Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

DLLHost Com Surrogate Infection [Closed]

dllhost windows7 surrogate

  • This topic is locked This topic is locked
11 replies to this topic

#1 Dward1971

Dward1971

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 09 November 2014 - 08:55 AM

My wife just found this on her laptop (Toshiba Satellite U505) running Windows 7. Norton identifies it but won't delete it. What do I do next?


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 10 November 2014 - 06:32 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 

#3 Dward1971

Dward1971

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 November 2014 - 06:19 PM

Thank you. Sorry for the delay in responding.

 

Here is the FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Britta (administrator) on BRITTA-PC on 12-11-2014 19:12:04
Running from C:\Users\Britta\Desktop
Loaded Profile: Britta (Available profiles: Britta)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [506208 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [911160 2009-10-26] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [253312 2009-10-26] (TOSHIBA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-23] (Google Inc.)
HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [Vhrzwub] => regsvr32.exe /s "C:\Users\Britta\AppData\Local\Apps\Vhrzwub.dll" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e32a60d7-b364-4f3f-b966-548ae6b04b91&searchtype=ds&q={searchTerms}&installDate=17/09/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e32a60d7-b364-4f3f-b966-548ae6b04b91&searchtype=ds&q={searchTerms}&installDate=17/09/2013
URLSearchHook: HKLM-x32 - Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {7E274DFF-B707-4A37-A4E7-8992A0FA9A9F} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {7E274DFF-B707-4A37-A4E7-8992A0FA9A9F} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - DefaultScope {FB6EAE89-C57F-42FA-BD4C-D0896E60A4A5} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
SearchScopes: HKLM-x32 - {FB6EAE89-C57F-42FA-BD4C-D0896E60A4A5} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - DefaultScope {3971FB9B-9C36-4294-8AB7-CF629F5737DC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS367US367
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e32a60d7-b364-4f3f-b966-548ae6b04b91&searchtype=ds&q={searchTerms}&installDate=17/09/2013
SearchScopes: HKCU - {3971FB9B-9C36-4294-8AB7-CF629F5737DC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS367US367
SearchScopes: HKCU - {7E274DFF-B707-4A37-A4E7-8992A0FA9A9F} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Swag Bucks Toolbar -> {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} -> C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.opinionguru.com/CopyGuardIE.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3628505457-3805021435-3120941342-1001: @nsroblox.roblox.com/launcher -> C:\Users\Britta\AppData\Local\Roblox\Versions\version-d65566343374484f\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3628505457-3805021435-3120941342-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Britta\AppData\Local\Roblox\Versions\version-d65566343374484f\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3628505457-3805021435-3120941342-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Britta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-31]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (Norton Identity Safe) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [161592 2009-10-22] ()
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141111.001\IDSvia64.sys [633560 2014-09-01] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.002\ENG64.SYS [129752 2014-11-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.002\EX64.SYS [2137304 2014-11-09] (Symantec Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-08-06] () [File not signed]
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 19:10 - 2014-11-12 19:12 - 00025980 _____ () C:\Users\Britta\Desktop\FRST.txt
2014-11-11 18:39 - 2014-11-11 18:39 - 00254464 _____ (Borland Software Corporation) C:\Users\Britta\AppData\Local\Apps\Vhrzwub.dll
2014-11-09 15:34 - 2014-11-12 19:12 - 00000000 ____D () C:\FRST
2014-11-09 15:33 - 2014-11-09 15:33 - 02116096 _____ (Farbar) C:\Users\Britta\Desktop\FRST64.exe
2014-11-05 21:25 - 2014-11-05 21:25 - 00071168 _____ () C:\Users\Britta\AppData\Roaming\snkqoxc.dll
2014-11-05 21:25 - 2014-11-05 21:25 - 00004050 _____ () C:\windows\System32\Tasks\{F8CA5FD5-AFCE-728F-550E-FF9AAA7E7F78}
2014-11-05 21:25 - 2014-11-05 21:25 - 00000000 _____ () C:\Users\Britta\AppData\Roaming\nizhl.dll
2014-10-15 18:30 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-15 18:30 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-15 18:30 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-15 18:30 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 18:30 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 18:30 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 18:30 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 18:30 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 18:30 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 18:30 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 18:30 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 18:30 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 18:30 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 18:30 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 18:30 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 18:30 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 18:30 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 18:30 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 18:30 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 18:30 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 18:30 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 18:30 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 18:30 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 18:30 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 18:30 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 18:30 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 18:30 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 18:30 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 18:30 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 18:30 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 18:30 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 18:30 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 18:30 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 18:30 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 18:30 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 18:30 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 18:30 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 18:30 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 18:30 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 18:30 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 18:30 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 18:30 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 18:30 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 18:30 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 18:30 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 18:30 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 18:30 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 18:30 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 18:30 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 18:30 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 18:30 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 18:30 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 18:30 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 18:30 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 18:30 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 18:30 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 18:30 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 18:30 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 18:30 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 18:30 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 18:30 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-15 18:30 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-15 18:30 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-15 18:30 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-15 18:30 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-15 18:30 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-15 18:30 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-15 18:30 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-15 18:30 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-15 18:30 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-15 18:30 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-10-15 18:30 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-10-15 18:30 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 18:30 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 18:30 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 18:30 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 18:30 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 18:30 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 18:29 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 18:29 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 18:29 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 18:29 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 18:29 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 18:29 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 18:29 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 18:29 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 18:29 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 18:29 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 18:29 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 18:29 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 18:29 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 18:29 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 18:29 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 18:29 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 18:29 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 18:29 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 18:29 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 18:29 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 18:29 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 18:29 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-15 18:16 - 2014-10-17 15:32 - 00022040 _____ () C:\Users\Britta\Documents\Fall Baseball 2014 - Game 1.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 18:30 - 2010-02-17 18:36 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 18:08 - 2010-01-22 10:37 - 01913115 _____ () C:\windows\WindowsUpdate.log
2014-11-12 17:30 - 2010-02-17 18:36 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 17:25 - 2010-02-17 18:36 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 17:25 - 2010-02-17 18:36 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 17:25 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-12 17:24 - 2010-01-22 10:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-10 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-10 20:46 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 20:46 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 20:36 - 2010-12-28 16:53 - 00000000 ____D () C:\Users\Britta\Tracing
2014-11-10 20:33 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-10 20:33 - 2009-07-13 23:51 - 00056406 _____ () C:\windows\setupact.log
2014-11-10 20:33 - 2009-07-13 23:45 - 00369304 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-10 20:32 - 2009-12-23 03:11 - 00747194 _____ () C:\windows\PFRO.log
2014-11-10 17:34 - 2011-01-03 18:39 - 00000000 ____D () C:\Users\Britta\AppData\Local\CrashDumps
2014-11-09 10:36 - 2014-10-12 08:04 - 00018432 _____ () C:\Users\Britta\Documents\1610KatheryneVill Expenses.xls
2014-11-08 17:02 - 2010-04-01 09:10 - 00000000 ____D () C:\Users\Britta\Documents\Symantec
2014-11-04 20:48 - 2014-08-22 21:03 - 00056832 _____ () C:\Users\Britta\Documents\Student Lists 2014-2015.xls
2014-11-04 09:38 - 2010-02-17 18:33 - 00099744 _____ () C:\Users\Britta\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-29 16:22 - 2013-10-09 13:54 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 15:56 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-10-25 13:07 - 2013-10-13 10:30 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-10-17 17:17 - 2010-07-18 15:02 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Canon
2014-10-17 06:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-17 02:30 - 2014-05-08 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-17 02:07 - 2013-10-12 18:19 - 00000000 ____D () C:\windows\system32\MRT
2014-10-17 02:00 - 2010-02-28 08:35 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Britta\AppData\Local\Temp\fxictxz.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 21:56

==================== End Of Log ============================


#4 Dward1971

Dward1971

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 November 2014 - 06:21 PM

Here is Addition.txt.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Britta at 2014-11-12 19:13:04
Running from C:\Users\Britta\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.174 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.8 - Amazon Services LLC)
Amazon MP3 Uploader (x32 Version: 1.0.8 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 1.5.0.3 - )
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - Canon Inc.)
Canon MP560 series User Registration (HKLM-x32\...\Canon MP560 series User Registration) (Version:  - )
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE Undiscovered Realms (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java(TM) 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 24 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden
My Digital Studio 1.0 (HKLM-x32\...\9883-5023-5794-0994) (Version: 1.0.10.839 - Stampin' Up!)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH R5U230 Media Driver ver.2.07.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.07.03.02 - RICOH)
ROBLOX Player for Britta (HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Britta (HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Safari (HKLM-x32\...\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}) (Version: 5.33.18.5 - Apple Inc.)
Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) Hidden
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Swag Bucks Toolbar (HKLM-x32\...\Swag_Bucks Toolbar) (Version: 6.3.3.3 - Swag Bucks)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0004 - TOSHIBA)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0002 - TOSHIBA)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Unity Web Player (HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (HKLM-x32\...\BFG-Zuma Deluxe) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3628505457-3805021435-3120941342-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Britta\AppData\Local\Roblox\Versions\version-d65566343374484f\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points  =========================

