My wife just found this on her laptop (Toshiba Satellite U505) running Windows 7. Norton identifies it but won't delete it. What do I do next?
DLLHost Com Surrogate Infection [Closed]
#1
Posted 09 November 2014 - 08:55 AM
Register to Remove
#2
Posted 10 November 2014 - 06:32 AM
Hi there,
my name is Marius and I will assist you with your malware related problems.
Before we move on, please read the following points carefully.
- First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
- Perform everything in the correct order. Sometimes one step requires the previous one.
- If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
- Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
- Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
- If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
- Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
- Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
Scan with FRST in normal mode
Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
- Run FRST.
- Don´t change one of the checkboxes and hit Scan.
- Logfiles are created on your desktop.
- Poste the FRST.txt and (after the first scan only!) the Addition.txt.
Scan with Gmer rootkit scanner
Please download Gmer from here by clicking on the "Download EXE" Button.
- Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Show All ( should be unchecked by default )
- Leave everything else as it is.
- Close all other running programs as well as your Browser.
- Click the Scan button & wait for it to finish.
- Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop.
- Please post the content of the ark.txt here.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Scan with TDSS-Killer
Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.
Download TDSSKiller.zip and extract to your desktop
- Execute TDSSKiller.exe by doubleclicking on it.
- Press Start Scan
- If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
- Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please attach this file to your next reply.
#3
Posted 12 November 2014 - 06:19 PM
Thank you. Sorry for the delay in responding.
Here is the FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01 Ran by Britta (administrator) on BRITTA-PC on 12-11-2014 19:12:04 Running from C:\Users\Britta\Desktop Loaded Profile: Britta (Available profiles: Britta) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Windows\System32\GFNEXSrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Adobe Systems Inc.) C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [506208 2009-10-29] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [911160 2009-10-26] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-26] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.) HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [253312 2009-10-26] (TOSHIBA) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-11-05] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba) HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-23] (Google Inc.) HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\Run: [Vhrzwub] => regsvr32.exe /s "C:\Users\Britta\AppData\Local\Apps\Vhrzwub.dll" <===== ATTENTION HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e32a60d7-b364-4f3f-b966-548ae6b04b91&searchtype=ds&q={searchTerms}&installDate=17/09/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e32a60d7-b364-4f3f-b966-548ae6b04b91&searchtype=ds&q={searchTerms}&installDate=17/09/2013 URLSearchHook: HKLM-x32 - Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKLM - DefaultScope {7E274DFF-B707-4A37-A4E7-8992A0FA9A9F} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {7E274DFF-B707-4A37-A4E7-8992A0FA9A9F} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKLM-x32 - DefaultScope {FB6EAE89-C57F-42FA-BD4C-D0896E60A4A5} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173 SearchScopes: HKLM-x32 - {FB6EAE89-C57F-42FA-BD4C-D0896E60A4A5} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKCU - DefaultScope {3971FB9B-9C36-4294-8AB7-CF629F5737DC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS367US367 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e32a60d7-b364-4f3f-b966-548ae6b04b91&searchtype=ds&q={searchTerms}&installDate=17/09/2013 SearchScopes: HKCU - {3971FB9B-9C36-4294-8AB7-CF629F5737DC} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS367US367 SearchScopes: HKCU - {7E274DFF-B707-4A37-A4E7-8992A0FA9A9F} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Swag Bucks Toolbar -> {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} -> C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.opinionguru.com/CopyGuardIE.cab DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3628505457-3805021435-3120941342-1001: @nsroblox.roblox.com/launcher -> C:\Users\Britta\AppData\Local\Roblox\Versions\version-d65566343374484f\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3628505457-3805021435-3120941342-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Britta\AppData\Local\Roblox\Versions\version-d65566343374484f\\NPRobloxProxy64.dll ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3628505457-3805021435-3120941342-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Britta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-10] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-31] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03] CHR Extension: (Norton Identity Safe) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-03] CHR Extension: (Norton Security Toolbar) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-03] CHR Extension: (Google Wallet) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [161592 2009-10-22] () R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141111.001\IDSvia64.sys [633560 2014-09-01] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.002\ENG64.SYS [129752 2014-11-09] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.002\EX64.SYS [2137304 2014-11-09] (Symantec Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-08-06] () [File not signed] R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 19:10 - 2014-11-12 19:12 - 00025980 _____ () C:\Users\Britta\Desktop\FRST.txt 2014-11-11 18:39 - 2014-11-11 18:39 - 00254464 _____ (Borland Software Corporation) C:\Users\Britta\AppData\Local\Apps\Vhrzwub.dll 2014-11-09 15:34 - 2014-11-12 19:12 - 00000000 ____D () C:\FRST 2014-11-09 15:33 - 2014-11-09 15:33 - 02116096 _____ (Farbar) C:\Users\Britta\Desktop\FRST64.exe 2014-11-05 21:25 - 2014-11-05 21:25 - 00071168 _____ () C:\Users\Britta\AppData\Roaming\snkqoxc.dll 2014-11-05 21:25 - 2014-11-05 21:25 - 00004050 _____ () C:\windows\System32\Tasks\{F8CA5FD5-AFCE-728F-550E-FF9AAA7E7F78} 2014-11-05 21:25 - 2014-11-05 21:25 - 00000000 _____ () C:\Users\Britta\AppData\Roaming\nizhl.dll 2014-10-15 18:30 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-15 18:30 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-15 18:30 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-15 18:30 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-15 18:30 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-10-15 18:30 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-15 18:30 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-15 18:30 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-10-15 18:30 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-10-15 18:30 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-10-15 18:30 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-10-15 18:30 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-10-15 18:30 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-15 18:30 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-15 18:30 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-15 18:30 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-15 18:30 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-10-15 18:30 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-15 18:30 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-15 18:30 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-15 18:30 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-15 18:30 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-15 18:30 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-15 18:30 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-15 18:30 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-15 18:30 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-15 18:30 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-15 18:30 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-10-15 18:30 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-15 18:30 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-15 18:30 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-15 18:30 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-10-15 18:30 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-15 18:30 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 18:30 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-10-15 18:30 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-15 18:30 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-10-15 18:30 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-10-15 18:30 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-15 18:30 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-10-15 18:30 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-15 18:30 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-10-15 18:30 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-10-15 18:30 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-10-15 18:30 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-10-15 18:30 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-10-15 18:30 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-10-15 18:30 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-15 18:30 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-15 18:30 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-15 18:30 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 18:30 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-15 18:30 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-10-15 18:30 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-10-15 18:30 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-10-15 18:30 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-15 18:30 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-10-15 18:30 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-15 18:30 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-10-15 18:30 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-10-15 18:30 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL 2014-10-15 18:30 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL 2014-10-15 18:30 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL 2014-10-15 18:30 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL 2014-10-15 18:30 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL 2014-10-15 18:30 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL 2014-10-15 18:30 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL 2014-10-15 18:30 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL 2014-10-15 18:30 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL 2014-10-15 18:30 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL 2014-10-15 18:30 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls 2014-10-15 18:30 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls 2014-10-15 18:30 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-15 18:30 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll 2014-10-15 18:30 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll 2014-10-15 18:30 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-15 18:30 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll 2014-10-15 18:30 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-15 18:29 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-15 18:29 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2014-10-15 18:29 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-15 18:29 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll 2014-10-15 18:29 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-15 18:29 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll 2014-10-15 18:29 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-15 18:29 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-15 18:29 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-15 18:29 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-15 18:29 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-15 18:29 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-15 18:29 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-15 18:29 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-15 18:29 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll 2014-10-15 18:29 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-10-15 18:29 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-10-15 18:29 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll 2014-10-15 18:29 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-10-15 18:29 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-10-15 18:29 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-15 18:29 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2014-10-15 18:16 - 2014-10-17 15:32 - 00022040 _____ () C:\Users\Britta\Documents\Fall Baseball 2014 - Game 1.xlsx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 18:30 - 2010-02-17 18:36 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-12 18:08 - 2010-01-22 10:37 - 01913115 _____ () C:\windows\WindowsUpdate.log 2014-11-12 17:30 - 2010-02-17 18:36 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-12 17:25 - 2010-02-17 18:36 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-12 17:25 - 2010-02-17 18:36 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-12 17:25 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI 2014-11-12 17:24 - 2010-01-22 10:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-10 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF 2014-11-10 20:46 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-10 20:46 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-10 20:36 - 2010-12-28 16:53 - 00000000 ____D () C:\Users\Britta\Tracing 2014-11-10 20:33 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-11-10 20:33 - 2009-07-13 23:51 - 00056406 _____ () C:\windows\setupact.log 2014-11-10 20:33 - 2009-07-13 23:45 - 00369304 _____ () C:\windows\system32\FNTCACHE.DAT 2014-11-10 20:32 - 2009-12-23 03:11 - 00747194 _____ () C:\windows\PFRO.log 2014-11-10 17:34 - 2011-01-03 18:39 - 00000000 ____D () C:\Users\Britta\AppData\Local\CrashDumps 2014-11-09 10:36 - 2014-10-12 08:04 - 00018432 _____ () C:\Users\Britta\Documents\1610KatheryneVill Expenses.xls 2014-11-08 17:02 - 2010-04-01 09:10 - 00000000 ____D () C:\Users\Britta\Documents\Symantec 2014-11-04 20:48 - 2014-08-22 21:03 - 00056832 _____ () C:\Users\Britta\Documents\Student Lists 2014-2015.xls 2014-11-04 09:38 - 2010-02-17 18:33 - 00099744 _____ () C:\Users\Britta\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-29 16:22 - 2013-10-09 13:54 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-25 15:56 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\FxsTmp 2014-10-25 13:07 - 2013-10-13 10:30 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-10-17 17:17 - 2010-07-18 15:02 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Canon 2014-10-17 06:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache 2014-10-17 02:30 - 2014-05-08 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-17 02:07 - 2013-10-12 18:19 - 00000000 ____D () C:\windows\system32\MRT 2014-10-17 02:00 - 2010-02-28 08:35 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Britta\AppData\Local\Temp\fxictxz.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 21:56 ==================== End Of Log ============================
