\windows\system32\DRIVERS\t36gmdm.sys
11:15:42.0728 1584 t36gmdm - ok
11:15:42.0754 1584 [ 0D5EB0BB83241A5B3762A576D6E1145F ] t36gmgmt C:\windows\system32\DRIVERS\t36gmgmt.sys
11:15:42.0768 1584 t36gmgmt - ok
11:15:42.0780 1584 [ 7B2260B796D5DE34EDE7AE483005FCBB ] t36wgps C:\windows\system32\DRIVERS\t36wgps64.sys
11:15:42.0790 1584 t36wgps - ok
11:15:42.0834 1584 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
11:15:42.0893 1584 TabletInputService - ok
11:15:42.0917 1584 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
11:15:42.0959 1584 TapiSrv - ok
11:15:42.0983 1584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
11:15:43.0033 1584 TBS - ok
11:15:43.0096 1584 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:15:43.0130 1584 Tcpip - ok
11:15:43.0159 1584 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:15:43.0194 1584 TCPIP6 - ok
11:15:43.0240 1584 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:15:43.0262 1584 tcpipreg - ok
11:15:43.0296 1584 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
11:15:43.0306 1584 tdcmdpst - ok
11:15:43.0331 1584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:15:43.0363 1584 TDPIPE - ok
11:15:43.0397 1584 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:15:43.0411 1584 TDTCP - ok
11:15:43.0459 1584 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:15:43.0509 1584 tdx - ok
11:15:43.0631 1584 [ 1C46C27E9F1938B9589859C70450D275 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
11:15:43.0675 1584 TeamViewer6 - ok
11:15:43.0712 1584 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
11:15:43.0722 1584 TermDD - ok
11:15:43.0774 1584 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
11:15:43.0830 1584 TermService - ok
11:15:43.0865 1584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
11:15:43.0882 1584 Themes - ok
11:15:43.0904 1584 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
11:15:43.0915 1584 Thpdrv - ok
11:15:43.0929 1584 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
11:15:43.0939 1584 Thpevm - ok
11:15:43.0964 1584 [ F6927BBA3B09AFF26A53A9191F7378F9 ] Thpsrv C:\windows\system32\ThpSrv.exe
11:15:43.0983 1584 Thpsrv - ok
11:15:44.0011 1584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
11:15:44.0046 1584 THREADORDER - ok
11:15:44.0085 1584 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:15:44.0103 1584 TMachInfo - ok
11:15:44.0132 1584 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\windows\system32\TODDSrv.exe
11:15:44.0145 1584 TODDSrv - ok
11:15:44.0215 1584 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
11:15:44.0234 1584 TomTomHOMEService - ok
11:15:44.0291 1584 [ 15CA4B185EA8AEF71DD86181E6E0157E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:15:44.0307 1584 TosCoSrv - ok
11:15:44.0360 1584 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
11:15:44.0382 1584 TOSHIBA Bluetooth Service - ok
11:15:44.0431 1584 [ 231153874D46A7FCB8F60B05DFF7DF69 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
11:15:44.0444 1584 TOSHIBA eco Utility Service - ok
11:15:44.0479 1584 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:15:44.0489 1584 TOSHIBA HDD SSD Alert Service - ok
11:15:44.0537 1584 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
11:15:44.0554 1584 tosporte - ok
11:15:44.0573 1584 [ 3FA1857F4A99AF19D1F4106697793E0E ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
11:15:44.0584 1584 tosrfbd - ok
11:15:44.0593 1584 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
11:15:44.0601 1584 tosrfbnp - ok
11:15:44.0618 1584 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
11:15:44.0626 1584 Tosrfcom - ok
11:15:44.0650 1584 [ 11699D47B3491D86249C168496D55C92 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
11:15:44.0657 1584 tosrfec - ok
11:15:44.0671 1584 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
11:15:44.0679 1584 Tosrfhid - ok
11:15:44.0696 1584 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
11:15:44.0703 1584 tosrfnds - ok
11:15:44.0722 1584 [ 2254BC85FA003686D6BC2F76E54A60AE ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
11:15:44.0745 1584 TosRfSnd - ok
11:15:44.0777 1584 [ 6248B8AD1D0E9D7CDEBA37B843C9BF33 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
11:15:44.0785 1584 Tosrfusb - ok
11:15:44.0819 1584 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
11:15:44.0835 1584 tos_sps64 - ok