10-09-2014 11:40:23 Windows Update
24-09-2014 20:54:54 Windows Update
01-10-2014 19:37:52 Windows Update
13-10-2014 15:49:48 Scheduled Checkpoint
17-10-2014 07:00:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {034BE224-2169-481D-8834-A14CDFE2A8C7} - System32\Tasks\42eb0088 => C:\Users\Britta\AppData\Local\Temp\\setup624695692.exe <==== ATTENTION
Task: {0C32DAEF-775D-4D27-9121-C08C9190DD56} - System32\Tasks\63d6d2b4 => C:\Users\Britta\AppData\Local\Temp\\setup639800392.exe <==== ATTENTION
Task: {14392B7B-A106-424C-A4F2-697051644F70} - System32\Tasks\8b3a6dec => C:\Users\Britta\AppData\Local\Temp\\setup1300646252.exe <==== ATTENTION
Task: {1487D707-1173-42C2-9698-800CC80DC7A3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {154601D9-C970-427E-A3F0-3B3F6197F6BA} - System32\Tasks\ebf188e0 => C:\Users\Britta\AppData\Local\Temp\\setup2923258976.exe <==== ATTENTION
Task: {154BFCEE-443D-42FE-AB37-F53CC09AB0BE} - System32\Tasks\9be84358 => C:\Users\Britta\AppData\Local\Temp\\setup2356730072.exe <==== ATTENTION
Task: {165BB71E-457B-4C42-8467-3544E56B8C76} - System32\Tasks\51e93308 => C:\Users\Britta\AppData\Local\Temp\\setup338395788.exe <==== ATTENTION
Task: {166003CC-14A9-4F81-B3E3-AA156DE0CCF6} - System32\Tasks\9e780b18 => C:\Users\Britta\AppData\Local\Temp\\setup1881787288.exe <==== ATTENTION
Task: {18863214-E15F-4E3A-9794-6DCBE80F6898} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {1EBD616E-EAE5-4FA2-8B68-C342BDC83B93} - System32\Tasks\fe19af38 => C:\Users\Britta\AppData\Local\Temp\\setup4004136120.exe <==== ATTENTION
Task: {30A2065F-6C49-4200-8CE5-B5586CBC62D3} - System32\Tasks\98cfe68c => C:\Users\Britta\AppData\Local\Temp\\setup1528545804.exe <==== ATTENTION
Task: {32DEF53A-B3CE-4EB2-A5FD-89E69FA57645} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {36257BF2-5FF7-4E86-A235-4A83ECD90BB1} - System32\Tasks\9a18bb90 => C:\Users\Britta\AppData\Local\Temp\\setup1550089508.exe <==== ATTENTION
Task: {47E777B0-F123-41C3-B271-657578A800CA} - System32\Tasks\b5ba7f10 => C:\Users\Britta\AppData\Local\Temp\\setup2992738200.exe <==== ATTENTION
Task: {4FFEFA29-1FB9-4DDF-9D73-2EEC17381A5D} - System32\Tasks\{F8CA5FD5-AFCE-728F-550E-FF9AAA7E7F78} => C:\Users\Britta\AppData\Roaming\snkqoxc.dll [2014-11-05] () <==== ATTENTION
Task: {553781D3-FD1A-4AB5-9C5D-D1EB3374E8CF} - System32\Tasks\bebb7284 => C:\Users\Britta\AppData\Local\Temp\\setup2164739588.exe <==== ATTENTION
Task: {5719BE22-CA34-427F-B1C0-C28D7AC366E3} - System32\Tasks\db852fd8 => C:\Users\Britta\AppData\Local\Temp\\setup3423978840.exe <==== ATTENTION
Task: {57A78E00-593B-443E-BB5C-3B5D046ECE82} - System32\Tasks\745a5a6c => C:\Users\Britta\AppData\Local\Temp\\setup916862444.exe <==== ATTENTION
Task: {5A0DCB15-1A83-444D-A091-7EC0AD4D38E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5A7D0FD9-D8D0-4087-BC44-DE69764E7F21} - System32\Tasks\c1960c28 => C:\Users\Britta\AppData\Local\Temp\\setup1177397564.exe <==== ATTENTION
Task: {603DB948-119D-485D-8814-19AD900CCE11} - System32\Tasks\594b64e0 => C:\Users\Britta\AppData\Local\Temp\\setup1479393248.exe <==== ATTENTION
Task: {63AA9AC4-7BA3-446D-BD41-11BDC86BB35B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6440525D-44F8-4A67-AD33-6E5B2FEBF0CE} - System32\Tasks\503c19c8 => C:\Users\Britta\AppData\Local\Temp\\setup1087154380.exe <==== ATTENTION
Task: {6664454C-3599-40A7-91EE-C0BD04CBE98D} - System32\Tasks\2097c0d4 => C:\Users\Britta\AppData\Local\Temp\\setup3806567508.exe <==== ATTENTION
Task: {74E87F0B-7E21-495B-8214-57762C0D2612} - System32\Tasks\f4249cc8 => C:\Users\Britta\AppData\Local\Temp\\setup4077320136.exe <==== ATTENTION
Task: {782EA646-6C6E-44F6-9551-5377D7E72FBD} - System32\Tasks\5be71d28 => C:\Users\Britta\AppData\Local\Temp\\setup1023951276.exe <==== ATTENTION
Task: {7CA32D52-38FD-4EE5-97D6-CD5578292537} - System32\Tasks\78e1d8e4 => C:\Users\Britta\AppData\Local\Temp\\setup1769105384.exe <==== ATTENTION
Task: {7D324F9B-7DBC-47E5-AABE-CC3091082B04} - System32\Tasks\5bf3010 => C:\Users\Britta\AppData\Local\Temp\\setup3356167056.exe <==== ATTENTION
Task: {84455A7E-D96F-4D0B-95C0-7D998AABDA7A} - System32\Tasks\e0ee22f8 => C:\Users\Britta\AppData\Local\Temp\\setup3754982904.exe <==== ATTENTION
Task: {844B0FF8-4BC3-4652-895E-044F53A761D5} - System32\Tasks\e883e3f4 => C:\Users\Britta\AppData\Local\Temp\\setup3641996024.exe <==== ATTENTION
Task: {87D17FB2-07D8-4D1A-875C-AB90D4FF400D} - System32\Tasks\26694554 => C:\Users\Britta\AppData\Local\Temp\\setup385473236.exe <==== ATTENTION
Task: {97291B24-8F67-4718-8B77-67D8A13E82B1} - System32\Tasks\a2222e10 => C:\Users\Britta\AppData\Local\Temp\\setup649710372.exe <==== ATTENTION
Task: {9753C789-9FBA-4A69-A733-D4D4226BE39F} - System32\Tasks\5391e47c => C:\Users\Britta\AppData\Local\Temp\\setup1143110140.exe <==== ATTENTION
Task: {A31D17EB-7912-4DB7-9E06-FD4790798744} - System32\Tasks\98e26658 => C:\Users\Britta\AppData\Local\Temp\\setup2306012508.exe <==== ATTENTION
Task: {A6D6B920-E069-40B1-B65C-91B072520D4D} - System32\Tasks\37f6ef60 => C:\Users\Britta\AppData\Local\Temp\\setup772928356.exe <==== ATTENTION
Task: {B393BAB1-381F-4891-B105-859A53F55214} - System32\Tasks\8b241460 => C:\Users\Britta\AppData\Local\Temp\\setup1670797536.exe <==== ATTENTION
Task: {BEC6A511-F4DD-444D-A67B-7AE82CF8C75B} - System32\Tasks\743ec370 => C:\Users\Britta\AppData\Local\Temp\\setup1931550320.exe <==== ATTENTION
Task: {C61FC2BF-BF5F-479C-9AD0-FC4E7F23E221} - System32\Tasks\3cf6fc20 => C:\Users\Britta\AppData\Local\Temp\\setup245939360.exe <==== ATTENTION
Task: {C8B2C0D3-87E1-4550-ACE0-56E01B87121C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {C9F08250-C007-4315-88D6-1476492FB8BB} - System32\Tasks\f81ae728 => C:\Users\Britta\AppData\Local\Temp\\setup3644592680.exe <==== ATTENTION
Task: {D012C891-4DFD-4145-A7CA-5A79A73560DD} - System32\Tasks\986060f8 => C:\Users\Britta\AppData\Local\Temp\\setup1521230476.exe <==== ATTENTION
Task: {DE81D692-8DF4-46E8-AA52-86EA3A6D0F5C} - System32\Tasks\2875148c => C:\Users\Britta\AppData\Local\Temp\\setup2903290272.exe <==== ATTENTION
Task: {E1716E60-C950-4251-97EC-F087A0DAF150} - System32\Tasks\717dcee4 => C:\Users\Britta\AppData\Local\Temp\\setup3093383032.exe <==== ATTENTION
Task: {F441E479-7C8B-4DCB-BC74-D5612927AD1E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F6603DD8-4FE4-49F7-83D3-24088F899F23} - System32\Tasks\fbd89238 => C:\Users\Britta\AppData\Local\Temp\\setup3190051788.exe <==== ATTENTION
Task: {FE8EC55D-3880-4BA1-B6C6-B1766A86CE72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-22 11:02 - 2009-10-22 14:24 - 00161592 _____ () C:\Windows\System32\GFNEXSrv.exe
2009-10-18 18:20 - 2009-10-18 18:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-12-23 02:44 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-30 20:20 - 2009-10-30 20:20 - 00417592 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2009-11-05 12:18 - 2009-11-05 12:18 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-22 10:56 - 2009-10-02 16:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3628505457-3805021435-3120941342-500 - Administrator - Disabled)
Britta (S-1-5-21-3628505457-3805021435-3120941342-1001 - Administrator - Enabled) => C:\Users\Britta
Guest (S-1-5-21-3628505457-3805021435-3120941342-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3628505457-3805021435-3120941342-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 05:25:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (11/11/2014 09:47:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (11/11/2014 09:47:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44951220

Error: (11/11/2014 09:47:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44951220

Error: (11/11/2014 09:47:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2014 09:18:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2496

Error: (11/10/2014 09:18:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2496

Error: (11/10/2014 09:18:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2014 07:35:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 37e4

Start Time: 01cffb9bf0663ff7

Termination Time: 320

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/10/2014 05:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bcbb9
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x7438
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (11/10/2014 08:45:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/10/2014 08:45:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/10/2014 08:35:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/10/2014 08:34:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (11/10/2014 04:24:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/10/2014 04:23:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.

Error: (11/10/2014 04:23:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gusvc{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error: (11/09/2014 08:13:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/09/2014 00:18:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/04/2014 11:38:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 56%
Total physical RAM: 3891.59 MB
Available physical RAM: 1684.2 MB
Total Pagefile: 7781.35 MB
Available Pagefile: 4822.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI105213W0I) (Fixed) (Total:454.02 GB) (Free:305.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CFC30635)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=17)

==================== End Of Log ============================


#5 Dward1971

Dward1971

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 November 2014 - 07:01 PM

Here is the log from GMER (ark.