#4
Posted 12 November 2014 - 06:21 PM
Here is Addition.txt.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01 Ran by Britta at 2014-11-12 19:13:04 Running from C:\Users\Britta\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.174 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation) Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.8 - Amazon Services LLC) Amazon MP3 Uploader (x32 Version: 1.0.8 - Amazon Services LLC) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 1.5.0.3 - ) Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.) Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - ) Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - Canon Inc.) Canon MP560 series User Registration (HKLM-x32\...\Canon MP560 series User Registration) (Version: - ) Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby) DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden FATE Undiscovered Realms (x32 Version: 2.2.0.82 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle) Java(TM) 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.) Java(TM) SE Development Kit 6 Update 24 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden My Digital Studio 1.0 (HKLM-x32\...\9883-5023-5794-0994) (Version: 1.0.10.839 - Stampin' Up!) Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation) QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) RICOH R5U230 Media Driver ver.2.07.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.07.03.02 - RICOH) ROBLOX Player for Britta (HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio 2013 for Britta (HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) Safari (HKLM-x32\...\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}) (Version: 5.33.18.5 - Apple Inc.) Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) Hidden Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation) Swag Bucks Toolbar (HKLM-x32\...\Swag_Bucks Toolbar) (Version: 6.3.3.3 - Swag Bucks) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated) Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation) TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.04-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0004 - TOSHIBA) TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.64 - TOSHIBA Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0002 - TOSHIBA) TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba) Unity Web Player (HKU\S-1-5-21-3628505457-3805021435-3120941342-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Zuma Deluxe (HKLM-x32\...\BFG-Zuma Deluxe) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3628505457-3805021435-3120941342-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Britta\AppData\Local\Roblox\Versions\version-d65566343374484f\RobloxProxy64.dll (ROBLOX Corporation) ==================== Restore Points ========================= 10-09-2014 11:40:23 Windows Update 24-09-2014 20:54:54 Windows Update 01-10-2014 19:37:52 Windows Update 13-10-2014 15:49:48 Scheduled Checkpoint 17-10-2014 07:00:17 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {034BE224-2169-481D-8834-A14CDFE2A8C7} - System32\Tasks\42eb0088 => C:\Users\Britta\AppData\Local\Temp\\setup624695692.exe <==== ATTENTION Task: {0C32DAEF-775D-4D27-9121-C08C9190DD56} - System32\Tasks\63d6d2b4 => C:\Users\Britta\AppData\Local\Temp\\setup639800392.exe <==== ATTENTION Task: {14392B7B-A106-424C-A4F2-697051644F70} - System32\Tasks\8b3a6dec => C:\Users\Britta\AppData\Local\Temp\\setup1300646252.exe <==== ATTENTION Task: {1487D707-1173-42C2-9698-800CC80DC7A3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {154601D9-C970-427E-A3F0-3B3F6197F6BA} - System32\Tasks\ebf188e0 => C:\Users\Britta\AppData\Local\Temp\\setup2923258976.exe <==== ATTENTION Task: {154BFCEE-443D-42FE-AB37-F53CC09AB0BE} - System32\Tasks\9be84358 => C:\Users\Britta\AppData\Local\Temp\\setup2356730072.exe <==== ATTENTION Task: {165BB71E-457B-4C42-8467-3544E56B8C76} - System32\Tasks\51e93308 => C:\Users\Britta\AppData\Local\Temp\\setup338395788.exe <==== ATTENTION Task: {166003CC-14A9-4F81-B3E3-AA156DE0CCF6} - System32\Tasks\9e780b18 => C:\Users\Britta\AppData\Local\Temp\\setup1881787288.exe <==== ATTENTION Task: {18863214-E15F-4E3A-9794-6DCBE80F6898} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION) Task: {1EBD616E-EAE5-4FA2-8B68-C342BDC83B93} - System32\Tasks\fe19af38 => C:\Users\Britta\AppData\Local\Temp\\setup4004136120.exe <==== ATTENTION Task: {30A2065F-6C49-4200-8CE5-B5586CBC62D3} - System32\Tasks\98cfe68c => C:\Users\Britta\AppData\Local\Temp\\setup1528545804.exe <==== ATTENTION Task: {32DEF53A-B3CE-4EB2-A5FD-89E69FA57645} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {36257BF2-5FF7-4E86-A235-4A83ECD90BB1} - System32\Tasks\9a18bb90 => C:\Users\Britta\AppData\Local\Temp\\setup1550089508.exe <==== ATTENTION Task: {47E777B0-F123-41C3-B271-657578A800CA} - System32\Tasks\b5ba7f10 => C:\Users\Britta\AppData\Local\Temp\\setup2992738200.exe <==== ATTENTION Task: {4FFEFA29-1FB9-4DDF-9D73-2EEC17381A5D} - System32\Tasks\{F8CA5FD5-AFCE-728F-550E-FF9AAA7E7F78} => C:\Users\Britta\AppData\Roaming\snkqoxc.dll [2014-11-05] () <==== ATTENTION Task: {553781D3-FD1A-4AB5-9C5D-D1EB3374E8CF} - System32\Tasks\bebb7284 => C:\Users\Britta\AppData\Local\Temp\\setup2164739588.exe <==== ATTENTION Task: {5719BE22-CA34-427F-B1C0-C28D7AC366E3} - System32\Tasks\db852fd8 => C:\Users\Britta\AppData\Local\Temp\\setup3423978840.exe <==== ATTENTION Task: {57A78E00-593B-443E-BB5C-3B5D046ECE82} - System32\Tasks\745a5a6c => C:\Users\Britta\AppData\Local\Temp\\setup916862444.exe <==== ATTENTION Task: {5A0DCB15-1A83-444D-A091-7EC0AD4D38E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5A7D0FD9-D8D0-4087-BC44-DE69764E7F21} - System32\Tasks\c1960c28 => C:\Users\Britta\AppData\Local\Temp\\setup1177397564.exe <==== ATTENTION Task: {603DB948-119D-485D-8814-19AD900CCE11} - System32\Tasks\594b64e0 => C:\Users\Britta\AppData\Local\Temp\\setup1479393248.exe <==== ATTENTION Task: {63AA9AC4-7BA3-446D-BD41-11BDC86BB35B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {6440525D-44F8-4A67-AD33-6E5B2FEBF0CE} - System32\Tasks\503c19c8 => C:\Users\Britta\AppData\Local\Temp\\setup1087154380.exe <==== ATTENTION Task: {6664454C-3599-40A7-91EE-C0BD04CBE98D} - System32\Tasks\2097c0d4 => C:\Users\Britta\AppData\Local\Temp\\setup3806567508.exe <==== ATTENTION Task: {74E87F0B-7E21-495B-8214-57762C0D2612} - System32\Tasks\f4249cc8 => C:\Users\Britta\AppData\Local\Temp\\setup4077320136.exe <==== ATTENTION Task: {782EA646-6C6E-44F6-9551-5377D7E72FBD} - System32\Tasks\5be71d28 => C:\Users\Britta\AppData\Local\Temp\\setup1023951276.exe <==== ATTENTION Task: {7CA32D52-38FD-4EE5-97D6-CD5578292537} - System32\Tasks\78e1d8e4 => C:\Users\Britta\AppData\Local\Temp\\setup1769105384.exe <==== ATTENTION Task: {7D324F9B-7DBC-47E5-AABE-CC3091082B04} - System32\Tasks\5bf3010 => C:\Users\Britta\AppData\Local\Temp\\setup3356167056.exe <==== ATTENTION Task: {84455A7E-D96F-4D0B-95C0-7D998AABDA7A} - System32\Tasks\e0ee22f8 => C:\Users\Britta\AppData\Local\Temp\\setup3754982904.exe <==== ATTENTION Task: {844B0FF8-4BC3-4652-895E-044F53A761D5} - System32\Tasks\e883e3f4 => C:\Users\Britta\AppData\Local\Temp\\setup3641996024.exe <==== ATTENTION Task: {87D17FB2-07D8-4D1A-875C-AB90D4FF400D} - System32\Tasks\26694554 => C:\Users\Britta\AppData\Local\Temp\\setup385473236.exe <==== ATTENTION Task: {97291B24-8F67-4718-8B77-67D8A13E82B1} - System32\Tasks\a2222e10 => C:\Users\Britta\AppData\Local\Temp\\setup649710372.exe <==== ATTENTION Task: {9753C789-9FBA-4A69-A733-D4D4226BE39F} - System32\Tasks\5391e47c => C:\Users\Britta\AppData\Local\Temp\\setup1143110140.exe <==== ATTENTION Task: {A31D17EB-7912-4DB7-9E06-FD4790798744} - System32\Tasks\98e26658 => C:\Users\Britta\AppData\Local\Temp\\setup2306012508.exe <==== ATTENTION Task: {A6D6B920-E069-40B1-B65C-91B072520D4D} - System32\Tasks\37f6ef60 => C:\Users\Britta\AppData\Local\Temp\\setup772928356.exe <==== ATTENTION Task: {B393BAB1-381F-4891-B105-859A53F55214} - System32\Tasks\8b241460 => C:\Users\Britta\AppData\Local\Temp\\setup1670797536.exe <==== ATTENTION Task: {BEC6A511-F4DD-444D-A67B-7AE82CF8C75B} - System32\Tasks\743ec370 => C:\Users\Britta\AppData\Local\Temp\\setup1931550320.exe <==== ATTENTION Task: {C61FC2BF-BF5F-479C-9AD0-FC4E7F23E221} - System32\Tasks\3cf6fc20 => C:\Users\Britta\AppData\Local\Temp\\setup245939360.exe <==== ATTENTION Task: {C8B2C0D3-87E1-4550-ACE0-56E01B87121C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {C9F08250-C007-4315-88D6-1476492FB8BB} - System32\Tasks\f81ae728 => C:\Users\Britta\AppData\Local\Temp\\setup3644592680.exe <==== ATTENTION Task: {D012C891-4DFD-4145-A7CA-5A79A73560DD} - System32\Tasks\986060f8 => C:\Users\Britta\AppData\Local\Temp\\setup1521230476.exe <==== ATTENTION Task: {DE81D692-8DF4-46E8-AA52-86EA3A6D0F5C} - System32\Tasks\2875148c => C:\Users\Britta\AppData\Local\Temp\\setup2903290272.exe <==== ATTENTION Task: {E1716E60-C950-4251-97EC-F087A0DAF150} - System32\Tasks\717dcee4 => C:\Users\Britta\AppData\Local\Temp\\setup3093383032.exe <==== ATTENTION Task: {F441E479-7C8B-4DCB-BC74-D5612927AD1E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F6603DD8-4FE4-49F7-83D3-24088F899F23} - System32\Tasks\fbd89238 => C:\Users\Britta\AppData\Local\Temp\\setup3190051788.exe <==== ATTENTION Task: {FE8EC55D-3880-4BA1-B6C6-B1766A86CE72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-22 11:02 - 2009-10-22 14:24 - 00161592 _____ () C:\Windows\System32\GFNEXSrv.exe 2009-10-18 18:20 - 2009-10-18 18:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-11-03 16:26 - 2009-11-03 16:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2009-12-23 02:44 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll 2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2009-10-30 20:20 - 2009-10-30 20:20 - 00417592 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe 2009-11-05 12:18 - 2009-11-05 12:18 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-01-22 10:56 - 2009-10-02 16:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3628505457-3805021435-3120941342-500 - Administrator - Disabled) Britta (S-1-5-21-3628505457-3805021435-3120941342-1001 - Administrator - Enabled) => C:\Users\Britta Guest (S-1-5-21-3628505457-3805021435-3120941342-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3628505457-3805021435-3120941342-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/12/2014 05:25:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: 80004005 Error: (11/11/2014 09:47:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: 80004005 Error: (11/11/2014 09:47:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 44951220 Error: (11/11/2014 09:47:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 44951220 Error: (11/11/2014 09:47:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/10/2014 09:18:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2496 Error: (11/10/2014 09:18:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2496 Error: (11/10/2014 09:18:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/10/2014 07:35:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 37e4 Start Time: 01cffb9bf0663ff7 Termination Time: 320 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (11/10/2014 05:34:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bcbb9 Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22 Exception code: 0xc00000fd Fault offset: 0x00094fbf Faulting process id: 0x7438 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 System errors: ============= Error: (11/10/2014 08:45:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/10/2014 08:45:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/10/2014 08:35:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/10/2014 08:34:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (11/10/2014 04:24:29 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (11/10/2014 04:23:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect. Error: (11/10/2014 04:23:27 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053gusvc{89DAE4CD-9F17-4980-902A-99BA84A8F5C8} Error: (11/09/2014 08:13:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/09/2014 00:18:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/04/2014 11:38:12 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR2. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Percentage of memory in use: 56% Total physical RAM: 3891.59 MB Available physical RAM: 1684.2 MB Total Pagefile: 7781.35 MB Available Pagefile: 4822.74 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (TI105213W0I) (Fixed) (Total:454.02 GB) (Free:305.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CFC30635) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10.3 GB) - (Type=17) ==================== End Of Log ============================
#5
Posted 12 November 2014 - 07:01 PM
Here is the log from GMER (ark.
GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-12 19:57:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 465.76GB Running: rg536hst.exe; Driver: C:\Users\Britta\AppData\Local\Temp\kwliipow.sys ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa800487e2c0 Device \FileSystem\fastfat \Fat fffffa80088c22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F5CD9E96-ED7E-442F-BDC9-11BE32674E83} fffffa800704d2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80078a82c0 Device \Driver\cdrom \Device\CdRom0 fffffa8006f5e2c0 Device \Driver\USBSTOR \Device\00000090 fffffa80089f72c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{95591071-CB02-44B6-A1F3-66D4F88164CD} fffffa800704d2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80078a82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F29B53CF-CE8A-421D-85F1-2B35D57A72CC} fffffa800704d2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80078a82c0 Device \Driver\USBSTOR \Device\00000092 fffffa80089f72c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800704d2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80078a82c0 ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\svchost.exe [1696:2932] 00000000020c4ccc Thread C:\windows\SysWow64\svchost.exe [3512:3920] 00000000001c5d50 Thread C:\windows\SysWow64\dllhost.exe [6584:1140] 0000000000087710 Thread C:\windows\SysWow64\dllhost.exe [6584:6560] 0000000000087240 Thread C:\windows\SysWow64\dllhost.exe [12300:13832] 0000000000087710 Thread C:\windows\SysWow64\dllhost.exe [12300:14716] 0000000000087240 Thread C:\windows\SysWow64\dllhost.exe [6088:4152] 00000000000c7710 Thread C:\windows\SysWow64\dllhost.exe [6088:11316] 00000000000c7240 Thread C:\windows\SysWow64\dllhost.exe [4212:15052] 0000000000087710 Thread C:\windows\SysWow64\dllhost.exe [4212:7124] 0000000000087240 Thread C:\windows\SysWow64\dllhost.exe [5144:4840] 00000000000c7710 Thread C:\windows\SysWow64\dllhost.exe [5144:11780] 00000000000c7240 Thread C:\windows\SysWow64\dllhost.exe [12916:6820] 00000000000c7710 Thread C:\windows\SysWow64\dllhost.exe [12916:14064] 00000000000c7240 Thread C:\windows\SysWow64\dllhost.exe [11288:11388] 0000000000087710 Thread C:\windows\SysWow64\dllhost.exe [11288:14700] 0000000000087240 Thread C:\windows\SysWow64\dllhost.exe [8024:4308] 0000000000087710 Thread C:\windows\SysWow64\dllhost.exe [8024:8828] 0000000000087240 Thread C:\windows\SysWow64\dllhost.exe [12992:6992] 0000000000087710 Thread C:\windows\SysWow64\dllhost.exe [12992:4668] 0000000000087240 Thread C:\windows\SysWow64\dllhost.exe [8476:848] 0000000000087710 Thread C:\windows\SysWow64\dllhost.exe [8476:11816] 0000000000087240 ---- Processes - GMER 2.1 ---- Library C:\Users\Britta\AppData\Local\Temp\fxictxz.dll (*** suspicious ***) @ C:\windows\SysWOW64\rundll32.exe [14560] (Borland HTTP Server/Borland Software Corporation)(2014-11-11 23:39:17) 0000000010000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{2A901C55-8892-4C79-9BBA-DD1478A25AD4}?\Device\{D061C7A1-B7A1-4987-B292-06B73884E55B}?\Device\{165B270D-FD61-4D60-B42D-B37F63D4D258}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{2A901C55-8892-4C79-9BBA-DD1478A25AD4}"?"{D061C7A1-B7A1-4987-B292-06B73884E55B}"?"{165B270D-FD61-4D60-B42D-B37F63D4D258}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{2A901C55-8892-4C79-9BBA-DD1478A25AD4}?\Device\TCPIP6TUNNEL_{D061C7A1-B7A1-4987-B292-06B73884E55B}?\Device\TCPIP6TUNNEL_{165B270D-FD61-4D60-B42D-B37F63D4D258}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024d2fcf7b8 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{165B270D-FD61-4D60-B42D-B37F63D4D258}@InterfaceName isatap.{F29B53CF-CE8A-421D-85F1-2B35D57A72CC} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{165B270D-FD61-4D60-B42D-B37F63D4D258}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024d2fcf7b8 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 3085946 ---- EOF - GMER 2.1 ----
#6
Posted 12 November 2014 - 07:05 PM
Here is the output from TDSSKiller.
20:02:55.0940 0x26d4 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34 20:03:00.0714 0x26d4 ============================================================ 20:03:00.0714 0x26d4 Current date / time: 2014/11/12 20:03:00.0714 20:03:00.0714 0x26d4 SystemInfo: 20:03:00.0714 0x26d4 20:03:00.0714 0x26d4 OS Version: 6.1.7601 ServicePack: 1.0 20:03:00.0714 0x26d4 Product type: Workstation 20:03:00.0714 0x26d4 ComputerName: BRITTA-PC 20:03:00.0714 0x26d4 UserName: Britta 20:03:00.0714 0x26d4 Windows directory: C:\windows 20:03:00.0714 0x26d4 System windows directory: C:\windows 20:03:00.0714 0x26d4 Running under WOW64 20:03:00.0714 0x26d4 Processor architecture: Intel x64 20:03:00.0714 0x26d4 Number of processors: 4 20:03:00.0714 0x26d4 Page size: 0x1000 20:03:00.0714 0x26d4 Boot type: Normal boot 20:03:00.0714 0x26d4 ============================================================ 20:03:01.0510 0x26d4 KLMD registered as C:\windows\system32\drivers\84866464.sys 20:03:02.0555 0x26d4 System UUID: {11BA618B-95BE-6343-6AE7-23FC5007535E} 20:03:04.0302 0x26d4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:03:04.0349 0x26d4 ============================================================ 20:03:04.0349 0x26d4 \Device\Harddisk0\DR0: 20:03:04.0349 0x26d4 MBR partitions: 20:03:04.0349 0x26d4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38C0A000 20:03:04.0349 0x26d4 ============================================================ 20:03:04.0364 0x26d4 C: <-> \Device\Harddisk0\DR0\Partition1 20:03:04.0364 0x26d4 ============================================================ 20:03:04.0364 0x26d4 Initialize success 20:03:04.0364 0x26d4 ============================================================ 20:03:11.0696 0x3510 ============================================================ 20:03:11.0696 0x3510 Scan started 20:03:11.0696 0x3510 Mode: Manual; 20:03:11.0696 0x3510 ============================================================ 20:03:11.0696 0x3510 KSN ping started 20:03:14.0411 0x3510 KSN ping finished: true 20:03:17.0125 0x3510 ================ Scan system memory ======================== 20:03:17.0125 0x3510 System memory - ok 20:03:17.0125 0x3510 ================ Scan services ============================= 20:03:17.0437 0x3510 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 20:03:17.0453 0x3510 1394ohci - ok 20:03:17.0562 0x3510 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys 20:03:17.0578 0x3510 ACPI - ok 20:03:17.0640 0x3510 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 20:03:17.0640 0x3510 AcpiPmi - ok 20:03:17.0765 0x3510 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:03:17.0765 0x3510 AdobeARMservice - ok 20:03:17.0874 0x3510 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 20:03:17.0890 0x3510 adp94xx - ok 20:03:17.0952 0x3510 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 20:03:17.0968 0x3510 adpahci - ok 20:03:18.0014 0x3510 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 20:03:18.0014 0x3510 adpu320 - ok 20:03:18.0061 0x3510 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 20:03:18.0061 0x3510 AeLookupSvc - ok 20:03:18.0155 0x3510 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys 20:03:18.0170 0x3510 AFD - ok 20:03:18.0248 0x3510 [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys 20:03:18.0280 0x3510 AgereSoftModem - ok 20:03:18.0311 0x3510 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys 20:03:18.0326 0x3510 agp440 - ok 20:03:18.0373 0x3510 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe 20:03:18.0373 0x3510 ALG - ok 20:03:18.0436 0x3510 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys 20:03:18.0436 0x3510 aliide - ok 20:03:18.0482 0x3510 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys 20:03:18.0482 0x3510 amdide - ok 20:03:18.0529 0x3510 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 20:03:18.0529 0x3510 AmdK8 - ok 20:03:18.0560 0x3510 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 20:03:18.0560 0x3510 AmdPPM - ok 20:03:18.0623 0x3510 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys 20:03:18.0623 0x3510 amdsata - ok 20:03:18.0670 0x3510 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 20:03:18.0685 0x3510 amdsbs - ok 20:03:18.0732 0x3510 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys 20:03:18.0732 0x3510 amdxata - ok 20:03:18.0794 0x3510 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys 20:03:18.0794 0x3510 AppID - ok 20:03:18.0826 0x3510 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll 20:03:18.0826 0x3510 AppIDSvc - ok 20:03:18.0904 0x3510 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll 20:03:18.0904 0x3510 Appinfo - ok 20:03:19.0013 0x3510 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:03:19.0013 0x3510 Apple Mobile Device - ok 20:03:19.0060 0x3510 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys 20:03:19.0060 0x3510 arc - ok 20:03:19.0091 0x3510 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 20:03:19.0091 0x3510 arcsas - ok 20:03:19.0216 0x3510 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:03:19.0262 0x3510 aspnet_state - ok 20:03:19.0309 0x3510 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 20:03:19.0309 0x3510 AsyncMac - ok 20:03:19.0340 0x3510 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys 20:03:19.0340 0x3510 atapi - ok 20:03:19.0434 0x3510 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 20:03:19.0450 0x3510 AudioEndpointBuilder - ok 20:03:19.0465 0x3510 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll 20:03:19.0496 0x3510 AudioSrv - ok 20:03:19.0559 0x3510 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll 20:03:19.0559 0x3510 AxInstSV - ok 20:03:19.0621 0x3510 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys 20:03:19.0637 0x3510 b06bdrv - ok 20:03:19.0684 0x3510 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 20:03:19.0699 0x3510 b57nd60a - ok 20:03:19.0746 0x3510 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll 20:03:19.0746 0x3510 BDESVC - ok 20:03:19.0777 0x3510 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys 20:03:19.0777 0x3510 Beep - ok 20:03:19.0886 0x3510 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll 20:03:19.0902 0x3510 BFE - ok 20:03:20.0214 0x3510 [ D90F5136CB6512B2B9A855C94F79B0B5, 7E2FFDF2B1147E25EA2530DB55667352116EE676D0B6F76ED4C6FEAFC88AB5D4 ] BHDrvx64 C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys 20:03:20.0261 0x3510 BHDrvx64 - ok 20:03:20.0323 0x3510 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll 20:03:20.0354 0x3510 BITS - ok 20:03:20.0386 0x3510 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 20:03:20.0386 0x3510 blbdrive - ok 20:03:20.0510 0x3510 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:03:20.0542 0x3510 Bonjour Service - ok 20:03:20.0604 0x3510 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys 20:03:20.0604 0x3510 bowser - ok 20:03:20.0651 0x3510 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 20:03:20.0651 0x3510 BrFiltLo - ok 20:03:20.0651 0x3510 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 20:03:20.0651 0x3510 BrFiltUp - ok 20:03:20.0729 0x3510 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll 20:03:20.0729 0x3510 Browser - ok 20:03:20.0776 0x3510 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys 20:03:20.0791 0x3510 Brserid - ok 20:03:20.0822 0x3510 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 20:03:20.0822 0x3510 BrSerWdm - ok 20:03:20.0854 0x3510 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 20:03:20.0854 0x3510 BrUsbMdm - ok 20:03:20.0869 0x3510 