11:15:44.0873 1584 [ 1F7A27DE3F0849A31CE8909E3B3B1E1C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:15:44.0891 1584 TPCHSrv - ok
11:15:44.0922 1584 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
11:15:44.0955 1584 TPM - ok
11:15:44.0990 1584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
11:15:45.0027 1584 TrkWks - ok
11:15:45.0080 1584 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:15:45.0148 1584 TrustedInstaller - ok
11:15:45.0187 1584 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:15:45.0258 1584 tssecsrv - ok
11:15:45.0293 1584 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:15:45.0331 1584 TsUsbFlt - ok
11:15:45.0372 1584 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:15:45.0426 1584 tunnel - ok
11:15:45.0449 1584 [ EFFCE6E033EBDD0F3C0F14A413558F65 ] TVALZ C:\windows\system32\DRIVERS\TVALZ.SYS
11:15:45.0459 1584 TVALZ - ok
11:15:45.0481 1584 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
11:15:45.0490 1584 TVALZFL - ok
11:15:45.0520 1584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
11:15:45.0531 1584 uagp35 - ok
11:15:45.0579 1584 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:15:45.0629 1584 udfs - ok
11:15:45.0679 1584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:15:45.0709 1584 UI0Detect - ok
11:15:45.0763 1584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:15:45.0788 1584 uliagpkx - ok
11:15:45.0831 1584 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:15:45.0876 1584 umbus - ok
11:15:45.0976 1584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
11:15:46.0023 1584 UmPass - ok
11:15:46.0070 1584 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
11:15:46.0120 1584 UmRdpService - ok
11:15:46.0219 1584 [ 6862A4D70F47C7953D0E2A2C1B1A3F66 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:15:46.0267 1584 UNS - ok
11:15:46.0298 1584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
11:15:46.0354 1584 upnphost - ok
11:15:46.0384 1584 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
11:15:46.0424 1584 USBAAPL64 - ok
11:15:46.0446 1584 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
11:15:46.0481 1584 usbaudio - ok
11:15:46.0520 1584 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:15:46.0537 1584 usbccgp - ok
11:15:46.0559 1584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:15:46.0575 1584 usbcir - ok
11:15:46.0609 1584 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
11:15:46.0620 1584 usbehci - ok
11:15:46.0637 1584 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:15:46.0670 1584 usbhub - ok
11:15:46.0692 1584 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
11:15:46.0704 1584 usbohci - ok
11:15:46.0730 1584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:15:46.0759 1584 usbprint - ok
11:15:46.0805 1584 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:15:46.0817 1584 USBSTOR - ok
11:15:46.0843 1584 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
11:15:46.0868 1584 usbuhci - ok
11:15:46.0903 1584 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
11:15:46.0960 1584 usbvideo - ok
11:15:46.0989 1584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
11:15:47.0052 1584 UxSms - ok
11:15:47.0070 1584 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
11:15:47.0083 1584 VaultSvc - ok
11:15:47.0095 1584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:15:47.0105 1584 vdrvroot - ok
11:15:47.0159 1584 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
11:15:47.0236 1584 vds - ok
11:15:47.0273 1584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:15:47.0286 1584 vga - ok
11:15:47.0300 1584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
11:15:47.0349 1584 VgaSave - ok
11:15:47.0386 1584 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:15:47.0414 1584 vhdmp - ok
11:15:47.0457 1584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
11:15:47.0468 1584 viaide - ok
11:15:47.0488 1584 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
11:15:47.0502 1584 vmbus - ok
11:15:47.0519 1584 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
11:15:47.0532 1584 VMBusHID - ok
11:15:47.0549 1584 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:15:47.0560 1584 volmgr - ok
11:15:47.0601 1584 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:15:47.0615 1584 volmgrx - ok
11:15:47.0632 1584 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
11:15:47.0645 1584 volsnap - ok