 

 

 

 

 

 

 

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-11-12 19:57:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 465.76GB
Running: rg536hst.exe; Driver: C:\Users\Britta\AppData\Local\Temp\kwliipow.sys


---- Devices - GMER 2.1 ----

Device   \FileSystem\Ntfs \Ntfs                                                                                                                                                                  fffffa800487e2c0
Device   \FileSystem\fastfat \Fat                                                                                                                                                                fffffa80088c22c0
Device   \Driver\NetBT \Device\NetBT_Tcpip_{F5CD9E96-ED7E-442F-BDC9-11BE32674E83}                                                                                                                fffffa800704d2c0
Device   \Driver\usbehci \Device\USBPDO-1                                                                                                                                                        fffffa80078a82c0
Device   \Driver\cdrom \Device\CdRom0                                                                                                                                                            fffffa8006f5e2c0
Device   \Driver\USBSTOR \Device\00000090                                                                                                                                                        fffffa80089f72c0
Device   \Driver\NetBT \Device\NetBT_Tcpip_{95591071-CB02-44B6-A1F3-66D4F88164CD}                                                                                                                fffffa800704d2c0
Device   \Driver\usbehci \Device\USBFDO-0                                                                                                                                                        fffffa80078a82c0
Device   \Driver\NetBT \Device\NetBT_Tcpip_{F29B53CF-CE8A-421D-85F1-2B35D57A72CC}                                                                                                                fffffa800704d2c0
Device   \Driver\usbehci \Device\USBFDO-1                                                                                                                                                        fffffa80078a82c0
Device   \Driver\USBSTOR \Device\00000092                                                                                                                                                        fffffa80089f72c0
Device   \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                                                 fffffa800704d2c0
Device   \Driver\usbehci \Device\USBPDO-0                                                                                                                                                        fffffa80078a82c0

---- Threads - GMER 2.1 ----

Thread   C:\windows\system32\svchost.exe [1696:2932]                                                                                                                                             00000000020c4ccc
Thread   C:\windows\SysWow64\svchost.exe [3512:3920]                                                                                                                                             00000000001c5d50
Thread   C:\windows\SysWow64\dllhost.exe [6584:1140]                                                                                                                                             0000000000087710
Thread   C:\windows\SysWow64\dllhost.exe [6584:6560]                                                                                                                                             0000000000087240
Thread   C:\windows\SysWow64\dllhost.exe [12300:13832]                                                                                                                                           0000000000087710
Thread   C:\windows\SysWow64\dllhost.exe [12300:14716]                                                                                                                                           0000000000087240
Thread   C:\windows\SysWow64\dllhost.exe [6088:4152]                                                                                                                                             00000000000c7710
Thread   C:\windows\SysWow64\dllhost.exe [6088:11316]                                                                                                                                            00000000000c7240
Thread   C:\windows\SysWow64\dllhost.exe [4212:15052]                                                                                                                                            0000000000087710
Thread   C:\windows\SysWow64\dllhost.exe [4212:7124]                                                                                                                                             0000000000087240
Thread   C:\windows\SysWow64\dllhost.exe [5144:4840]                                                                                                                                             00000000000c7710
Thread   C:\windows\SysWow64\dllhost.exe [5144:11780]                                                                                                                                            00000000000c7240
Thread   C:\windows\SysWow64\dllhost.exe [12916:6820]                                                                                                                                            00000000000c7710
Thread   C:\windows\SysWow64\dllhost.exe [12916:14064]                                                                                                                                           00000000000c7240
Thread   C:\windows\SysWow64\dllhost.exe [11288:11388]                                                                                                                                           0000000000087710
Thread   C:\windows\SysWow64\dllhost.exe [11288:14700]                                                                                                                                           0000000000087240
Thread   C:\windows\SysWow64\dllhost.exe [8024:4308]                                                                                                                                             0000000000087710
Thread   C:\windows\SysWow64\dllhost.exe [8024:8828]                                                                                                                                             0000000000087240
Thread   C:\windows\SysWow64\dllhost.exe [12992:6992]                                                                                                                                            0000000000087710
Thread   C:\windows\SysWow64\dllhost.exe [12992:4668]                                                                                                                                            0000000000087240
Thread   C:\windows\SysWow64\dllhost.exe [8476:848]                                                                                                                                              0000000000087710
Thread   C:\windows\SysWow64\dllhost.exe [8476:11816]                                                                                                                                            0000000000087240
---- Processes - GMER 2.1 ----

Library  C:\Users\Britta\AppData\Local\Temp\fxictxz.dll (*** suspicious ***) @ C:\windows\SysWOW64\rundll32.exe [14560] (Borland HTTP Server/Borland Software Corporation)(2014-11-11 23:39:17)  0000000010000000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                \Device\{2A901C55-8892-4C79-9BBA-DD1478A25AD4}?\Device\{D061C7A1-B7A1-4987-B292-06B73884E55B}?\Device\{165B270D-FD61-4D60-B42D-B37F63D4D258}?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                               "{2A901C55-8892-4C79-9BBA-DD1478A25AD4}"?"{D061C7A1-B7A1-4987-B292-06B73884E55B}"?"{165B270D-FD61-4D60-B42D-B37F63D4D258}"?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                              \Device\TCPIP6TUNNEL_{2A901C55-8892-4C79-9BBA-DD1478A25AD4}?\Device\TCPIP6TUNNEL_{D061C7A1-B7A1-4987-B292-06B73884E55B}?\Device\TCPIP6TUNNEL_{165B270D-FD61-4D60-B42D-B37F63D4D258}?
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024d2fcf7b8                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{165B270D-FD61-4D60-B42D-B37F63D4D258}@InterfaceName                                                                  isatap.{F29B53CF-CE8A-421D-85F1-2B35D57A72CC}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{165B270D-FD61-4D60-B42D-B37F63D4D258}@ReusableType                                                                   0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                                                      771343423
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                                                      285507792
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024d2fcf7b8 (not active ControlSet)                                                                                         
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count                                                                          3085946

---- EOF - GMER 2.1 ----

 



#6 Dward1971

Dward1971

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 November 2014 - 07:05 PM

Here is the output from TDSSKiller.

20:02:55.0940 0x26d4  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
20:03:00.0714 0x26d4  ============================================================
20:03:00.0714 0x26d4  Current date / time: 2014/11/12 20:03:00.0714
20:03:00.0714 0x26d4  SystemInfo:
20:03:00.0714 0x26d4  
20:03:00.0714 0x26d4  OS Version: 6.1.7601 ServicePack: 1.0
20:03:00.0714 0x26d4  Product type: Workstation
20:03:00.0714 0x26d4  ComputerName: BRITTA-PC
20:03:00.0714 0x26d4  UserName: Britta
20:03:00.0714 0x26d4  Windows directory: C:\windows
20:03:00.0714 0x26d4  System windows directory: C:\windows
20:03:00.0714 0x26d4  Running under WOW64
20:03:00.0714 0x26d4  Processor architecture: Intel x64
20:03:00.0714 0x26d4  Number of processors: 4
20:03:00.0714 0x26d4  Page size: 0x1000
20:03:00.0714 0x26d4  Boot type: Normal boot
20:03:00.0714 0x26d4  ============================================================
20:03:01.0510 0x26d4  KLMD registered as C:\windows\system32\drivers\84866464.sys
20:03:02.0555 0x26d4  System UUID: {11BA618B-95BE-6343-6AE7-23FC5007535E}
20:03:04.0302 0x26d4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:03:04.0349 0x26d4  ============================================================
20:03:04.0349 0x26d4  \Device\Harddisk0\DR0:
20:03:04.0349 0x26d4  MBR partitions:
20:03:04.0349 0x26d4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38C0A000
20:03:04.0349 0x26d4  ============================================================
20:03:04.0364 0x26d4  C: <-> \Device\Harddisk0\DR0\Partition1
20:03:04.0364 0x26d4  ============================================================
20:03:04.0364 0x26d4  Initialize success
20:03:04.0364 0x26d4  ============================================================
20:03:11.0696 0x3510  ============================================================
20:03:11.0696 0x3510  Scan started
20:03:11.0696 0x3510  Mode: Manual; 
20:03:11.0696 0x3510  ============================================================
20:03:11.0696 0x3510  KSN ping started
20:03:14.0411 0x3510  KSN ping finished: true
20:03:17.0125 0x3510  ================ Scan system memory ========================
20:03:17.0125 0x3510  System memory - ok
20:03:17.0125 0x3510  ================ Scan services =============================
20:03:17.0437 0x3510  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
20:03:17.0453 0x3510  1394ohci - ok
20:03:17.0562 0x3510  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
20:03:17.0578 0x3510  ACPI - ok
20:03:17.0640 0x3510  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
20:03:17.0640 0x3510  AcpiPmi - ok
20:03:17.0765 0x3510  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:03:17.0765 0x3510  AdobeARMservice - ok
20:03:17.0874 0x3510  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
20:03:17.0890 0x3510  adp94xx - ok
20:03:17.0952 0x3510  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
20:03:17.0968 0x3510  adpahci - ok
20:03:18.0014 0x3510  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
20:03:18.0014 0x3510  adpu320 - ok
20:03:18.0061 0x3510  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
20:03:18.0061 0x3510  AeLookupSvc - ok
20:03:18.0155 0x3510  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
20:03:18.0170 0x3510  AFD - ok
20:03:18.0248 0x3510  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
20:03:18.0280 0x3510  AgereSoftModem - ok
20:03:18.0311 0x3510  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
20:03:18.0326 0x3510  agp440 - ok
20:03:18.0373 0x3510  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
20:03:18.0373 0x3510  ALG - ok
20:03:18.0436 0x3510  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
20:03:18.0436 0x3510  aliide - ok
20:03:18.0482 0x3510  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
20:03:18.0482 0x3510  amdide - ok
20:03:18.0529 0x3510  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
20:03:18.0529 0x3510  AmdK8 - ok
20:03:18.0560 0x3510  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
20:03:18.0560 0x3510  AmdPPM - ok
20:03:18.0623 0x3510  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
20:03:18.0623 0x3510  amdsata - ok
20:03:18.0670 0x3510  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
20:03:18.0685 0x3510  amdsbs - ok
20:03:18.0732 0x3510  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
20:03:18.0732 0x3510  amdxata - ok
20:03:18.0794 0x3510  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
20:03:18.0794 0x3510  AppID - ok
20:03:18.0826 0x3510  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
20:03:18.0826 0x3510  AppIDSvc - ok
20:03:18.0904 0x3510  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
20:03:18.0904 0x3510  Appinfo - ok
20:03:19.0013 0x3510  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:03:19.0013 0x3510  Apple Mobile Device - ok
20:03:19.0060 0x3510  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
20:03:19.0060 0x3510  arc - ok
20:03:19.0091 0x3510  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
20:03:19.0091 0x3510  arcsas - ok
20:03:19.0216 0x3510  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:03:19.0262 0x3510  aspnet_state - ok
20:03:19.0309 0x3510  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
20:03:19.0309 0x3510  AsyncMac - ok
20:03:19.0340 0x3510  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
20:03:19.0340 0x3510  atapi - ok
20:03:19.0434 0x3510  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:03:19.0450 0x3510  AudioEndpointBuilder - ok
20:03:19.0465 0x3510  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
20:03:19.0496 0x3510  AudioSrv - ok
20:03:19.0559 0x3510  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
20:03:19.0559 0x3510  AxInstSV - ok
20:03:19.0621 0x3510  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
20:03:19.0637 0x3510  b06bdrv - ok
20:03:19.0684 0x3510  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
20:03:19.0699 0x3510  b57nd60a - ok
20:03:19.0746 0x3510  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
20:03:19.0746 0x3510  BDESVC - ok
20:03:19.0777 0x3510  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
20:03:19.0777 0x3510  Beep - ok
20:03:19.0886 0x3510  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
20:03:19.0902 0x3510  BFE - ok
20:03:20.0214 0x3510  [ D90F5136CB6512B2B9A855C94F79B0B5, 7E2FFDF2B1147E25EA2530DB55667352116EE676D0B6F76ED4C6FEAFC88AB5D4 ] BHDrvx64        C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys
20:03:20.0261 0x3510  BHDrvx64 - ok
20:03:20.0323 0x3510  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
20:03:20.0354 0x3510  BITS - ok
20:03:20.0386 0x3510  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
20:03:20.0386 0x3510  blbdrive - ok
20:03:20.0510 0x3510  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:03:20.0542 0x3510  Bonjour Service - ok
20:03:20.0604 0x3510  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
20:03:20.0604 0x3510  bowser - ok
20:03:20.0651 0x3510  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
20:03:20.0651 0x3510  BrFiltLo - ok
20:03:20.0651 0x3510  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
20:03:20.0651 0x3510  BrFiltUp - ok
20:03:20.0729 0x3510  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
20:03:20.0729 0x3510  Browser - ok
20:03:20.0776 0x3510  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
20:03:20.0791 0x3510  Brserid - ok
20:03:20.0822 0x3510  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
20:03:20.0822 0x3510  BrSerWdm - ok
20:03:20.0854 0x3510  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
20:03:20.0854 0x3510  BrUsbMdm - ok
20:03:20.0869 0x3510  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
20:03:20.0869 0x3510  BrUsbSer - ok
20:03:20.0916 0x3510  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
20:03:20.0916 0x3510  BthEnum - ok
20:03:20.0978 0x3510  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
20:03:20.0978 0x3510  BTHMODEM - ok
20:03:21.0025 0x3510  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
20:03:21.0025 0x3510  BthPan - ok
20:03:21.0103 0x3510  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
20:03:21.0119 0x3510  BTHPORT - ok
20:03:21.0166 0x3510  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
20:03:21.0166 0x3510  bthserv - ok
20:03:21.0212 0x3510  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
20:03:21.0212 0x3510  BTHUSB - ok
20:03:21.0322 0x3510  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360      C:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys
20:03:21.0337 0x3510  ccSet_N360 - ok
20:03:21.0368 0x3510  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
20:03:21.0384 0x3510  cdfs - ok
20:03:21.0446 0x3510  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
20:03:21.0446 0x3510  cdrom - ok
20:03:21.0493 0x3510  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
20:03:21.0509 0x3510  CertPropSvc - ok
20:03:21.0587 0x3510  [ ADBDC69A0C25361870A1AC009D29F960, 3A4042DC5DB2A0A1AC4A94D6894E556F15E747AA11C25DEF1A8C2CDC5FF7A5EA ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
20:03:21.0602 0x3510  cfWiMAXService - ok
20:03:21.0649 0x3510  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
20:03:21.0649 0x3510  circlass - ok
20:03:21.0727 0x3510  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
20:03:21.0743 0x3510  CLFS - ok
20:03:21.0821 0x3510  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:03:21.0821 0x3510  clr_optimization_v2.0.50727_32 - ok
20:03:21.0899 0x3510  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:03:21.0899 0x3510  clr_optimization_v2.0.50727_64 - ok
20:03:22.0008 0x3510  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:03:22.0164 0x3510  clr_optimization_v4.0.30319_32 - ok
20:03:22.0195 0x3510  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:03:22.0289 0x3510  clr_optimization_v4.0.30319_64 - ok
20:03:22.0367 0x3510  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
20:03:22.0367 0x3510  CmBatt - ok
20:03:22.0414 0x3510  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
20:03:22.0414 0x3510  cmdide - ok
20:03:22.0507 0x3510  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
20:03:22.0523 0x3510  CNG - ok
20:03:22.0554 0x3510  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
20:03:22.0554 0x3510  Compbatt - ok
20:03:22.0632 0x3510  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
20:03:22.0648 0x3510  CompositeBus - ok
20:03:22.0679 0x3510  COMSysApp - ok
20:03:22.0726 0x3510  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:03:22.0726 0x3510  ConfigFree Service - ok
20:03:22.0772 0x3510  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
20:03:22.0772 0x3510  crcdisk - ok
20:03:22.0850 0x3510  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
20:03:22.0866 0x3510  CryptSvc - ok
20:03:22.0944 0x3510  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
20:03:22.0960 0x3510  DcomLaunch - ok
20:03:23.0006 0x3510  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
20:03:23.0006 0x3510  defragsvc - ok
20:03:23.0069 0x3510  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
20:03:23.0084 0x3510  DfsC - ok
20:03:23.0147 0x3510  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
20:03:23.0178 0x3510  Dhcp - ok
20:03:23.0194 0x3510  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
20:03:23.0194 0x3510  discache - ok
20:03:23.0225 0x3510  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
20:03:23.0225 0x3510  Disk - ok
20:03:23.0287 0x3510  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
20:03:23.0303 0x3510  Dnscache - ok
20:03:23.0334 0x3510  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
20:03:23.0350 0x3510  dot3svc - ok
20:03:23.0412 0x3510  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
20:03:23.0412 0x3510  DPS - ok
20:03:23.0459 0x3510  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
20:03:23.0459 0x3510  drmkaud - ok
20:03:23.0552 0x3510  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
20:03:23.0584 0x3510  DXGKrnl - ok
20:03:23.0630 0x3510  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
20:03:23.0630 0x3510  EapHost - ok
20:03:23.0802 0x3510  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
20:03:23.0927 0x3510  ebdrv - ok
20:03:24.0020 0x3510  [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:03:24.0036 0x3510  eeCtrl - ok
20:03:24.0098 0x3510  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
20:03:24.0098 0x3510  EFS - ok
20:03:24.0192 0x3510  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
20:03:24.0223 0x3510  ehRecvr - ok
20:03:24.0254 0x3510  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
20:03:24.0270 0x3510  ehSched - ok
20:03:24.0348 0x3510  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
20:03:24.0379 0x3510  elxstor - ok
20:03:24.0442 0x3510  [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:03:24.0457 0x3510  EraserUtilRebootDrv - ok
20:03:24.0488 0x3510  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
20:03:24.0488 0x3510  ErrDev - ok
20:03:24.0551 0x3510  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
20:03:24.0566 0x3510  EventSystem - ok
20:03:24.0598 0x3510  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
20:03:24.0598 0x3510  exfat - ok
20:03:24.0644 0x3510  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
20:03:24.0660 0x3510  fastfat - ok
20:03:24.0738 0x3510  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
20:03:24.0754 0x3510  Fax - ok
20:03:24.0785 0x3510  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
20:03:24.0785 0x3510  fdc - ok
20:03:24.0816 0x3510  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
20:03:24.0816 0x3510  fdPHost - ok
20:03:24.0832 0x3510  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
20:03:24.0847 0x3510  FDResPub - ok
20:03:24.0878 0x3510  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
20:03:24.0878 0x3510  FileInfo - ok
20:03:24.0894 0x3510  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
20:03:24.0910 0x3510  Filetrace - ok
20:03:24.0925 0x3510  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
20:03:24.0925 0x3510  flpydisk - ok
20:03:24.0972 0x3510  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
20:03:24.0972 0x3510  FltMgr - ok
20:03:25.0081 0x3510  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
20:03:25.0128 0x3510  FontCache - ok
20:03:25.0175 0x3510  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:03:25.0175 0x3510  FontCache3.0.0.0 - ok
20:03:25.0222 0x3510  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
20:03:25.0222 0x3510  FsDepends - ok
20:03:25.0268 0x3510  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
20:03:25.0268 0x3510  Fs_Rec - ok
20:03:25.0331 0x3510  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
20:03:25.0346 0x3510  fvevol - ok
20:03:25.0393 0x3510  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
20:03:25.0393 0x3510  gagp30kx - ok
20:03:25.0456 0x3510  [ 4FBCCBDD99A75C9EFBC90392CF32AF61, 221E71D0CE1793B8F0F7D8A2D7B205BBF53B518A45E2116A5882BCAB88B870E1 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