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 20:03:20.0869 0x3510 BrUsbSer - ok 20:03:20.0916 0x3510 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 20:03:20.0916 0x3510 BthEnum - ok 20:03:20.0978 0x3510 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 20:03:20.0978 0x3510 BTHMODEM - ok 20:03:21.0025 0x3510 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 20:03:21.0025 0x3510 BthPan - ok 20:03:21.0103 0x3510 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 20:03:21.0119 0x3510 BTHPORT - ok 20:03:21.0166 0x3510 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll 20:03:21.0166 0x3510 bthserv - ok 20:03:21.0212 0x3510 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 20:03:21.0212 0x3510 BTHUSB - ok 20:03:21.0322 0x3510 [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360 C:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys 20:03:21.0337 0x3510 ccSet_N360 - ok 20:03:21.0368 0x3510 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 20:03:21.0384 0x3510 cdfs - ok 20:03:21.0446 0x3510 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\drivers\cdrom.sys 20:03:21.0446 0x3510 cdrom - ok 20:03:21.0493 0x3510 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll 20:03:21.0509 0x3510 CertPropSvc - ok 20:03:21.0587 0x3510 [ ADBDC69A0C25361870A1AC009D29F960, 3A4042DC5DB2A0A1AC4A94D6894E556F15E747AA11C25DEF1A8C2CDC5FF7A5EA ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe 20:03:21.0602 0x3510 cfWiMAXService - ok 20:03:21.0649 0x3510 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys 20:03:21.0649 0x3510 circlass - ok 20:03:21.0727 0x3510 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys 20:03:21.0743 0x3510 CLFS - ok 20:03:21.0821 0x3510 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:03:21.0821 0x3510 clr_optimization_v2.0.50727_32 - ok 20:03:21.0899 0x3510 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:03:21.0899 0x3510 clr_optimization_v2.0.50727_64 - ok 20:03:22.0008 0x3510 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:03:22.0164 0x3510 clr_optimization_v4.0.30319_32 - ok 20:03:22.0195 0x3510 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:03:22.0289 0x3510 clr_optimization_v4.0.30319_64 - ok 20:03:22.0367 0x3510 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 20:03:22.0367 0x3510 CmBatt - ok 20:03:22.0414 0x3510 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys 20:03:22.0414 0x3510 cmdide - ok 20:03:22.0507 0x3510 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys 20:03:22.0523 0x3510 CNG - ok 20:03:22.0554 0x3510 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 20:03:22.0554 0x3510 Compbatt - ok 20:03:22.0632 0x3510 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 20:03:22.0648 0x3510 CompositeBus - ok 20:03:22.0679 0x3510 COMSysApp - ok 20:03:22.0726 0x3510 [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe 20:03:22.0726 0x3510 ConfigFree Service - ok 20:03:22.0772 0x3510 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 20:03:22.0772 0x3510 crcdisk - ok 20:03:22.0850 0x3510 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll 20:03:22.0866 0x3510 CryptSvc - ok 20:03:22.0944 0x3510 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll 20:03:22.0960 0x3510 DcomLaunch - ok 20:03:23.0006 0x3510 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll 20:03:23.0006 0x3510 defragsvc - ok 20:03:23.0069 0x3510 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys 20:03:23.0084 0x3510 DfsC - ok 20:03:23.0147 0x3510 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll 20:03:23.0178 0x3510 Dhcp - ok 20:03:23.0194 0x3510 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys 20:03:23.0194 0x3510 discache - ok 20:03:23.0225 0x3510 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys 20:03:23.0225 0x3510 Disk - ok 20:03:23.0287 0x3510 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll 20:03:23.0303 0x3510 Dnscache - ok 20:03:23.0334 0x3510 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll 20:03:23.0350 0x3510 dot3svc - ok 20:03:23.0412 0x3510 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll 20:03:23.0412 0x3510 DPS - ok 20:03:23.0459 0x3510 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 20:03:23.0459 0x3510 drmkaud - ok 20:03:23.0552 0x3510 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 20:03:23.0584 0x3510 DXGKrnl - ok 20:03:23.0630 0x3510 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll 20:03:23.0630 0x3510 EapHost - ok 20:03:23.0802 0x3510 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys 20:03:23.0927 0x3510 ebdrv - ok 20:03:24.0020 0x3510 [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 20:03:24.0036 0x3510 eeCtrl - ok 20:03:24.0098 0x3510 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\windows\System32\lsass.exe 20:03:24.0098 0x3510 EFS - ok 20:03:24.0192 0x3510 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe 20:03:24.0223 0x3510 ehRecvr - ok 20:03:24.0254 0x3510 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe 20:03:24.0270 0x3510 ehSched - ok 20:03:24.0348 0x3510 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 20:03:24.0379 0x3510 elxstor - ok 20:03:24.0442 0x3510 [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 20:03:24.0457 0x3510 EraserUtilRebootDrv - ok 20:03:24.0488 0x3510 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys 20:03:24.0488 0x3510 ErrDev - ok 20:03:24.0551 0x3510 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll 20:03:24.0566 0x3510 EventSystem - ok 20:03:24.0598 0x3510 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys 20:03:24.0598 0x3510 exfat - ok 20:03:24.0644 0x3510 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys 20:03:24.0660 0x3510 fastfat - ok 20:03:24.0738 0x3510 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe 20:03:24.0754 0x3510 Fax - ok 20:03:24.0785 0x3510 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys 20:03:24.0785 0x3510 fdc - ok 20:03:24.0816 0x3510 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll 20:03:24.0816 0x3510 fdPHost - ok 20:03:24.0832 0x3510 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll 20:03:24.0847 0x3510 FDResPub - ok 20:03:24.0878 0x3510 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys 20:03:24.0878 0x3510 FileInfo - ok 20:03:24.0894 0x3510 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys 20:03:24.0910 0x3510 Filetrace - ok 20:03:24.0925 0x3510 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 20:03:24.0925 0x3510 flpydisk - ok 20:03:24.0972 0x3510 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 20:03:24.0972 0x3510 FltMgr - ok 20:03:25.0081 0x3510 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll 20:03:25.0128 0x3510 FontCache - ok 20:03:25.0175 0x3510 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:03:25.0175 0x3510 FontCache3.0.0.0 - ok 20:03:25.0222 0x3510 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys 20:03:25.0222 0x3510 FsDepends - ok 20:03:25.0268 0x3510 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 20:03:25.0268 0x3510 Fs_Rec - ok 20:03:25.0331 0x3510 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 20:03:25.0346 0x3510 fvevol - ok 20:03:25.0393 0x3510 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 20:03:25.0393 0x3510 gagp30kx - ok 20:03:25.0456 0x3510 [ 4FBCCBDD99A75C9EFBC90392CF32AF61, 221E71D0CE1793B8F0F7D8A2D7B205BBF53B518A45E2116A5882BCAB88B870E1 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe 20:03:25.0471 0x3510 GameConsoleService - ok 20:03:25.0534 0x3510 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 20:03:25.0534 0x3510 GEARAspiWDM - ok 20:03:25.0596 0x3510 [ D207DBEF87EDFC5A5072BFD69C3F4184, 53B193B2203FC7A8060B5CD6F4657BFB6895E780395DDA49DA9285492D0077BA ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe 20:03:25.0612 0x3510 GFNEXSrv - ok 20:03:25.0690 0x3510 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll 20:03:25.0721 0x3510 gpsvc - ok 20:03:25.0814 0x3510 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:03:25.0814 0x3510 gupdate - ok 20:03:25.0861 0x3510 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:03:25.0877 0x3510 gupdatem - ok 20:03:25.0908 0x3510 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:03:25.0924 0x3510 gusvc - ok 20:03:25.0955 0x3510 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 20:03:25.0955 0x3510 hcw85cir - ok 20:03:26.0033 0x3510 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 20:03:26.0048 0x3510 HdAudAddService - ok 20:03:26.0111 0x3510 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 20:03:26.0126 0x3510 HDAudBus - ok 20:03:26.0173 0x3510 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys 20:03:26.0173 0x3510 HECIx64 - ok 20:03:26.0204 0x3510 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 20:03:26.0204 0x3510 HidBatt - ok 20:03:26.0236 0x3510 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 20:03:26.0236 0x3510 HidBth - ok 20:03:26.0282 0x3510 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys 20:03:26.0282 0x3510 HidIr - ok 20:03:26.0314 0x3510 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll 20:03:26.0314 0x3510 hidserv - ok 20:03:26.0360 0x3510 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys 20:03:26.0360 0x3510 HidUsb - ok 20:03:26.0423 0x3510 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll 20:03:26.0423 0x3510 hkmsvc - ok 20:03:26.0485 0x3510 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll 20:03:26.0501 0x3510 HomeGroupListener - ok 20:03:26.0548 0x3510 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll 20:03:26.0548 0x3510 HomeGroupProvider - ok 20:03:26.0594 0x3510 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 20:03:26.0594 0x3510 HpSAMD - ok 20:03:26.0735 0x3510 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys 20:03:26.0766 0x3510 HTTP - ok 20:03:26.0797 0x3510 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 20:03:26.0797 0x3510 hwpolicy - ok 20:03:26.0860 0x3510 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys 20:03:26.0860 0x3510 i8042prt - ok 20:03:26.0938 0x3510 [ 631FA8935163B01FC0C02966CB3ADB92, F6BDA41EB4AB0A7215A4ABC88461AF174E1439AC37D7663D43D43ABB68F70E2F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 20:03:26.0969 0x3510 iaStor - ok 20:03:27.0047 0x3510 [ 7493EA4DE41348F7D3EDBF9DB298F56A, D40BE4E8D90B5F6EF0B16F3B9E9F63273FE558492A560CB291C7DE2864794CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 20:03:27.0047 0x3510 IAStorDataMgrSvc - ok 20:03:27.0109 0x3510 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 20:03:27.0125 0x3510 iaStorV - ok 20:03:27.0218 0x3510 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:03:27.0250 0x3510 idsvc - ok 20:03:27.0406 0x3510 [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64 C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141111.001\IDSvia64.sys 20:03:27.0421 0x3510 IDSVia64 - ok 20:03:27.0484 0x3510 IEEtwCollectorService - ok 20:03:27.0811 0x3510 [ 0372C154226F7074CD150F475A4870A6, C87475D7AF534D3C4C0F1FD28E4A893AA4B626A6069003FA9A84E6B9951FD890 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 20:03:28.0123 0x3510 igfx - ok 20:03:28.0186 0x3510 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 20:03:28.0186 0x3510 iirsp - ok 20:03:28.0279 0x3510 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll 20:03:28.0310 0x3510 IKEEXT - ok 20:03:28.0357 0x3510 [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys 20:03:28.0373 0x3510 Impcd - ok 20:03:28.0529 0x3510 [ 0C3CF4B3BAE28E121A1689E3538F8712, 1599785D54E8306872A1DDD8546D316C9B193A85C5AEB37CF956B8C4077B8792 