11:15:47.0669 1584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
11:15:47.0681 1584 vsmraid - ok
11:15:47.0751 1584 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
11:15:47.0831 1584 VSS - ok
11:15:47.0864 1584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:15:47.0879 1584 vwifibus - ok
11:15:47.0887 1584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:15:47.0920 1584 vwififlt - ok
11:15:47.0944 1584 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:15:47.0961 1584 vwifimp - ok
11:15:47.0994 1584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
11:15:48.0031 1584 W32Time - ok
11:15:48.0051 1584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
11:15:48.0088 1584 WacomPen - ok
11:15:48.0137 1584 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:15:48.0205 1584 WANARP - ok
11:15:48.0210 1584 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:15:48.0243 1584 Wanarpv6 - ok
11:15:48.0303 1584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
11:15:48.0344 1584 WatAdminSvc - ok
11:15:48.0418 1584 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
11:15:48.0491 1584 wbengine - ok
11:15:48.0527 1584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:15:48.0573 1584 WbioSrvc - ok
11:15:48.0621 1584 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
11:15:48.0658 1584 wcncsvc - ok
11:15:48.0688 1584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:15:48.0726 1584 WcsPlugInService - ok
11:15:48.0763 1584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
11:15:48.0785 1584 Wd - ok
11:15:48.0848 1584 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:15:48.0888 1584 Wdf01000 - ok
11:15:48.0912 1584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
11:15:48.0934 1584 WdiServiceHost - ok
11:15:48.0950 1584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
11:15:48.0970 1584 WdiSystemHost - ok
11:15:49.0010 1584 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
11:15:49.0061 1584 WebClient - ok
11:15:49.0092 1584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
11:15:49.0150 1584 Wecsvc - ok
11:15:49.0176 1584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
11:15:49.0227 1584 wercplsupport - ok
11:15:49.0254 1584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
11:15:49.0304 1584 WerSvc - ok
11:15:49.0338 1584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:15:49.0392 1584 WfpLwf - ok
11:15:49.0410 1584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:15:49.0420 1584 WIMMount - ok
11:15:49.0445 1584 WinDefend - ok
11:15:49.0470 1584 WinHttpAutoProxySvc - ok
11:15:49.0528 1584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:15:49.0589 1584 Winmgmt - ok
11:15:49.0678 1584 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
11:15:49.0755 1584 WinRM - ok
11:15:49.0814 1584 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
11:15:49.0844 1584 WinUsb - ok
11:15:49.0878 1584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
11:15:49.0921 1584 Wlansvc - ok
11:15:50.0033 1584 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:15:50.0080 1584 wlidsvc - ok
11:15:50.0122 1584 [ AFD828E124398729DF5A3DAA742A8C85 ] WMCoreService C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe
11:15:50.0150 1584 WMCoreService - ok
11:15:50.0186 1584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
11:15:50.0225 1584 WmiAcpi - ok
11:15:50.0286 1584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:15:50.0305 1584 wmiApSrv - ok
11:15:50.0335 1584 WMPNetworkSvc - ok
11:15:50.0362 1584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
11:15:50.0379 1584 WPCSvc - ok
11:15:50.0424 1584 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:15:50.0453 1584 WPDBusEnum - ok
11:15:50.0475 1584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:15:50.0514 1584 ws2ifsl - ok
11:15:50.0527 1584 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
11:15:50.0545 1584 wscsvc - ok
11:15:50.0550 1584 WSearch - ok
11:15:50.0643 1584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
11:15:50.0698 1584 wuauserv - ok
11:15:50.0710 1584 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:15:50.0736 1584 WudfPf - ok
11:15:50.0764 1584 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:15:50.0790 1584 WUDFRd - ok
11:15:50.0829 1584 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:15:50.0867 1584 wudfsvc - ok