20:03:25.0471 0x3510  GameConsoleService - ok
20:03:25.0534 0x3510  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:03:25.0534 0x3510  GEARAspiWDM - ok
20:03:25.0596 0x3510  [ D207DBEF87EDFC5A5072BFD69C3F4184, 53B193B2203FC7A8060B5CD6F4657BFB6895E780395DDA49DA9285492D0077BA ] GFNEXSrv        C:\Windows\System32\GFNEXSrv.exe
20:03:25.0612 0x3510  GFNEXSrv - ok
20:03:25.0690 0x3510  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
20:03:25.0721 0x3510  gpsvc - ok
20:03:25.0814 0x3510  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:03:25.0814 0x3510  gupdate - ok
20:03:25.0861 0x3510  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:03:25.0877 0x3510  gupdatem - ok
20:03:25.0908 0x3510  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:03:25.0924 0x3510  gusvc - ok
20:03:25.0955 0x3510  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
20:03:25.0955 0x3510  hcw85cir - ok
20:03:26.0033 0x3510  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:03:26.0048 0x3510  HdAudAddService - ok
20:03:26.0111 0x3510  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
20:03:26.0126 0x3510  HDAudBus - ok
20:03:26.0173 0x3510  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
20:03:26.0173 0x3510  HECIx64 - ok
20:03:26.0204 0x3510  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
20:03:26.0204 0x3510  HidBatt - ok
20:03:26.0236 0x3510  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
20:03:26.0236 0x3510  HidBth - ok
20:03:26.0282 0x3510  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
20:03:26.0282 0x3510  HidIr - ok
20:03:26.0314 0x3510  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
20:03:26.0314 0x3510  hidserv - ok
20:03:26.0360 0x3510  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
20:03:26.0360 0x3510  HidUsb - ok
20:03:26.0423 0x3510  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
20:03:26.0423 0x3510  hkmsvc - ok
20:03:26.0485 0x3510  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:03:26.0501 0x3510  HomeGroupListener - ok
20:03:26.0548 0x3510  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:03:26.0548 0x3510  HomeGroupProvider - ok
20:03:26.0594 0x3510  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
20:03:26.0594 0x3510  HpSAMD - ok
20:03:26.0735 0x3510  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
20:03:26.0766 0x3510  HTTP - ok
20:03:26.0797 0x3510  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
20:03:26.0797 0x3510  hwpolicy - ok
20:03:26.0860 0x3510  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
20:03:26.0860 0x3510  i8042prt - ok
20:03:26.0938 0x3510  [ 631FA8935163B01FC0C02966CB3ADB92, F6BDA41EB4AB0A7215A4ABC88461AF174E1439AC37D7663D43D43ABB68F70E2F ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
20:03:26.0969 0x3510  iaStor - ok
20:03:27.0047 0x3510  [ 7493EA4DE41348F7D3EDBF9DB298F56A, D40BE4E8D90B5F6EF0B16F3B9E9F63273FE558492A560CB291C7DE2864794CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:03:27.0047 0x3510  IAStorDataMgrSvc - ok
20:03:27.0109 0x3510  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
20:03:27.0125 0x3510  iaStorV - ok
20:03:27.0218 0x3510  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:03:27.0250 0x3510  idsvc - ok
20:03:27.0406 0x3510  [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64        C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141111.001\IDSvia64.sys
20:03:27.0421 0x3510  IDSVia64 - ok
20:03:27.0484 0x3510  IEEtwCollectorService - ok
20:03:27.0811 0x3510  [ 0372C154226F7074CD150F475A4870A6, C87475D7AF534D3C4C0F1FD28E4A893AA4B626A6069003FA9A84E6B9951FD890 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
20:03:28.0123 0x3510  igfx - ok
20:03:28.0186 0x3510  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
20:03:28.0186 0x3510  iirsp - ok
20:03:28.0279 0x3510  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
20:03:28.0310 0x3510  IKEEXT - ok
20:03:28.0357 0x3510  [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
20:03:28.0373 0x3510  Impcd - ok
20:03:28.0529 0x3510  [ 0C3CF4B3BAE28E121A1689E3538F8712, 1599785D54E8306872A1DDD8546D316C9B193A85C5AEB37CF956B8C4077B8792 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:03:28.0591 0x3510  IntcAzAudAddService - ok
20:03:28.0654 0x3510  [ 408B401CD7CDB075C7470B0FF7BA8D0B, A3BC4ED47094D6A78732012D9020E0C31583E6132E3C0FD1FD64C80AFCC4738F ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
20:03:28.0669 0x3510  IntcDAud - ok
20:03:28.0716 0x3510  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
20:03:28.0716 0x3510  intelide - ok
20:03:28.0763 0x3510  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
20:03:28.0763 0x3510  intelppm - ok
20:03:28.0794 0x3510  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
20:03:28.0810 0x3510  IPBusEnum - ok
20:03:28.0856 0x3510  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
20:03:28.0856 0x3510  IpFilterDriver - ok
20:03:28.0950 0x3510  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
20:03:28.0966 0x3510  iphlpsvc - ok
20:03:29.0012 0x3510  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
20:03:29.0012 0x3510  IPMIDRV - ok
20:03:29.0059 0x3510  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
20:03:29.0059 0x3510  IPNAT - ok
20:03:29.0153 0x3510  [ 6660920D05A32DF2DC1260CEF0B6D172, 2C4361B59CD9F41519FDF14EC69F2E37E1B0635ACA476E4BEF2152C925E35F9F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:03:29.0184 0x3510  iPod Service - ok
20:03:29.0215 0x3510  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
20:03:29.0215 0x3510  IRENUM - ok
20:03:29.0246 0x3510  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
20:03:29.0262 0x3510  isapnp - ok
20:03:29.0293 0x3510  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
20:03:29.0309 0x3510  iScsiPrt - ok
20:03:29.0356 0x3510  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
20:03:29.0371 0x3510  kbdclass - ok
20:03:29.0418 0x3510  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
20:03:29.0418 0x3510  kbdhid - ok
20:03:29.0449 0x3510  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
20:03:29.0449 0x3510  KeyIso - ok
20:03:29.0496 0x3510  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
20:03:29.0496 0x3510  KSecDD - ok
20:03:29.0527 0x3510  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
20:03:29.0527 0x3510  KSecPkg - ok
20:03:29.0558 0x3510  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
20:03:29.0558 0x3510  ksthunk - ok
20:03:29.0605 0x3510  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
20:03:29.0605 0x3510  KtmRm - ok
20:03:29.0683 0x3510  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
20:03:29.0683 0x3510  LanmanServer - ok
20:03:29.0730 0x3510  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:03:29.0730 0x3510  LanmanWorkstation - ok
20:03:29.0777 0x3510  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
20:03:29.0777 0x3510  lltdio - ok
20:03:29.0808 0x3510  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
20:03:29.0824 0x3510  lltdsvc - ok
20:03:29.0855 0x3510  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
20:03:29.0855 0x3510  lmhosts - ok
20:03:29.0917 0x3510  [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:03:29.0917 0x3510  LMS - ok
20:03:29.0948 0x3510  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
20:03:29.0964 0x3510  LSI_FC - ok
20:03:30.0011 0x3510  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
20:03:30.0011 0x3510  LSI_SAS - ok
20:03:30.0042 0x3510  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
20:03:30.0042 0x3510  LSI_SAS2 - ok
20:03:30.0058 0x3510  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
20:03:30.0073 0x3510  LSI_SCSI - ok
20:03:30.0089 0x3510  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
20:03:30.0089 0x3510  luafv - ok
20:03:30.0136 0x3510  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
20:03:30.0136 0x3510  Mcx2Svc - ok
20:03:30.0167 0x3510  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
20:03:30.0167 0x3510  megasas - ok
20:03:30.0198 0x3510  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
20:03:30.0214 0x3510  MegaSR - ok
20:03:30.0260 0x3510  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
20:03:30.0260 0x3510  MMCSS - ok
20:03:30.0307 0x3510  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
20:03:30.0307 0x3510  Modem - ok
20:03:30.0323 0x3510  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
20:03:30.0323 0x3510  monitor - ok
20:03:30.0385 0x3510  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\drivers\mouclass.sys
20:03:30.0385 0x3510  mouclass - ok
20:03:30.0432 0x3510  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
20:03:30.0432 0x3510  mouhid - ok
20:03:30.0494 0x3510  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
20:03:30.0510 0x3510  mountmgr - ok
20:03:30.0557 0x3510  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
20:03:30.0572 0x3510  mpio - ok
20:03:30.0604 0x3510  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
20:03:30.0619 0x3510  mpsdrv - ok
20:03:30.0682 0x3510  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
20:03:30.0697 0x3510  MpsSvc - ok
20:03:30.0744 0x3510  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
20:03:30.0744 0x3510  MRxDAV - ok
20:03:30.0791 0x3510  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
20:03:30.0806 0x3510  mrxsmb - ok
20:03:30.0853 0x3510  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
20:03:30.0869 0x3510  mrxsmb10 - ok
20:03:30.0900 0x3510  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
20:03:30.0900 0x3510  mrxsmb20 - ok
20:03:30.0947 0x3510  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
20:03:30.0962 0x3510  msahci - ok
20:03:31.0009 0x3510  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
20:03:31.0009 0x3510  msdsm - ok
20:03:31.0056 0x3510  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
20:03:31.0072 0x3510  MSDTC - ok
20:03:31.0150 0x3510  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
20:03:31.0150 0x3510  Msfs - ok
20:03:31.0165 0x3510  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
20:03:31.0165 0x3510  mshidkmdf - ok
20:03:31.0222 0x3510  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
20:03:31.0222 0x3510  msisadrv - ok
20:03:31.0252 0x3510  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
20:03:31.0252 0x3510  MSiSCSI - ok
20:03:31.0262 0x3510  msiserver - ok
20:03:31.0302 0x3510  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
20:03:31.0302 0x3510  MSKSSRV - ok
20:03:31.0312 0x3510  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
20:03:31.0322 0x3510  MSPCLOCK - ok
20:03:31.0338 0x3510  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
20:03:31.0338 0x3510  MSPQM - ok
20:03:31.0400 0x3510  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
20:03:31.0416 0x3510  MsRPC - ok
20:03:31.0462 0x3510  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
20:03:31.0462 0x3510  mssmbios - ok
20:03:31.0509 0x3510  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
20:03:31.0509 0x3510  MSTEE - ok
20:03:31.0525 0x3510  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
20:03:31.0525 0x3510  MTConfig - ok
20:03:31.0540 0x3510  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
20:03:31.0540 0x3510  Mup - ok
20:03:31.0774 0x3510  [ A0C88349651D9F5421AFD363C27102E8, 71D5F7EDAF47AB1376444CB648BFD86CEA36735EE42A9935BDB876DF8F765F45 ] N360            C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
20:03:31.0790 0x3510  N360 - ok
20:03:31.0852 0x3510  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
20:03:31.0868 0x3510  napagent - ok
20:03:31.0946 0x3510  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
20:03:31.0946 0x3510  NativeWifiP - ok
20:03:32.0274 0x3510  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.002\ENG64.SYS
20:03:32.0274 0x3510  NAVENG - ok
20:03:32.0461 0x3510  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.002\EX64.SYS
20:03:32.0523 0x3510  NAVEX15 - ok
20:03:32.0601 0x3510  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
20:03:32.0632 0x3510  NDIS - ok
20:03:32.0664 0x3510  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
20:03:32.0679 0x3510  NdisCap - ok
20:03:32.0710 0x3510  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
20:03:32.0710 0x3510  NdisTapi - ok
20:03:32.0757 0x3510  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
20:03:32.0757 0x3510  Ndisuio - ok
20:03:32.0804 0x3510  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
20:03:32.0820 0x3510  NdisWan - ok
20:03:32.0851 0x3510  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
20:03:32.0851 0x3510  NDProxy - ok
20:03:32.0882 0x3510  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
20:03:32.0898 0x3510  NetBIOS - ok
20:03:32.0944 0x3510  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
20:03:32.0960 0x3510  NetBT - ok
20:03:32.0976 0x3510  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
20:03:32.0991 0x3510  Netlogon - ok
20:03:33.0022 0x3510  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
20:03:33.0038 0x3510  Netman - ok
20:03:33.0069 0x3510  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:03:33.0100 0x3510  NetMsmqActivator - ok
20:03:33.0116 0x3510  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:03:33.0132 0x3510  NetPipeActivator - ok
20:03:33.0178 0x3510  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
20:03:33.0194 0x3510  netprofm - ok
20:03:33.0210 0x3510  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:03:33.0210 0x3510  NetTcpActivator - ok
20:03:33.0225 0x3510  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:03:33.0225 0x3510  NetTcpPortSharing - ok
20:03:33.0272 0x3510  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
20:03:33.0272 0x3510  nfrd960 - ok
20:03:33.0319 0x3510  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
20:03:33.0350 0x3510  NlaSvc - ok
20:03:33.0350 0x3510  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
20:03:33.0366 0x3510  Npfs - ok
20:03:33.0381 0x3510  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
20:03:33.0381 0x3510  nsi - ok
20:03:33.0412 0x3510  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
20:03:33.0412 0x3510  nsiproxy - ok
20:03:33.0522 0x3510  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
20:03:33.0568 0x3510  Ntfs - ok
20:03:33.0600 0x3510  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
20:03:33.0615 0x3510  Null - ok
20:03:33.0662 0x3510  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
20:03:33.0678 0x3510  nvraid - ok
20:03:33.0693 0x3510  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
20:03:33.0709 0x3510  nvstor - ok
20:03:33.0756 0x3510  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
20:03:33.0756 0x3510  nv_agp - ok
20:03:33.0880 0x3510  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:03:33.0896 0x3510  odserv - ok
20:03:33.0958 0x3510  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
20:03:33.0958 0x3510  ohci1394 - ok
20:03:34.0021 0x3510  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:03:34.0036 0x3510  ose - ok
20:03:34.0083 0x3510  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
20:03:34.0099 0x3510  p2pimsvc - ok
20:03:34.0146 0x3510  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
20:03:34.0161 0x3510  p2psvc - ok
20:03:34.0177 0x3510  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
20:03:34.0192 0x3510  Parport - ok
20:03:34.0239 0x3510  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
20:03:34.0239 0x3510  partmgr - ok
20:03:34.0270 0x3510  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
20:03:34.0286 0x3510  PcaSvc - ok
20:03:34.0333 0x3510  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
20:03:34.0333 0x3510  pci - ok
20:03:34.0380 0x3510  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
20:03:34.0380 0x3510  pciide - ok
20:03:34.0411 0x3510  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
20:03:34.0426 0x3510  pcmcia - ok
20:03:34.0458 0x3510  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
20:03:34.0458 0x3510  pcw - ok
20:03:34.0489 0x3510  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
20:03:34.0520 0x3510  PEAUTH - ok
20:03:34.0629 0x3510  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
20:03:34.0629 0x3510  PerfHost - ok
20:03:34.0676 0x3510  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
20:03:34.0676 0x3510  PGEffect - ok
20:03:34.0785 0x3510  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
20:03:34.0816 0x3510  pla - ok
20:03:34.0879 0x3510  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
20:03:34.0894 0x3510  PlugPlay - ok
20:03:34.0910 0x3510  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
20:03:34.0910 0x3510  PNRPAutoReg - ok
20:03:34.0941 0x3510  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
20:03:34.0941 0x3510  PNRPsvc - ok
20:03:35.0004 0x3510  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
20:03:35.0019 0x3510  PolicyAgent - ok
20:03:35.0050 0x3510  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
20:03:35.0050 0x3510  Power - ok
20:03:35.0113 0x3510  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
20:03:35.0113 0x3510  PptpMiniport - ok
20:03:35.0160 0x3510  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
20:03:35.0160 0x3510  Processor - ok
20:03:35.0206 0x3510  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
20:03:35.0222 0x3510  ProfSvc - ok
20:03:35.0238 0x3510  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
20:03:35.0238 0x3510  ProtectedStorage - ok
20:03:35.0284 0x3510  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
20:03:35.0300 0x3510  Psched - ok
20:03:35.0378 0x3510  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
20:03:35.0425 0x3510  ql2300 - ok
20:03:35.0440 0x3510  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
20:03:35.0456 0x3510  ql40xx - ok
20:03:35.0487 0x3510  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
20:03:35.0503 0x3510  QWAVE - ok
20:03:35.0518 0x3510  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
20:03:35.0518 0x3510  QWAVEdrv - ok
20:03:35.0565 0x3510  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
20:03:35.0565 0x3510  RasAcd - ok
20:03:35.0612 0x3510  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
20:03:35.0612 0x3510  RasAgileVpn - ok
20:03:35.0659 0x3510  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
20:03:35.0659 0x3510  RasAuto - ok
20:03:35.0706 0x3510  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
20:03:35.0721 0x3510  Rasl2tp - ok
20:03:35.0768 0x3510  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
20:03:35.0784 0x3510  RasMan - ok
20:03:35.0815 0x3510  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
20:03:35.0815 0x3510  RasPppoe - ok
20:03:35.0846 0x3510  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
20:03:35.0846 0x3510  RasSstp - ok
20:03:35.0893 0x3510  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
20:03:35.0908 0x3510  rdbss - ok
20:03:35.0955 0x3510  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
20:03:35.0955 0x3510  rdpbus - ok
20:03:35.0986 0x3510  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
20:03:35.0986 0x3510  RDPCDD - ok
20:03:36.0018 0x3510  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
20:03:36.0018 0x3510  RDPENCDD - ok
20:03:36.0049 0x3510  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
20:03:36.0049 0x3510  RDPREFMP - ok
20:03:36.0096 0x3510  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
20:03:36.0111 0x3510  RDPWD - ok
20:03:36.0174 0x3510  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
20:03:36.0174 0x3510  rdyboost - ok
20:03:36.0205 0x3510  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
20:03:36.0205 0x3510  RemoteAccess - ok
20:03:36.0252 0x3510  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
20:03:36.0252 0x3510  RemoteRegistry - ok
20:03:36.0298 0x3510  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
20:03:36.0314 0x3510  RFCOMM - ok
20:03:36.0361 0x3510  [ E20B1907FC72A3664ECE21E3C20FC63D, 7BB9CD6A90BDBF8AD3B22CBB1E29A240C9302EDEE104283DA2D153E9539104E5 ] rimspci         C:\windows\system32\DRIVERS\rimspe64.sys
20:03:36.0361 0x3510  rimspci - ok
20:03:36.0392 0x3510  [ 7DDA2E5CF452DAD24B1BE704225C18EE, 90B18DC32A0687BFF0F615CA75EDCBAA036ABC1043494EBA30802998D156D765 ] risdpcie        C:\windows\system32\DRIVERS\risdpe64.sys
20:03:36.0392 0x3510  risdpcie - ok
20:03:36.0439 0x3510  [ 6A1CD4674505E6791390A1AB71DA1FBE, EC095BFBAA44258975E1538767BB6BFFAA85C63C7F63CB314501F113C8D16208 ] rixdpcie        C:\windows\system32\DRIVERS\rixdpe64.sys
20:03:36.0439 0x3510  rixdpcie - ok
20:03:36.0470 0x3510  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
20:03:36.0470 0x3510  RpcEptMapper - ok
20:03:36.0517 0x3510  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
20:03:36.0517 0x3510  RpcLocator - ok
20:03:36.0595 0x3510  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
20:03:36.0610 0x3510  RpcSs - ok
20:03:36.0626 0x3510  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
20:03:36.0626 0x3510  rspndr - ok
20:03:36.0673 0x3510  [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
20:03:36.0673 0x3510  RTL8167 - ok
20:03:36.0829 0x3510  [ A8ED9726734D403217A4861A6788B144, 8982F6A5C6567D7D765B2093617C943B30327037BC7DB6CB1BABE7BB0739F9FA ] rtl8192se       C:\windows\system32\DRIVERS\rtl8192se.sys
20:03:36.0860 0x3510  rtl8192se - ok
20:03:36.0876 0x3510  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
20:03:36.0891 0x3510  SamSs - ok
20:03:36.0938 0x3510  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
20:03:36.0938 0x3510  sbp2port - ok
20:03:36.0985 0x3510  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
20:03:37.0000 0x3510  SCardSvr - ok
20:03:37.0047 0x3510  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
20:03:37.0047 0x3510  scfilter - ok
20:03:37.0141 0x3510  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
20:03:37.0172 0x3510  Schedule - ok
20:03:37.0219 0x3510  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
20:03:37.0219 0x3510  SCPolicySvc - ok
20:03:37.0281 0x3510  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\windows\system32\drivers\sdbus.sys
20:03:37.0297 0x3510  sdbus - ok
20:03:37.0328 0x3510  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
20:03:37.0344 0x3510  SDRSVC - ok
20:03:37.0375 0x3510  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
20:03:37.0390 0x3510  secdrv - ok
20:03:37.0437 0x3510  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
20:03:37.0437 0x3510  seclogon - ok
20:03:37.0484 0x3510  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
20:03:37.0484 0x3510  SENS - ok
20:03:37.0500 0x3510  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
20:03:37.0500 0x3510  SensrSvc - ok
20:03:37.0531 0x3510  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
20:03:37.0531 0x3510  Serenum - ok
20:03:37.0578 0x3510  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
20:03:37.0578 0x3510  Serial - ok
20:03:37.0624 0x3510  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
20:03:37.0640 0x3510  sermouse - ok
20:03:37.0687 0x3510  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
20:03:37.0687 0x3510  SessionEnv - ok
20:03:37.0734 0x3510  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
20:03:37.0734 0x3510  sffdisk - ok
20:03:37.0749 0x3510  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
20:03:37.0765 0x3510  sffp_mmc - ok
20:03:37.0765 0x3510  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
20:03:37.0780 0x3510  sffp_sd - ok
20:03:37.0796 0x3510  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
20:03:37.0796 0x3510  sfloppy - ok
20:03:37.0858 0x3510  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
20:03:37.0874 0x3510  SharedAccess - ok
20:03:37.0921 0x3510  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:03:37.0952 0x3510  ShellHWDetection - ok
20:03:37.0983 0x3510  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
20:03:37.0983 0x3510  SiSRaid2 - ok
20:03:38.0014 0x3510  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
20:03:38.0014 0x3510  SiSRaid4 - ok
20:03:38.0061 0x3510  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
20:03:38.0061 0x3510  Smb - ok
20:03:38.0124 0x3510  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
20:03:38.0124 0x3510  SNMPTRAP - ok
20:03:38.0155 0x3510  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
20:03:38.0155 0x3510  spldr - ok
20:03:38.0217 0x3510  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
20:03:38.0233 0x3510  Spooler - ok
20:03:38.0420 0x3510  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
20:03:38.0545 0x3510  sppsvc - ok
20:03:38.0576 0x3510  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
20:03:38.0576 0x3510  sppuinotify - ok
20:03:38.0701 0x3510  [ A6CFF1AF7664627A296B6A0A96CF876E, DAD7B09341ABAA7F26AB7F93BD2B910BD2BA6ECFD317C1BCB66FFEC332A655A0 ] sptd            C:\windows\System32\Drivers\sptd.sys
20:03:38.0701 0x3510  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\sptd.sys. md5: A6CFF1AF7664627A296B6A0A96CF876E, sha256: DAD7B09341ABAA7F26AB7F93BD2B910BD2BA6ECFD317C1BCB66FFEC332A655A0
20:03:38.0701 0x3510  sptd - detected LockedFile.Multi.Generic ( 1 )
20:03:41.0556 0x3510  Detect skipped due to KSN trusted
20:03:41.0556 0x3510  sptd - ok
20:03:41.0727 0x3510  [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP           C:\windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS
20:03:41.0774 0x3510  SRTSP - ok
20:03:41.0790 0x3510  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
20:03:41.0790 0x3510  SRTSPX - ok
20:03:41.0868 0x3510  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
20:03:41.0868 0x3510  srv - ok
20:03:41.0930 0x3510  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
20:03:41.0946 0x3510  srv2 - ok
20:03:41.0992 0x3510  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
20:03:42.0008 0x3510  srvnet - ok
20:03:42.0039 0x3510  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
20:03:42.0055 0x3510  SSDPSRV - ok
20:03:42.0071 0x3510  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
20:03:42.0071 0x3510  SstpSvc - ok
20:03:42.0102 0x3510  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
20:03:42.0102 0x3510  stexstor - ok
20:03:42.0180 0x3510  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
20:03:42.0211 0x3510  stisvc - ok
20:03:42.0258 0x3510  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
20:03:42.0258 0x3510  swenum - ok
20:03:42.0320 0x3510  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
20:03:42.0351 0x3510  swprv - ok
20:03:42.0414 0x3510  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
20:03:42.0429 0x3510  SymDS - ok
20:03:42.0539 0x3510  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
20:03:42.0570 0x3510  SymEFA - ok
20:03:42.0632 0x3510  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:03:42.0648 0x3510  SymEvent - ok
20:03:42.0695 0x3510  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS
20:03:42.0710 0x3510  SymIRON - ok
20:03:42.0788 0x3510  [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS         C:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS
20:03:42.0804 0x3510  SymNetS - ok
20:03:42.0882 0x3510  [ E28CA52ECF8CB6EB04B34DE440BA260E, 71F2B8FF79DCA776D31604FA6FFA631F7AC8E9461E6BAB2ED97E2151EF186DD7 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
20:03:42.0897 0x3510  SynTP - ok
20:03:43.0022 0x3510  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
20:03:43.0085 0x3510  SysMain - ok
20:03:43.0131 0x3510  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
20:03:43.0131 0x3510  TabletInputService - ok
20:03:43.0178 0x3510  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
20:03:43.0194 0x3510  TapiSrv - ok
20:03:43.0225 0x3510  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
20:03:43.0225 0x3510  TBS - ok
20:03:43.0350 0x3510  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
20:03:43.0412 0x3510  Tcpip - ok
20:03:43.0521 0x3510  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
20:03:43.0568 0x3510  TCPIP6 - ok
20:03:43.0599 0x3510  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
20:03:43.0599 0x3510  tcpipreg - ok
20:03:43.0646 0x3510  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
20:03:43.0646 0x3510  tdcmdpst - ok
20:03:43.0677 0x3510  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
20:03:43.0677 0x3510  TDPIPE - ok
20:03:43.0724 0x3510  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
20:03:43.0724 0x3510  TDTCP - ok
20:03:43.0755 0x3510  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
20:03:43.0771 0x3510  tdx - ok
20:03:43.0818 0x3510  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
20:03:43.0818 0x3510  TermDD - ok
20:03:43.0911 0x3510  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\windows\System32\termsrv.dll
20:03:43.0927 0x3510  TermService - ok
20:03:43.0958 0x3510  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
20:03:43.0958 0x3510  Themes - ok
20:03:44.0021 0x3510  [ C013F6ACAA9761F571BD28DADA7C157D, E57246132B36FE38D4B177AAE3367D25AF28449201CD4D02CB7957C32AF02AC6 ] Thpdrv          C:\windows\system32\DRIVERS\thpdrv.sys
20:03:44.0021 0x3510  Thpdrv - ok
20:03:44.0036 0x3510  [ B4E609047434ED948AF7BDEF2FA66E38, 353B7A120E532E9CDF0DE91EC39DF5B9B92A1A99B537FF4FB0D1EA13DBE30D17 ] Thpevm          C:\windows\system32\DRIVERS\Thpevm.SYS
20:03:44.0036 0x3510  Thpevm - ok
20:03:44.0083 0x3510  [ F6927BBA3B09AFF26A53A9191F7378F9, ECB6FD262882E9E2714DC61A634045B4C4906BF159A42ECB5D3166BD42EC65D1 ] Thpsrv          C:\windows\system32\ThpSrv.exe
20:03:44.0099 0x3510  Thpsrv - ok
20:03:44.0130 0x3510  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
20:03:44.0130 0x3510  THREADORDER - ok
20:03:44.0223 0x3510  [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:03:44.0239 0x3510  TMachInfo - ok
20:03:44.0255 0x3510  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
20:03:44.0255 0x3510  TODDSrv - ok
20:03:44.0348 0x3510  [ F82188FC76CFE174DC35A46E0BFC4DA7, B128255E3E6457D6140A41C2027A9269C9023572F2B64F4C50FAF8316B966E15 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:03:44.0364 0x3510  TosCoSrv - ok
20:03:44.0411 0x3510  [ 6938CBD31B47092B042420A5FD2E9AAE, EE22EC33BFB9DA4143A0286F2BE8CF0B1D44D22973D406125AD3CF518BB4FB48 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:03:44.0426 0x3510  TOSHIBA eco Utility Service - ok
20:03:44.0489 0x3510  [ 4218356616E08518E6C2CB102AC3798A, 2AFF17E29F9F5A9A62471100CE49A859262B0296A38BB30CB62D3CF48FC0308D ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:03:44.0504 0x3510  TOSHIBA HDD SSD Alert Service - ok
20:03:44.0551 0x3510  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
20:03:44.0567 0x3510  tos_sps64 - ok
20:03:44.0660 0x3510  [ 270CEBD8B5DD9F232CD50D18D19C10A0, 9845BB48B5595C10C84DECB49F74B61CF4950369C86703A2B595C75102F0354D ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:03:44.0676 0x3510  TPCHSrv - ok
20:03:44.0723 0x3510  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
20:03:44.0723 0x3510  TrkWks - ok
20:03:44.0785 0x3510  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:03:44.0801 0x3510  TrustedInstaller - ok
20:03:44.0847 0x3510  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
20:03:44.0847 0x3510  tssecsrv - ok
20:03:44.0894 0x3510  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
20:03:44.0910 0x3510  TsUsbFlt - ok
20:03:44.0972 0x3510  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
20:03:44.0988 0x3510  tunnel - ok
20:03:45.0003 0x3510  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:03:45.0003 0x3510  TVALZ - ok
20:03:45.0050 0x3510  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
20:03:45.0050 0x3510  TVALZFL - ok
20:03:45.0066 0x3510  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
20:03:45.0066 0x3510  uagp35 - ok
20:03:45.0113 0x3510  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
20:03:45.0128 0x3510  udfs - ok
20:03:45.0175 0x3510  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
20:03:45.0175 0x3510  UI0Detect - ok
20:03:45.0222 0x3510  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
20:03:45.0222 0x3510  uliagpkx - ok
20:03:45.0253 0x3510  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\drivers\umbus.sys
20:03:45.0253 0x3510  umbus - ok
20:03:45.0284 0x3510  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
20:03:45.0284 0x3510  UmPass - ok
20:03:45.0471 0x3510  [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:03:45.0534 0x3510  UNS - ok
20:03:45.0581 0x3510  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
20:03:45.0596 0x3510  upnphost - ok
20:03:45.0643 0x3510  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
20:03:45.0643 0x3510  USBAAPL64 - ok
20:03:45.0674 0x3510  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
20:03:45.0690 0x3510  usbccgp - ok
20:03:45.0721 0x3510  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
20:03:45.0737 0x3510  usbcir - ok
20:03:45.0783 0x3510  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
20:03:45.0783 0x3510  usbehci - ok
20:03:45.0830 0x3510  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
20:03:45.0846 0x3510  usbhub - ok
20:03:45.0861 0x3510  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
20:03:45.0877 0x3510  usbohci - ok
20:03:45.0908 0x3510  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
20:03:45.0924 0x3510  usbprint - ok
20:03:45.0955 0x3510  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
20:03:45.0955 0x3510  usbscan - ok
20:03:45.0986 0x3510  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
20:03:45.0986 0x3510  USBSTOR - ok
20:03:46.0017 0x3510  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
20:03:46.0017 0x3510  usbuhci - ok
20:03:46.0080 0x3510  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
20:03:46.0080 0x3510  usbvideo - ok
20:03:46.0111 0x3510  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
20:03:46.0111 0x3510  UxSms - ok
20:03:46.0127 0x3510  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
20:03:46.0127 0x3510  VaultSvc - ok
20:03:46.0173 0x3510  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
20:03:46.0189 0x3510  vdrvroot - ok
20:03:46.0251 0x3510  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
20:03:46.0283 0x3510  vds - ok
20:03:46.0329 0x3510  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
20:03:46.0329 0x3510  vga - ok
20:03:46.0345 0x3510  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
20:03:46.0345 0x3510  VgaSave - ok
20:03:46.0392 0x3510  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
20:03:46.0407 0x3510  vhdmp - ok
20:03:46.0439 0x3510  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
20:03:46.0439 0x3510  viaide - ok
20:03:46.0485 0x3510  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
20:03:46.0485 0x3510  volmgr - ok
20:03:46.0548 0x3510  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
20:03:46.0579 0x3510  volmgrx - ok
20:03:46.0626 0x3510  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
20:03:46.0641 0x3510  volsnap - ok
20:03:46.0688 0x3510  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
20:03:46.0688 0x3510  vsmraid - ok
20:03:46.0844 0x3510  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
20:03:46.0891 0x3510  VSS - ok
20:03:46.0922 0x3510  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
20:03:46.0922 0x3510  vwifibus - ok
20:03:46.0953 0x3510  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
20:03:46.0969 0x3510  vwififlt - ok
20:03:46.0985 0x3510  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
20:03:46.0985 0x3510  vwifimp - ok
20:03:47.0047 0x3510  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
20:03:47.0063 0x3510  W32Time - ok
20:03:47.0094 0x3510  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
20:03:47.0094 0x3510  WacomPen - ok
20:03:47.0141 0x3510  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
20:03:47.0141 0x3510  WANARP - ok
20:03:47.0141 0x3510  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
20:03:47.0156 0x3510  Wanarpv6 - ok
20:03:47.0250 0x3510  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
20:03:47.0281 0x3510  WatAdminSvc - ok
20:03:47.0406 0x3510  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
20:03:47.0453 0x3510  wbengine - ok
20:03:47.0484 0x3510  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
20:03:47.0484 0x3510  WbioSrvc - ok
20:03:47.0546 0x3510  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
20:03:47.0577 0x3510  wcncsvc - ok
20:03:47.0609 0x3510  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:03:47.0609 0x3510  WcsPlugInService - ok
20:03:47.0640 0x3510  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
20:03:47.0640 0x3510  Wd - ok
20:03:47.0718 0x3510  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
20:03:47.0733 0x3510  Wdf01000 - ok
20:03:47.0765 0x3510  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
20:03:47.0765 0x3510  WdiServiceHost - ok
20:03:47.0780 0x3510  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
20:03:47.0780 0x3510  WdiSystemHost - ok
20:03:47.0827 0x3510  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
20:03:47.0843 0x3510  WebClient - ok
20:03:47.0858 0x3510  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
20:03:47.0874 0x3510  Wecsvc - ok
20:03:47.0905 0x3510  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
20:03:47.0905 0x3510  wercplsupport - ok
20:03:47.0936 0x3510  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
20:03:47.0936 0x3510  WerSvc - ok
20:03:47.0967 0x3510  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
20:03:47.0967 0x3510  WfpLwf - ok
20:03:47.0983 0x3510  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
20:03:47.0983 0x3510  WIMMount - ok
20:03:48.0014 0x3510  WinDefend - ok
20:03:48.0030 0x3510  WinHttpAutoProxySvc - ok
20:03:48.0092 0x3510  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
20:03:48.0108 0x3510  Winmgmt - ok
20:03:48.0233 0x3510  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
20:03:48.0295 0x3510  WinRM - ok
20:03:48.0357 0x3510  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
20:03:48.0373 0x3510  WinUsb - ok
20:03:48.0451 0x3510  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
20:03:48.0482 0x3510  Wlansvc - ok
20:03:48.0529 0x3510  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
20:03:48.0529 0x3510  WmiAcpi - ok
20:03:48.0576 0x3510  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
20:03:48.0576 0x3510  wmiApSrv - ok
20:03:48.0591 0x3510  WMPNetworkSvc - ok
20:03:48.0623 0x3510  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
20:03:48.0623 0x3510  WPCSvc - ok
20:03:48.0669 0x3510  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
20:03:48.0685 0x3510  WPDBusEnum - ok
20:03:48.0701 0x3510  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
20:03:48.0701 0x3510  ws2ifsl - ok
20:03:48.0732 0x3510  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
20:03:48.0732 0x3510  wscsvc - ok
20:03:48.0779 0x3510  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
20:03:48.0794 0x3510  WSDPrintDevice - ok
20:03:48.0841 0x3510  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\windows\system32\drivers\WSDScan.sys
20:03:48.0841 0x3510  WSDScan - ok
20:03:48.0841 0x3510  WSearch - ok
20:03:48.0997 0x3510  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
20:03:49.0075 0x3510  wuauserv - ok
20:03:49.0106 0x3510  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
20:03:49.0122 0x3510  WudfPf - ok
20:03:49.0137 0x3510  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
20:03:49.0153 0x3510  WUDFRd - ok
20:03:49.0200 0x3510  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
20:03:49.0200 0x3510  wudfsvc - ok
20:03:49.0247 0x3510  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
20:03:49.0247 0x3510  WwanSvc - ok
20:03:49.0278 0x3510  ================ Scan global ===============================
20:03:49.0309 0x3510  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
20:03:49.0340 0x3510  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
20:03:49.0371 0x3510  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
20:03:49.0403 0x3510  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
20:03:49.0434 0x3510  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
20:03:49.0434 0x3510  [ Global ] - ok
20:03:49.0434 0x3510  ================ Scan MBR ==================================
20:03:49.0449 0x3510  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
20:03:49.0902 0x3510  \Device\Harddisk0\DR0 - ok
20:03:49.0902 0x3510  ================ Scan VBR ==================================
20:03:49.0949 0x3510  [ 28239F4403ADBD5E9315F4EE51F5AC0F ] \Device\Harddisk0\DR0\Partition1
20:03:49.0949 0x3510  \Device\Harddisk0\DR0\Partition1 - ok
20:03:49.0949 0x3510  ================ Scan generic autorun ======================
20:03:50.0027 0x3510  [ E1FE4FF49B44032A6B954DC9BD8FC801, 7BAAB68D960E46DC7FD1BDEE55B0F5F9D180A7ABFDFC052A6671154361245FCF ] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
20:03:50.0042 0x3510  TUSBSleepChargeSrv - ok
20:03:50.0089 0x3510  [ 852F12CA7C4FC7E3D77B606492435556, CCDA88794836D40701BF5B0A6872686DDE19C54AFCE6A954C9D83102BB12AEAF ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
20:03:50.0105 0x3510  IAStorIcon - ok
20:03:50.0198 0x3510  [ 541B822882607023E75FFEC0C8F90FAF, 1D734219F99EE4FEDFD8D146DCA4733C8633540CF2613A6002363B0F69859687 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
20:03:50.0229 0x3510  ToshibaServiceStation - ok
20:03:50.0370 0x3510  [ E6912B39751E837CA20B8BB1C19C3420, E1301C3562639B7DA60233FBEBF5FDB0F04058724FFAEC1F496C53C1BB3A2370 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
20:03:50.0432 0x3510  TWebCamera - ok
20:03:50.0510 0x3510  [ 8110B73D658C64CB999C597B880152F5, 83DCF8555A43C8FE0B3B57162E1E0D56D3F07F402A594DD460D1A0729059A3CE ] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
20:03:50.0526 0x3510  NortonOnlineBackupReminder - ok
20:03:50.0619 0x3510  [ F6933596E3C8893A04ECD5453DC8C855, B9F460BBAE5DFA94A79549FCB6A4D31DC5FFB7F3B5991611FC117BF4415ADE63 ] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
20:03:50.0619 0x3510  IJNetworkScanUtility - ok
20:03:50.0697 0x3510  [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files (x86)\QuickTime\QTTask.exe
20:03:50.0713 0x3510  QuickTime Task - ok
20:03:50.0775 0x3510  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:03:50.0775 0x3510  APSDaemon - ok
20:03:50.0838 0x3510  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:03:50.0853 0x3510  SunJavaUpdateSched - ok
20:03:50.0916 0x3510  [ 9F96F98409B89C5806F4380867DD48E0, A6A0FC6B013549BB28FD834FCE6AC0DB685AA5B42162F5AD090819B7D212CAA6 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
20:03:50.0931 0x3510  iTunesHelper - ok
20:03:51.0041 0x3510  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:03:51.0072 0x3510  Adobe ARM - ok
20:03:51.0212 0x3510  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:03:51.0243 0x3510  Sidebar - ok
20:03:51.0275 0x3510  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:03:51.0275 0x3510  mctadmin - ok
20:03:51.0353 0x3510  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:03:51.0384 0x3510  Sidebar - ok
20:03:51.0399 0x3510  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:03:51.0399 0x3510  mctadmin - ok
20:03:51.0462 0x3510  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:03:51.0462 0x3510  swg - ok
20:03:51.0680 0x3510  [ D39DA5B7139B4B5147B3C6A94978B5AA, 7C1D918C9A4768C8776F02FAC61F7252BCD1055BD4BC741A432A1D703514103E ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
20:03:51.0836 0x3510  msnmsgr - ok
20:03:51.0930 0x3510  [ 5883D86F8C22B1E5F78627E4AF19B234, 7DEE0ED168CBE012CAB1552586FDA945DF5151773E5523F0C7E4091F1DF1578F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
20:03:51.0930 0x3510  ApplePhotoStreams - ok
20:03:51.0961 0x3510  [ 23C2FCAA50C4F80F7D1B8A0771D45328, AE5BC1B2FC15AFFB5F38037AE4C87BB85F9C85D4AC0DCDD51F48A0F77E8EC094 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
20:03:51.0961 0x3510  iCloudServices - ok
20:03:51.0961 0x3510  Vhrzwub - ok
20:03:51.0977 0x3510  Waiting for KSN requests completion. In queue: 137
20:03:52.0991 0x3510  Waiting for KSN requests completion. In queue: 137
20:03:54.0005 0x3510  Waiting for KSN requests completion. In queue: 137
20:03:55.0019 0x3510  Waiting for KSN requests completion. In queue: 137
20:03:56.0126 0x3510  AV detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51000 ( enabled : updated )
20:03:56.0126 0x3510  FW detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51010 ( enabled )
20:03:58.0887 0x3510  ============================================================
20:03:58.0887 0x3510  Scan finished
20:03:58.0887 0x3510  ============================================================
20:03:58.0903 0x2860  Detected object count: 0
20:03:58.0903 0x2860  Actual detected object count: 0



#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 14 November 2014 - 07:40 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Conduit Engine
    Swag Bucks Toolbar
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Attached Files


Proud Member of UNITE & TB
 

#8 Dward1971

Dward1971

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 14 November 2014 - 03:13 PM

Here are the requested logs. For some reason, however, MBAM did not make a scan log--I have no idea why. I've attached the protection log.

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 11/14/2014 3:14:52 PM, SYSTEM, BRITTA-PC, Protection, Malware Protection, Starting, 
Protection, 11/14/2014 3:14:52 PM, SYSTEM, BRITTA-PC, Protection, Malware Protection, Started, 
Protection, 11/14/2014 3:14:52 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Starting, 
Update, 11/14/2014 3:14:53 PM, SYSTEM, BRITTA-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.12.1, 
Update, 11/14/2014 3:15:02 PM, SYSTEM, BRITTA-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.14.8, 
Protection, 11/14/2014 3:15:02 PM, SYSTEM, BRITTA-PC, Protection, Refresh, Starting, 
Protection, 11/14/2014 3:15:44 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Started, 
Protection, 11/14/2014 3:15:44 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 11/14/2014 3:15:44 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 11/14/2014 3:15:50 PM, SYSTEM, BRITTA-PC, Protection, Refresh, Success, 
Protection, 11/14/2014 3:15:50 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11/14/2014 3:15:50 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Started, 
Scan, 11/14/2014 3:49:37 PM, SYSTEM, BRITTA-PC, Manual, Start:11/14/2014 3:16:46 PM, Duration:32 min 26 sec, Threat Scan, Completed, 6 Malware Detections, 18 Non-Malware Detections, 
Protection, 11/14/2014 3:51:43 PM, SYSTEM, BRITTA-PC, Protection, Malware Protection, Starting, 
Protection, 11/14/2014 3:51:43 PM, SYSTEM, BRITTA-PC, Protection, Malware Protection, Started, 
Protection, 11/14/2014 3:51:43 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11/14/2014 3:53:20 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Started, 

(end)

Attached Files



#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 17 November 2014 - 04:51 AM

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

  • The logs can be found here:

-- XP: C:\Documents and Settings\\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd


  • Zip any and all of these logs and attach the file to your next reply.


Proud Member of UNITE & TB
 

#10 Dward1971

Dward1971

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 17 November 2014 - 04:58 PM

Found them. MBAM itself wouldn't print it. Attached are the last three days of logs.

 

Thank you for the help!

 

 

Attached Files



#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 18 November 2014 - 03:38 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 

#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 04 December 2014 - 06:48 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Proud Member of UNITE & TB
 

Related Topics




Also tagged with one or more of these keywords: dllhost, windows7, surrogate

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users