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 20:03:28.0591 0x3510 IntcAzAudAddService - ok 20:03:28.0654 0x3510 [ 408B401CD7CDB075C7470B0FF7BA8D0B, A3BC4ED47094D6A78732012D9020E0C31583E6132E3C0FD1FD64C80AFCC4738F ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 20:03:28.0669 0x3510 IntcDAud - ok 20:03:28.0716 0x3510 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys 20:03:28.0716 0x3510 intelide - ok 20:03:28.0763 0x3510 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 20:03:28.0763 0x3510 intelppm - ok 20:03:28.0794 0x3510 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll 20:03:28.0810 0x3510 IPBusEnum - ok 20:03:28.0856 0x3510 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 20:03:28.0856 0x3510 IpFilterDriver - ok 20:03:28.0950 0x3510 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll 20:03:28.0966 0x3510 iphlpsvc - ok 20:03:29.0012 0x3510 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 20:03:29.0012 0x3510 IPMIDRV - ok 20:03:29.0059 0x3510 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys 20:03:29.0059 0x3510 IPNAT - ok 20:03:29.0153 0x3510 [ 6660920D05A32DF2DC1260CEF0B6D172, 2C4361B59CD9F41519FDF14EC69F2E37E1B0635ACA476E4BEF2152C925E35F9F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:03:29.0184 0x3510 iPod Service - ok 20:03:29.0215 0x3510 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys 20:03:29.0215 0x3510 IRENUM - ok 20:03:29.0246 0x3510 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys 20:03:29.0262 0x3510 isapnp - ok 20:03:29.0293 0x3510 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 20:03:29.0309 0x3510 iScsiPrt - ok 20:03:29.0356 0x3510 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\drivers\kbdclass.sys 20:03:29.0371 0x3510 kbdclass - ok 20:03:29.0418 0x3510 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 20:03:29.0418 0x3510 kbdhid - ok 20:03:29.0449 0x3510 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\windows\system32\lsass.exe 20:03:29.0449 0x3510 KeyIso - ok 20:03:29.0496 0x3510 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 20:03:29.0496 0x3510 KSecDD - ok 20:03:29.0527 0x3510 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 20:03:29.0527 0x3510 KSecPkg - ok 20:03:29.0558 0x3510 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys 20:03:29.0558 0x3510 ksthunk - ok 20:03:29.0605 0x3510 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll 20:03:29.0605 0x3510 KtmRm - ok 20:03:29.0683 0x3510 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll 20:03:29.0683 0x3510 LanmanServer - ok 20:03:29.0730 0x3510 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll 20:03:29.0730 0x3510 LanmanWorkstation - ok 20:03:29.0777 0x3510 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 20:03:29.0777 0x3510 lltdio - ok 20:03:29.0808 0x3510 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll 20:03:29.0824 0x3510 lltdsvc - ok 20:03:29.0855 0x3510 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll 20:03:29.0855 0x3510 lmhosts - ok 20:03:29.0917 0x3510 [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 20:03:29.0917 0x3510 LMS - ok 20:03:29.0948 0x3510 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 20:03:29.0964 0x3510 LSI_FC - ok 20:03:30.0011 0x3510 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 20:03:30.0011 0x3510 LSI_SAS - ok 20:03:30.0042 0x3510 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 20:03:30.0042 0x3510 LSI_SAS2 - ok 20:03:30.0058 0x3510 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 20:03:30.0073 0x3510 LSI_SCSI - ok 20:03:30.0089 0x3510 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys 20:03:30.0089 0x3510 luafv - ok 20:03:30.0136 0x3510 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 20:03:30.0136 0x3510 Mcx2Svc - ok 20:03:30.0167 0x3510 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys 20:03:30.0167 0x3510 megasas - ok 20:03:30.0198 0x3510 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 20:03:30.0214 0x3510 MegaSR - ok 20:03:30.0260 0x3510 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll 20:03:30.0260 0x3510 MMCSS - ok 20:03:30.0307 0x3510 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys 20:03:30.0307 0x3510 Modem - ok 20:03:30.0323 0x3510 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys 20:03:30.0323 0x3510 monitor - ok 20:03:30.0385 0x3510 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\drivers\mouclass.sys 20:03:30.0385 0x3510 mouclass - ok 20:03:30.0432 0x3510 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 20:03:30.0432 0x3510 mouhid - ok 20:03:30.0494 0x3510 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys 20:03:30.0510 0x3510 mountmgr - ok 20:03:30.0557 0x3510 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys 20:03:30.0572 0x3510 mpio - ok 20:03:30.0604 0x3510 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 20:03:30.0619 0x3510 mpsdrv - ok 20:03:30.0682 0x3510 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll 20:03:30.0697 0x3510 MpsSvc - ok 20:03:30.0744 0x3510 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 20:03:30.0744 0x3510 MRxDAV - ok 20:03:30.0791 0x3510 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 20:03:30.0806 0x3510 mrxsmb - ok 20:03:30.0853 0x3510 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 20:03:30.0869 0x3510 mrxsmb10 - ok 20:03:30.0900 0x3510 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 20:03:30.0900 0x3510 mrxsmb20 - ok 20:03:30.0947 0x3510 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys 20:03:30.0962 0x3510 msahci - ok 20:03:31.0009 0x3510 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys 20:03:31.0009 0x3510 msdsm - ok 20:03:31.0056 0x3510 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe 20:03:31.0072 0x3510 MSDTC - ok 20:03:31.0150 0x3510 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys 20:03:31.0150 0x3510 Msfs - ok 20:03:31.0165 0x3510 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 20:03:31.0165 0x3510 mshidkmdf - ok 20:03:31.0222 0x3510 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys 20:03:31.0222 0x3510 msisadrv - ok 20:03:31.0252 0x3510 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll 20:03:31.0252 0x3510 MSiSCSI - ok 20:03:31.0262 0x3510 msiserver - ok 20:03:31.0302 0x3510 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 20:03:31.0302 0x3510 MSKSSRV - ok 20:03:31.0312 0x3510 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 20:03:31.0322 0x3510 MSPCLOCK - ok 20:03:31.0338 0x3510 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys 20:03:31.0338 0x3510 MSPQM - ok 20:03:31.0400 0x3510 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys 20:03:31.0416 0x3510 MsRPC - ok 20:03:31.0462 0x3510 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 20:03:31.0462 0x3510 mssmbios - ok 20:03:31.0509 0x3510 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys 20:03:31.0509 0x3510 MSTEE - ok 20:03:31.0525 0x3510 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 20:03:31.0525 0x3510 MTConfig - ok 20:03:31.0540 0x3510 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys 20:03:31.0540 0x3510 Mup - ok 20:03:31.0774 0x3510 [ A0C88349651D9F5421AFD363C27102E8, 71D5F7EDAF47AB1376444CB648BFD86CEA36735EE42A9935BDB876DF8F765F45 ] N360 C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe 20:03:31.0790 0x3510 N360 - ok 20:03:31.0852 0x3510 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll 20:03:31.0868 0x3510 napagent - ok 20:03:31.0946 0x3510 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 20:03:31.0946 0x3510 NativeWifiP - ok 20:03:32.0274 0x3510 [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.002\ENG64.SYS 20:03:32.0274 0x3510 NAVENG - ok 20:03:32.0461 0x3510 [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15 C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141112.002\EX64.SYS 20:03:32.0523 0x3510 NAVEX15 - ok 20:03:32.0601 0x3510 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys 20:03:32.0632 0x3510 NDIS - ok 20:03:32.0664 0x3510 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 20:03:32.0679 0x3510 NdisCap - ok 20:03:32.0710 0x3510 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 20:03:32.0710 0x3510 NdisTapi - ok 20:03:32.0757 0x3510 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 20:03:32.0757 0x3510 Ndisuio - ok 20:03:32.0804 0x3510 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 20:03:32.0820 0x3510 NdisWan - ok 20:03:32.0851 0x3510 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 20:03:32.0851 0x3510 NDProxy - ok 20:03:32.0882 0x3510 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 20:03:32.0898 0x3510 NetBIOS - ok 20:03:32.0944 0x3510 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 20:03:32.0960 0x3510 NetBT - ok 20:03:32.0976 0x3510 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\windows\system32\lsass.exe 20:03:32.0991 0x3510 Netlogon - ok 20:03:33.0022 0x3510 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll 20:03:33.0038 0x3510 Netman - ok 20:03:33.0069 0x3510 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:03:33.0100 0x3510 NetMsmqActivator - ok 20:03:33.0116 0x3510 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:03:33.0132 0x3510 NetPipeActivator - ok 20:03:33.0178 0x3510 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll 20:03:33.0194 0x3510 netprofm - ok 20:03:33.0210 0x3510 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:03:33.0210 0x3510 NetTcpActivator - ok 20:03:33.0225 0x3510 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:03:33.0225 0x3510 NetTcpPortSharing - ok 20:03:33.0272 0x3510 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 20:03:33.0272 0x3510 nfrd960 - ok 20:03:33.0319 0x3510 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll 20:03:33.0350 0x3510 NlaSvc - ok 20:03:33.0350 0x3510 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys 20:03:33.0366 0x3510 Npfs - ok 20:03:33.0381 0x3510 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll 20:03:33.0381 0x3510 nsi - ok 20:03:33.0412 0x3510 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 20:03:33.0412 0x3510 nsiproxy - ok 20:03:33.0522 0x3510 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 20:03:33.0568 0x3510 Ntfs - ok 20:03:33.0600 0x3510 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys 20:03:33.0615 0x3510 Null - ok 20:03:33.0662 0x3510 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys 20:03:33.0678 0x3510 nvraid - ok 20:03:33.0693 0x3510 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys 20:03:33.0709 0x3510 nvstor - ok 20:03:33.0756 0x3510 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys 20:03:33.0756 0x3510 nv_agp - ok 20:03:33.0880 0x3510 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:03:33.0896 0x3510 odserv - ok 20:03:33.0958 0x3510 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 20:03:33.0958 0x3510 ohci1394 - ok 20:03:34.0021 0x3510 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:03:34.0036 0x3510 ose - ok 20:03:34.0083 0x3510 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll 20:03:34.0099 0x3510 p2pimsvc - ok 20:03:34.0146 0x3510 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll 20:03:34.0161 0x3510 p2psvc - ok 20:03:34.0177 0x3510 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys 20:03:34.0192 0x3510 Parport - ok 20:03:34.0239 0x3510 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys 20:03:34.0239 0x3510 partmgr - ok 20:03:34.0270 0x3510 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll 20:03:34.0286 0x3510 PcaSvc - ok 20:03:34.0333 0x3510 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys 20:03:34.0333 0x3510 pci - ok 20:03:34.0380 0x3510 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys 20:03:34.0380 0x3510 pciide - ok 20:03:34.0411 0x3510 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 20:03:34.0426 0x3510 pcmcia - ok 20:03:34.0458 0x3510 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys 20:03:34.0458 0x3510 pcw - ok 20:03:34.0489 0x3510 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys 20:03:34.0520 0x3510 PEAUTH - ok 20:03:34.0629 0x3510 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe 20:03:34.0629 0x3510 PerfHost - ok 20:03:34.0676 0x3510 [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys 20:03:34.0676 0x3510 PGEffect - ok 20:03:34.0785 0x3510 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll 20:03:34.0816 0x3510 pla - ok 20:03:34.0879 0x3510 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll 20:03:34.0894 0x3510 PlugPlay - ok 20:03:34.0910 0x3510 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 20:03:34.0910 0x3510 PNRPAutoReg - ok 20:03:34.0941 0x3510 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll 20:03:34.0941 0x3510 PNRPsvc - ok 20:03:35.0004 0x3510 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 20:03:35.0019 0x3510 PolicyAgent - ok 20:03:35.0050 0x3510 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll 20:03:35.0050 0x3510 Power - ok 20:03:35.0113 0x3510 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 20:03:35.0113 0x3510 PptpMiniport - ok 20:03:35.0160 0x3510 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys 20:03:35.0160 0x3510 Processor - ok 20:03:35.0206 0x3510 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll 20:03:35.0222 0x3510 ProfSvc - ok 20:03:35.0238 0x3510 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe 20:03:35.0238 0x3510 ProtectedStorage - ok 20:03:35.0284 0x3510 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys 20:03:35.0300 0x3510 Psched - ok 20:03:35.0378 0x3510 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 20:03:35.0425 0x3510 ql2300 - ok 20:03:35.0440 0x3510 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 20:03:35.0456 0x3510 ql40xx - ok 20:03:35.0487 0x3510 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll 20:03:35.0503 0x3510 QWAVE - ok 20:03:35.0518 0x3510 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 20:03:35.0518 0x3510 QWAVEdrv - ok 20:03:35.0565 0x3510 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 20:03:35.0565 0x3510 RasAcd - ok 20:03:35.0612 0x3510 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 20:03:35.0612 0x3510 RasAgileVpn - ok 20:03:35.0659 0x3510 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll 20:03:35.0659 0x3510 RasAuto - ok 20:03:35.0706 0x3510 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 20:03:35.0721 0x3510 Rasl2tp - ok 20:03:35.0768 0x3510 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll 20:03:35.0784 0x3510 RasMan - ok 20:03:35.0815 0x3510 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 20:03:35.0815 0x3510 RasPppoe - ok 20:03:35.0846 0x3510 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 20:03:35.0846 0x3510 RasSstp - ok 20:03:35.0893 0x3510 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 20:03:35.0908 0x3510 rdbss - ok 20:03:35.0955 0x3510 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 20:03:35.0955 0x3510 rdpbus - ok 20:03:35.0986 0x3510 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 20:03:35.0986 0x3510 RDPCDD - ok 20:03:36.0018 0x3510 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 20:03:36.0018 0x3510 RDPENCDD - ok 20:03:36.0049 0x3510 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 20:03:36.0049 0x3510 RDPREFMP - ok 20:03:36.0096 0x3510 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys 20:03:36.0111 0x3510 RDPWD - ok 20:03:36.0174 0x3510 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys 20:03:36.0174 0x3510 rdyboost - ok 20:03:36.0205 0x3510 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll 20:03:36.0205 0x3510 RemoteAccess - ok 20:03:36.0252 0x3510 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll 20:03:36.0252 0x3510 RemoteRegistry - ok 20:03:36.0298 0x3510 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 20:03:36.0314 0x3510 RFCOMM - ok 20:03:36.0361 0x3510 [ E20B1907FC72A3664ECE21E3C20FC63D, 7BB9CD6A90BDBF8AD3B22CBB1E29A240C9302EDEE104283DA2D153E9539104E5 ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys 20:03:36.0361 0x3510 rimspci - ok 20:03:36.0392 0x3510 [ 7DDA2E5CF452DAD24B1BE704225C18EE, 90B18DC32A0687BFF0F615CA75EDCBAA036ABC1043494EBA30802998D156D765 ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys 20:03:36.0392 0x3510 risdpcie - ok 20:03:36.0439 0x3510 [ 6A1CD4674505E6791390A1AB71DA1FBE, EC095BFBAA44258975E1538767BB6BFFAA85C63C7F63CB314501F113C8D16208 ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys 20:03:36.0439 0x3510 rixdpcie - ok 20:03:36.0470 0x3510 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 20:03:36.0470 0x3510 RpcEptMapper - ok 20:03:36.0517 0x3510 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe 20:03:36.0517 0x3510 RpcLocator - ok 20:03:36.0595 0x3510 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll 20:03:36.0610 0x3510 RpcSs - ok 20:03:36.0626 0x3510 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 20:03:36.0626 0x3510 rspndr - ok 20:03:36.0673 0x3510 [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 20:03:36.0673 0x3510 RTL8167 - ok 20:03:36.0829 0x3510 [ A8ED9726734D403217A4861A6788B144, 8982F6A5C6567D7D765B2093617C943B30327037BC7DB6CB1BABE7BB0739F9FA ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys 20:03:36.0860 0x3510 rtl8192se - ok 20:03:36.0876 0x3510 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\windows\system32\lsass.exe 20:03:36.0891 0x3510 SamSs - ok 20:03:36.0938 0x3510 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys 20:03:36.0938 0x3510 sbp2port - ok 20:03:36.0985 0x3510 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll 20:03:37.0000 0x3510 SCardSvr - ok 20:03:37.0047 0x3510 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 20:03:37.0047 0x3510 scfilter - ok 20:03:37.0141 0x3510 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll 20:03:37.0172 0x3510 Schedule - ok 20:03:37.0219 0x3510 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll 20:03:37.0219 0x3510 SCPolicySvc - ok 20:03:37.0281 0x3510 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\windows\system32\drivers\sdbus.sys 20:03:37.0297 0x3510 sdbus - ok 20:03:37.0328 0x3510 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll 20:03:37.0344 0x3510 SDRSVC - ok 20:03:37.0375 0x3510 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys 20:03:37.0390 0x3510 secdrv - ok 20:03:37.0437 0x3510 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll 20:03:37.0437 0x3510 seclogon - ok 20:03:37.0484 0x3510 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll 20:03:37.0484 0x3510 SENS - ok 20:03:37.0500 0x3510 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll 20:03:37.0500 0x3510 SensrSvc - ok 20:03:37.0531 0x3510 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys 20:03:37.0531 0x3510 Serenum - ok 20:03:37.0578 0x3510 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys 20:03:37.0578 0x3510 Serial - ok 20:03:37.0624 0x3510 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 20:03:37.0640 0x3510 sermouse - ok 20:03:37.0687 0x3510 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll 20:03:37.0687 0x3510 SessionEnv - ok 20:03:37.0734 0x3510 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys 20:03:37.0734 0x3510 sffdisk - ok 20:03:37.0749 0x3510 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 20:03:37.0765 0x3510 sffp_mmc - ok 20:03:37.0765 0x3510 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 20:03:37.0780 0x3510 sffp_sd - ok 20:03:37.0796 0x3510 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 20:03:37.0796 0x3510 sfloppy - ok 20:03:37.0858 0x3510 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll 20:03:37.0874 0x3510 SharedAccess - ok 20:03:37.0921 0x3510 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll 20:03:37.0952 0x3510 ShellHWDetection - ok 20:03:37.0983 0x3510 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 20:03:37.0983 0x3510 SiSRaid2 - ok 20:03:38.0014 0x3510 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 20:03:38.0014 0x3510 SiSRaid4 - ok 20:03:38.0061 0x3510 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys 20:03:38.0061 0x3510 Smb - ok 20:03:38.0124 0x3510 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe 20:03:38.0124 0x3510 SNMPTRAP - ok 20:03:38.0155 0x3510 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys 20:03:38.0155 0x3510 spldr - ok 20:03:38.0217 0x3510 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe 20:03:38.0233 0x3510 Spooler - ok 20:03:38.0420 0x3510 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe 20:03:38.0545 0x3510 sppsvc - ok 20:03:38.0576 0x3510 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll 20:03:38.0576 0x3510 sppuinotify - ok 20:03:38.0701 0x3510 [ A6CFF1AF7664627A296B6A0A96CF876E, DAD7B09341ABAA7F26AB7F93BD2B910BD2BA6ECFD317C1BCB66FFEC332A655A0 ] sptd C:\windows\System32\Drivers\sptd.sys 20:03:38.0701 0x3510 Suspicious file ( NoAccess ): C:\windows\System32\Drivers\sptd.sys. md5: A6CFF1AF7664627A296B6A0A96CF876E, sha256: DAD7B09341ABAA7F26AB7F93BD2B910BD2BA6ECFD317C1BCB66FFEC332A655A0 20:03:38.0701 0x3510 sptd - detected LockedFile.Multi.Generic ( 1 ) 20:03:41.0556 0x3510 Detect skipped due to KSN trusted 20:03:41.0556 0x3510 sptd - ok 20:03:41.0727 0x3510 [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP C:\windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS 20:03:41.0774 0x3510 SRTSP - ok 20:03:41.0790 0x3510 [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX C:\windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS 20:03:41.0790 0x3510 SRTSPX - ok 20:03:41.0868 0x3510 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys 20:03:41.0868 0x3510 srv - ok 20:03:41.0930 0x3510 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 20:03:41.0946 0x3510 srv2 - ok 20:03:41.0992 0x3510 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 20:03:42.0008 0x3510 srvnet - ok 20:03:42.0039 0x3510 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 20:03:42.0055 0x3510 SSDPSRV - ok 20:03:42.0071 0x3510 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll 20:03:42.0071 0x3510 SstpSvc - ok 20:03:42.0102 0x3510 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 20:03:42.0102 0x3510 stexstor - ok 20:03:42.0180 0x3510 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll 20:03:42.0211 0x3510 stisvc - ok 20:03:42.0258 0x3510 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys 20:03:42.0258 0x3510 swenum - ok 20:03:42.0320 0x3510 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll 20:03:42.0351 0x3510 swprv - ok 20:03:42.0414 0x3510 [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS C:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS 20:03:42.0429 0x3510 SymDS - ok 20:03:42.0539 0x3510 [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA C:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS 20:03:42.0570 0x3510 SymEFA - ok 20:03:42.0632 0x3510 [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS 20:03:42.0648 0x3510 SymEvent - ok 20:03:42.0695 0x3510 [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON C:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS 20:03:42.0710 0x3510 SymIRON - ok 20:03:42.0788 0x3510 [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS C:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS 20:03:42.0804 0x3510 SymNetS - ok 20:03:42.0882 0x3510 [ E28CA52ECF8CB6EB04B34DE440BA260E, 71F2B8FF79DCA776D31604FA6FFA631F7AC8E9461E6BAB2ED97E2151EF186DD7 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 20:03:42.0897 0x3510 SynTP - ok 20:03:43.0022 0x3510 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll 20:03:43.0085 0x3510 SysMain - ok 20:03:43.0131 0x3510 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll 20:03:43.0131 0x3510 TabletInputService - ok 20:03:43.0178 0x3510 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll 20:03:43.0194 0x3510 TapiSrv - ok 20:03:43.0225 0x3510 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll 20:03:43.0225 0x3510 TBS - ok 20:03:43.0350 0x3510 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys 20:03:43.0412 0x3510 Tcpip - ok 20:03:43.0521 0x3510 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 20:03:43.0568 0x3510 TCPIP6 - ok 20:03:43.0599 0x3510 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 20:03:43.0599 0x3510 tcpipreg - ok 20:03:43.0646 0x3510 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys 20:03:43.0646 0x3510 tdcmdpst - ok 20:03:43.0677 0x3510 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 20:03:43.0677 0x3510 TDPIPE - ok 20:03:43.0724 0x3510 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 20:03:43.0724 0x3510 TDTCP - ok 20:03:43.0755 0x3510 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys 20:03:43.0771 0x3510 tdx - ok 20:03:43.0818 0x3510 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys 20:03:43.0818 0x3510 TermDD - ok 20:03:43.0911 0x3510 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\windows\System32\termsrv.dll 20:03:43.0927 0x3510 TermService - ok 20:03:43.0958 0x3510 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll 20:03:43.0958 0x3510 Themes - ok 20:03:44.0021 0x3510 [ C013F6ACAA9761F571BD28DADA7C157D, E57246132B36FE38D4B177AAE3367D25AF28449201CD4D02CB7957C32AF02AC6 ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys 20:03:44.0021 0x3510 Thpdrv - ok 20:03:44.0036 0x3510 [ B4E609047434ED948AF7BDEF2FA66E38, 353B7A120E532E9CDF0DE91EC39DF5B9B92A1A99B537FF4FB0D1EA13DBE30D17 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS 20:03:44.0036 0x3510 Thpevm - ok 20:03:44.0083 0x3510 [ F6927BBA3B09AFF26A53A9191F7378F9, ECB6FD262882E9E2714DC61A634045B4C4906BF159A42ECB5D3166BD42EC65D1 ] Thpsrv C:\windows\system32\ThpSrv.exe 20:03:44.0099 0x3510 Thpsrv - ok 20:03:44.0130 0x3510 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll 20:03:44.0130 0x3510 THREADORDER - ok 20:03:44.0223 0x3510 [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 20:03:44.0239 0x3510 TMachInfo - ok 20:03:44.0255 0x3510 [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe 20:03:44.0255 0x3510 TODDSrv - ok 20:03:44.0348 0x3510 [ F82188FC76CFE174DC35A46E0BFC4DA7, B128255E3E6457D6140A41C2027A9269C9023572F2B64F4C50FAF8316B966E15 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 20:03:44.0364 0x3510 TosCoSrv - ok 20:03:44.0411 0x3510 [ 6938CBD31B47092B042420A5FD2E9AAE, EE22EC33BFB9DA4143A0286F2BE8CF0B1D44D22973D406125AD3CF518BB4FB48 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe 20:03:44.0426 0x3510 TOSHIBA eco Utility Service - ok 20:03:44.0489 0x3510 [ 4218356616E08518E6C2CB102AC3798A, 2AFF17E29F9F5A9A62471100CE49A859262B0296A38BB30CB62D3CF48FC0308D ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 20:03:44.0504 0x3510 TOSHIBA HDD SSD Alert Service - ok 20:03:44.0551 0x3510 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys 20:03:44.0567 0x3510 tos_sps64 - ok 20:03:44.0660 0x3510 [ 270CEBD8B5DD9F232CD50D18D19C10A0, 9845BB48B5595C10C84DECB49F74B61CF4950369C86703A2B595C75102F0354D ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 20:03:44.0676 0x3510 TPCHSrv - ok 20:03:44.0723 0x3510 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll 20:03:44.0723 0x3510 TrkWks - ok 20:03:44.0785 0x3510 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 20:03:44.0801 0x3510 TrustedInstaller - ok 20:03:44.0847 0x3510 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 20:03:44.0847 0x3510 tssecsrv - ok 20:03:44.0894 0x3510 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 20:03:44.0910 0x3510 TsUsbFlt - ok 20:03:44.0972 0x3510 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 20:03:44.0988 0x3510 tunnel - ok 20:03:45.0003 0x3510 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS 20:03:45.0003 0x3510 TVALZ - ok 20:03:45.0050 0x3510 [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys 20:03:45.0050 0x3510 TVALZFL - ok 20:03:45.0066 0x3510 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 20:03:45.0066 0x3510 uagp35 - ok 20:03:45.0113 0x3510 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys 20:03:45.0128 0x3510 udfs - ok 20:03:45.0175 0x3510 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe 20:03:45.0175 0x3510 UI0Detect - ok 20:03:45.0222 0x3510 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 20:03:45.0222 0x3510 uliagpkx - ok 20:03:45.0253 0x3510 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\drivers\umbus.sys 20:03:45.0253 0x3510 umbus - ok 20:03:45.0284 0x3510 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys 20:03:45.0284 0x3510 UmPass - ok 20:03:45.0471 0x3510 [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 20:03:45.0534 0x3510 UNS - ok 20:03:45.0581 0x3510 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll 20:03:45.0596 0x3510 upnphost - ok 20:03:45.0643 0x3510 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys 20:03:45.0643 0x3510 USBAAPL64 - ok 20:03:45.0674 0x3510 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 20:03:45.0690 0x3510 usbccgp - ok 20:03:45.0721 0x3510 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys 20:03:45.0737 0x3510 usbcir - ok 20:03:45.0783 0x3510 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys 20:03:45.0783 0x3510 usbehci - ok 20:03:45.0830 0x3510 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 20:03:45.0846 0x3510 usbhub - ok 20:03:45.0861 0x3510 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys 20:03:45.0877 0x3510 usbohci - ok 20:03:45.0908 0x3510 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 20:03:45.0924 0x3510 usbprint - ok 20:03:45.0955 0x3510 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\drivers\usbscan.sys 20:03:45.0955 0x3510 usbscan - ok 20:03:45.0986 0x3510 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 20:03:45.0986 0x3510 USBSTOR - ok 20:03:46.0017 0x3510 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys 20:03:46.0017 0x3510 usbuhci - ok 20:03:46.0080 0x3510 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 20:03:46.0080 0x3510 usbvideo - ok 20:03:46.0111 0x3510 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll 20:03:46.0111 0x3510 UxSms - ok 20:03:46.0127 0x3510 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\windows\system32\lsass.exe 20:03:46.0127 0x3510 VaultSvc - ok 20:03:46.0173 0x3510 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 20:03:46.0189 0x3510 vdrvroot - ok 20:03:46.0251 0x3510 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe 20:03:46.0283 0x3510 vds - ok 20:03:46.0329 0x3510 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys 20:03:46.0329 0x3510 vga - ok 20:03:46.0345 0x3510 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys 20:03:46.0345 0x3510 VgaSave - ok 20:03:46.0392 0x3510 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys 20:03:46.0407 0x3510 vhdmp - ok 20:03:46.0439 0x3510 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys 20:03:46.0439 0x3510 viaide - ok 20:03:46.0485 0x3510 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys 20:03:46.0485 0x3510 volmgr - ok 20:03:46.0548 0x3510 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys 20:03:46.0579 0x3510 volmgrx - ok 20:03:46.0626 0x3510 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys 20:03:46.0641 0x3510 volsnap - ok 20:03:46.0688 0x3510 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 20:03:46.0688 0x3510 vsmraid - ok 20:03:46.0844 0x3510 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe 20:03:46.0891 0x3510 VSS - ok 20:03:46.0922 0x3510 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 20:03:46.0922 0x3510 vwifibus - ok 20:03:46.0953 0x3510 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 20:03:46.0969 0x3510 vwififlt - ok 20:03:46.0985 0x3510 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys 20:03:46.0985 0x3510 vwifimp - ok 20:03:47.0047 0x3510 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll 20:03:47.0063 0x3510 W32Time - ok 20:03:47.0094 0x3510 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 20:03:47.0094 0x3510 WacomPen - ok 20:03:47.0141 0x3510 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 20:03:47.0141 0x3510 WANARP - ok 20:03:47.0141 0x3510 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 20:03:47.0156 0x3510 Wanarpv6 - ok 20:03:47.0250 0x3510 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 20:03:47.0281 0x3510 WatAdminSvc - ok 20:03:47.0406 0x3510 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe 20:03:47.0453 0x3510 wbengine - ok 20:03:47.0484 0x3510 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll 20:03:47.0484 0x3510 WbioSrvc - ok 20:03:47.0546 0x3510 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll 20:03:47.0577 0x3510 wcncsvc - ok 20:03:47.0609 0x3510 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 20:03:47.0609 0x3510 WcsPlugInService - ok 20:03:47.0640 0x3510 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys 20:03:47.0640 0x3510 Wd - ok 20:03:47.0718 0x3510 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 20:03:47.0733 0x3510 Wdf01000 - ok 20:03:47.0765 0x3510 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll 20:03:47.0765 0x3510 WdiServiceHost - ok 20:03:47.0780 0x3510 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll 20:03:47.0780 0x3510 WdiSystemHost - ok 20:03:47.0827 0x3510 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll 20:03:47.0843 0x3510 WebClient - ok 20:03:47.0858 0x3510 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll 20:03:47.0874 0x3510 Wecsvc - ok 20:03:47.0905 0x3510 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll 20:03:47.0905 0x3510 wercplsupport - ok 20:03:47.0936 0x3510 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll 20:03:47.0936 0x3510 WerSvc - ok 20:03:47.0967 0x3510 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 20:03:47.0967 0x3510 WfpLwf - ok 20:03:47.0983 0x3510 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys 20:03:47.0983 0x3510 WIMMount - ok 20:03:48.0014 0x3510 WinDefend - ok 20:03:48.0030 0x3510 WinHttpAutoProxySvc - ok 20:03:48.0092 0x3510 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 20:03:48.0108 0x3510 Winmgmt - ok 20:03:48.0233 0x3510 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll 20:03:48.0295 0x3510 WinRM - ok 20:03:48.0357 0x3510 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 20:03:48.0373 0x3510 WinUsb - ok 20:03:48.0451 0x3510 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll 20:03:48.0482 0x3510 Wlansvc - ok 20:03:48.0529 0x3510 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 20:03:48.0529 0x3510 WmiAcpi - ok 20:03:48.0576 0x3510 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 20:03:48.0576 0x3510 wmiApSrv - ok 20:03:48.0591 0x3510 WMPNetworkSvc - ok 20:03:48.0623 0x3510 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll 20:03:48.0623 0x3510 WPCSvc - ok 20:03:48.0669 0x3510 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 20:03:48.0685 0x3510 WPDBusEnum - ok 20:03:48.0701 0x3510 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 20:03:48.0701 0x3510 ws2ifsl - ok 20:03:48.0732 0x3510 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll 20:03:48.0732 0x3510 wscsvc - ok 20:03:48.0779 0x3510 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys 20:03:48.0794 0x3510 WSDPrintDevice - ok 20:03:48.0841 0x3510 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\windows\system32\drivers\WSDScan.sys 20:03:48.0841 0x3510 WSDScan - ok 20:03:48.0841 0x3510 WSearch - ok 20:03:48.0997 0x3510 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\windows\system32\wuaueng.dll 20:03:49.0075 0x3510 wuauserv - ok 20:03:49.0106 0x3510 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys 20:03:49.0122 0x3510 WudfPf - ok 20:03:49.0137 0x3510 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 20:03:49.0153 0x3510 WUDFRd - ok 20:03:49.0200 0x3510 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll 20:03:49.0200 0x3510 wudfsvc - ok 20:03:49.0247 0x3510 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll 20:03:49.0247 0x3510 WwanSvc - ok 20:03:49.0278 0x3510 ================ Scan global =============================== 20:03:49.0309 0x3510 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll 20:03:49.0340 0x3510 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll 20:03:49.0371 0x3510 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll 20:03:49.0403 0x3510 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll 20:03:49.0434 0x3510 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe 20:03:49.0434 0x3510 [ Global ] - ok 20:03:49.0434 0x3510 ================ Scan MBR ================================== 20:03:49.0449 0x3510 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0 20:03:49.0902 0x3510 \Device\Harddisk0\DR0 - ok 20:03:49.0902 0x3510 ================ Scan VBR ================================== 20:03:49.0949 0x3510 [ 28239F4403ADBD5E9315F4EE51F5AC0F ] \Device\Harddisk0\DR0\Partition1 20:03:49.0949 0x3510 \Device\Harddisk0\DR0\Partition1 - ok 20:03:49.0949 0x3510 ================ Scan generic autorun ====================== 20:03:50.0027 0x3510 [ E1FE4FF49B44032A6B954DC9BD8FC801, 7BAAB68D960E46DC7FD1BDEE55B0F5F9D180A7ABFDFC052A6671154361245FCF ] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe 20:03:50.0042 0x3510 TUSBSleepChargeSrv - ok 20:03:50.0089 0x3510 [ 852F12CA7C4FC7E3D77B606492435556, CCDA88794836D40701BF5B0A6872686DDE19C54AFCE6A954C9D83102BB12AEAF ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 20:03:50.0105 0x3510 IAStorIcon - ok 20:03:50.0198 0x3510 [ 541B822882607023E75FFEC0C8F90FAF, 1D734219F99EE4FEDFD8D146DCA4733C8633540CF2613A6002363B0F69859687 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe 20:03:50.0229 0x3510 ToshibaServiceStation - ok 20:03:50.0370 0x3510 [ E6912B39751E837CA20B8BB1C19C3420, E1301C3562639B7DA60233FBEBF5FDB0F04058724FFAEC1F496C53C1BB3A2370 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe 20:03:50.0432 0x3510 TWebCamera - ok 20:03:50.0510 0x3510 [ 8110B73D658C64CB999C597B880152F5, 83DCF8555A43C8FE0B3B57162E1E0D56D3F07F402A594DD460D1A0729059A3CE ] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe 20:03:50.0526 0x3510 NortonOnlineBackupReminder - ok 20:03:50.0619 0x3510 [ F6933596E3C8893A04ECD5453DC8C855, B9F460BBAE5DFA94A79549FCB6A4D31DC5FFB7F3B5991611FC117BF4415ADE63 ] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe 20:03:50.0619 0x3510 IJNetworkScanUtility - ok 20:03:50.0697 0x3510 [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files (x86)\QuickTime\QTTask.exe 20:03:50.0713 0x3510 QuickTime Task - ok 20:03:50.0775 0x3510 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 20:03:50.0775 0x3510 APSDaemon - ok 20:03:50.0838 0x3510 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 20:03:50.0853 0x3510 SunJavaUpdateSched - ok 20:03:50.0916 0x3510 [ 9F96F98409B89C5806F4380867DD48E0, A6A0FC6B013549BB28FD834FCE6AC0DB685AA5B42162F5AD090819B7D212CAA6 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe 20:03:50.0931 0x3510 iTunesHelper - ok 20:03:51.0041 0x3510 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 20:03:51.0072 0x3510 Adobe ARM - ok 20:03:51.0212 0x3510 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 20:03:51.0243 0x3510 Sidebar - ok 20:03:51.0275 0x3510 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 20:03:51.0275 0x3510 mctadmin - ok 20:03:51.0353 0x3510 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 20:03:51.0384 0x3510 Sidebar - ok 20:03:51.0399 0x3510 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 20:03:51.0399 0x3510 mctadmin - ok 20:03:51.0462 0x3510 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 20:03:51.0462 0x3510 swg - ok 20:03:51.0680 0x3510 [ D39DA5B7139B4B5147B3C6A94978B5AA, 7C1D918C9A4768C8776F02FAC61F7252BCD1055BD4BC741A432A1D703514103E ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 20:03:51.0836 0x3510 msnmsgr - ok 20:03:51.0930 0x3510 [ 5883D86F8C22B1E5F78627E4AF19B234, 7DEE0ED168CBE012CAB1552586FDA945DF5151773E5523F0C7E4091F1DF1578F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe 20:03:51.0930 0x3510 ApplePhotoStreams - ok 20:03:51.0961 0x3510 [ 23C2FCAA50C4F80F7D1B8A0771D45328, AE5BC1B2FC15AFFB5F38037AE4C87BB85F9C85D4AC0DCDD51F48A0F77E8EC094 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 20:03:51.0961 0x3510 iCloudServices - ok 20:03:51.0961 0x3510 Vhrzwub - ok 20:03:51.0977 0x3510 Waiting for KSN requests completion. In queue: 137 20:03:52.0991 0x3510 Waiting for KSN requests completion. In queue: 137 20:03:54.0005 0x3510 Waiting for KSN requests completion. In queue: 137 20:03:55.0019 0x3510 Waiting for KSN requests completion. In queue: 137 20:03:56.0126 0x3510 AV detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51000 ( enabled : updated ) 20:03:56.0126 0x3510 FW detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51010 ( enabled ) 20:03:58.0887 0x3510 ============================================================ 20:03:58.0887 0x3510 Scan finished 20:03:58.0887 0x3510 ============================================================ 20:03:58.0903 0x2860 Detected object count: 0 20:03:58.0903 0x2860 Actual detected object count: 0
#7
Posted 14 November 2014 - 07:40 AM
We need to remove some programs with Revo Uninstaller Free:
Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.
- Please download and install Revo Uninstaller Free
note: there is no need to click anything on that page, the download will start automatically - Double click Revo Uninstaller to run it
- From the list of programs double click on the listed program(s), or anything similar, to remove it:
Conduit Engine Swag Bucks Toolbar
- When prompted if you want to uninstall click Yes
- Be sure the Moderate option is selected then click Next
- The program will run, If prompted again click Yes
- When the built-in uninstaller is finished click on Next
- Once the program has searched for leftovers click Next
- Check the items in bold only on the list then click Delete
note: you may have to expand some folders by clicking the "+" mark - When prompted click on Yes and then on Next
- Put a check on any folders that are found and select Delete
- When prompted select Yes then Next
- Once done click Finish
Fix with FRST (normal mode)
WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
- Download the attached fixlist.txt and save it to the location where FRST is saved to.
- Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
- The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.
Full System Scan with Malwarebytes Antimalware
- If not existing, please download Malwarebytes Anti-Malware to your desktop.
- Double-click the downloaded setup file and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
- Click Finish.
If the program is already installed:
- Run Malwarebytes Antimalware
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the scan log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
Attached Files
#8
Posted 14 November 2014 - 03:13 PM
Here are the requested logs. For some reason, however, MBAM did not make a scan log--I have no idea why. I've attached the protection log.
Malwarebytes Anti-Malware www.malwarebytes.org Protection, 11/14/2014 3:14:52 PM, SYSTEM, BRITTA-PC, Protection, Malware Protection, Starting, Protection, 11/14/2014 3:14:52 PM, SYSTEM, BRITTA-PC, Protection, Malware Protection, Started, Protection, 11/14/2014 3:14:52 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Starting, Update, 11/14/2014 3:14:53 PM, SYSTEM, BRITTA-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.12.1, Update, 11/14/2014 3:15:02 PM, SYSTEM, BRITTA-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.14.8, Protection, 11/14/2014 3:15:02 PM, SYSTEM, BRITTA-PC, Protection, Refresh, Starting, Protection, 11/14/2014 3:15:44 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Started, Protection, 11/14/2014 3:15:44 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Stopping, Protection, 11/14/2014 3:15:44 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Stopped, Protection, 11/14/2014 3:15:50 PM, SYSTEM, BRITTA-PC, Protection, Refresh, Success, Protection, 11/14/2014 3:15:50 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Starting, Protection, 11/14/2014 3:15:50 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Started, Scan, 11/14/2014 3:49:37 PM, SYSTEM, BRITTA-PC, Manual, Start:11/14/2014 3:16:46 PM, Duration:32 min 26 sec, Threat Scan, Completed, 6 Malware Detections, 18 Non-Malware Detections, Protection, 11/14/2014 3:51:43 PM, SYSTEM, BRITTA-PC, Protection, Malware Protection, Starting, Protection, 11/14/2014 3:51:43 PM, SYSTEM, BRITTA-PC, Protection, Malware Protection, Started, Protection, 11/14/2014 3:51:43 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Starting, Protection, 11/14/2014 3:53:20 PM, SYSTEM, BRITTA-PC, Protection, Malicious Website Protection, Started, (end)
Attached Files
#9
Posted 17 November 2014 - 04:51 AM
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.
- The logs can be found here:
-- XP: C:\Documents and Settings\\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
- Zip any and all of these logs and attach the file to your next reply.
#10
Posted 17 November 2014 - 04:58 PM
Found them. MBAM itself wouldn't print it. Attached are the last three days of logs.
Thank you for the help!
Attached Files
#11
Posted 18 November 2014 - 03:38 AM
Scan with ESET Online Scan
Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
- Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
- Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
- Click the blue Run ESET Online Scanner button
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
- Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
- Click on Advanced Settings
- Make sure that the option Remove found threats is unticked.
- Ensure these options are ticked
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Click Start
- Wait for the scan to finish
- When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
- Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
- Close the ESET online scan, and let me know how things are now.
#12
Posted 04 December 2014 - 06:48 AM
If you need help please start a new thread.
New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Also tagged with one or more of these keywords: dllhost, windows7, surrogate
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users