11:15:50.0910 1584 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll
11:15:50.0957 1584 WwanSvc - ok
11:15:50.0997 1584 [ 0CF68A402539B105FE732D481F0496A7 ] WwanUsbServ C:\windows\system32\DRIVERS\WwanUsbMp64.sys
11:15:51.0019 1584 WwanUsbServ - ok
11:15:51.0174 1584 [ 0923939BC1C4B802365F24E87C9A0F66 ] YouTubeDownloaderConverter C:\Users\Administrator\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe
11:15:51.0183 1584 YouTubeDownloaderConverter ( UnsignedFile.Multi.Generic ) - warning
11:15:51.0183 1584 YouTubeDownloaderConverter - detected UnsignedFile.Multi.Generic (1)
11:15:51.0343 1584 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
11:15:51.0394 1584 ZeroConfigService - ok
11:15:51.0423 1584 ================ Scan global ===============================
11:15:51.0453 1584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
11:15:51.0488 1584 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
11:15:51.0495 1584 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
11:15:51.0520 1584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
11:15:51.0532 1584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
11:15:51.0536 1584 [Global] - ok
11:15:51.0537 1584 ================ Scan MBR ==================================
11:15:51.0543 1584 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
11:15:51.0865 1584 \Device\Harddisk0\DR0 - ok
11:15:51.0866 1584 ================ Scan VBR ==================================
11:15:51.0892 1584 [ AD7D7194CEB7C2C99EBCFF2BAE491B39 ] \Device\Harddisk0\DR0\Partition1
11:15:51.0894 1584 \Device\Harddisk0\DR0\Partition1 - ok
11:15:51.0896 1584 ============================================================
11:15:51.0896 1584 Scan finished
11:15:51.0896 1584 ============================================================
11:15:51.0915 1156 Detected object count: 5
11:15:51.0915 1156 Actual detected object count: 5
11:16:48.0809 1156 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
11:16:48.0809 1156 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:16:48.0814 1156 MBAMScheduler ( UnsignedFile.Multi.Generic ) - skipped by user
11:16:48.0814 1156 MBAMScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:16:48.0815 1156 MBAMService ( UnsignedFile.Multi.Generic ) - skipped by user
11:16:48.0815 1156 MBAMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:16:48.0819 1156 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
11:16:48.0819 1156 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:16:48.0822 1156 YouTubeDownloaderConverter ( UnsignedFile.Multi.Generic ) - skipped by user
11:16:48.0822 1156 YouTubeDownloaderConverter ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:17:00.0033 5420 Deinitialize success


4. " (Does this complain that it could not fix all of your files?)"

No it did not
, do I just skip to OTL section now or continue with:

"Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT"

I will wait for your next steps

NOTE -

No reboot has been requested or automatically done at this point. I have not done a reboot manually either.

My desktop is like a new install albeit my old desktop is visible via c:/users/...
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
The only thing that looks funny in your logs so far is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-20 296960]

Looks like you might have a System Restore waiting to happen. RunOnce entries should be removed after a reboot so probably best to do a reboot and then run Combofix again to see if it is still there.

Sorry if it wasn't clear. After running sfc /scannow we need to clear the alarms, reboot and run VEW to view the alarms that pop up during a boot.

Continue with:

"Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application...

Sometimes windows has problems reading your ntuser.dat file and then it logs you on a default user. It may go away after a reboot.
  • 0

#15
downtrou

downtrou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Hi there

No problem on the next steps, I just wanted to be sure. Thanks for the quick reply again too!

I will do a re-boot now and follow the step. Just an FYI - I have attached a screen grab of the error presented when I logged out of Admin and back in as myself (this may of course clear up with the reboot but I just wanted to document it) - see attached. Log in error.JPG
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP