Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Scorpion Saver and Level Quality Watcher....Need Help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 JoeS6

JoeS6

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 27 November 2013 - 10:21 AM

I need help removing them. I was able to remove the Scorpion extension in Firefox and also able to uninstall it in control panel but I don't know if it's permanent. When I went to uninstall it it showed being installed yesterday so hopefully I caught it in time. After installing and running HiJackThis I found out about the Level Quality Watcher. I am somewhat technically challenged. My computer runs on Windows 7 and I only use Firefox. I have NIS as well as MalewareBytes. No idea how this got installed as I am very paranoid and always run NIS on anything downloaded and I was only on Amazon and Ebay yesterday. I use this computer for home use as well as my business so it's critical to get this fixed. Any help would be greatly appreciated. Thank you very much.

 

JoeS

 

Here are the requested files:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by parents at 9:56:19 on 2013-11-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2402 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\windows\system32\taskeng.exe
C:\windows\SysWOW64\Rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Users\parents\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\splwow64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
mURLSearchHooks: {5fec7248-515c-47be-ab0a-6bc547472dea} - <orphaned>
mURLSearchHooks: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.dll
BHO: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Amazon Cloud Player] C:\Users\parents\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [BackgroundContainer] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\parents\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [ScanSnap WIA Service Checker] C:\windows\SSDriver\fi5110\SsWiaChecker.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://access.thehartford.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 8.8.8.8,8.8.4.4
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\34963736F61373132303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\84F6D656C696E6B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\84F6D656C696E6B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\86F6D656C696E6B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\86F6D656C696E6B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\D656469616C696E6B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E7EB00EB-33AF-43FA-BC9A-F58270AA69C5} : NameServer = 8.8.8.8,8.8.4.4
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\chdyuf6p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN12903192771556955&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=US&userid=9b976f8c-8352-8034-52bf-56f381cddc4b&searchtype=ds&installDate=02/11/2013&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1501000.012\SymDS64.sys [2013-11-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys [2013-11-19 1147480]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-1 1524824]
R1 ccSet_NIS;NIS Settings Manager;C:\windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-11-19 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]
R1 ElRawDisk;ElRawDisk;C:\windows\System32\drivers\rsdrvx64.sys [2012-12-18 26024]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131126.001\IDSviA64.sys [2013-11-26 521816]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1501000.012\Ironx64.sys [2013-11-19 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-11-19 590936]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=422332B5 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=422332B5 [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-5 701512]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-11-19 275696]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-21 132056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-28 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-28 2656280]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-11-5 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-28 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-12-28 1109096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-28 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 EraserUtilDrv11122;EraserUtilDrv11122;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-5-24 138360]
S3 EraserUtilDrv11210;EraserUtilDrv11210;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [2012-6-19 138912]
S3 EraserUtilDrv11220;EraserUtilDrv11220;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [2013-8-15 138912]
S3 EraserUtilDrv11311;EraserUtilDrv11311;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [2013-11-19 140376]
S3 EraserUtilDrv11312;EraserUtilDrv11312;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [2013-11-26 137648]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-28 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-12-28 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-27 14:27:23    --------    d-----w-    C:\Program Files (x86)\MozBackup
2013-11-27 02:02:03    388096    ----a-r-    C:\Users\parents\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-27 02:02:03    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-11-26 20:51:16    --------    d-----w-    C:\Program Files\Level Quality Watcher
2013-11-20 16:18:19    --------    d--h--w-    C:\ProgramData\CanonIJMyPrinter
2013-11-20 14:11:37    --------    d-----w-    C:\Program Files\Canon
2013-11-19 18:24:54    858200    ----a-r-    C:\windows\System32\drivers\NISx64\1501000.012\srtsp64.sys
2013-11-19 18:24:54    590936    ----a-r-    C:\windows\System32\drivers\NISx64\1501000.012\symnets.sys
2013-11-19 18:24:54    493656    ----a-r-    C:\windows\System32\drivers\NISx64\1501000.012\SymDS64.sys
2013-11-19 18:24:54    36952    ----a-r-    C:\windows\System32\drivers\NISx64\1501000.012\srtspx64.sys
2013-11-19 18:24:54    264280    ----a-r-    C:\windows\System32\drivers\NISx64\1501000.012\Ironx64.sys
2013-11-19 18:24:54    23568    ----a-r-    C:\windows\System32\drivers\NISx64\1501000.012\SymELAM.sys
2013-11-19 18:24:54    162392    ----a-r-    C:\windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys
2013-11-19 18:24:54    1147480    ----a-r-    C:\windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys
2013-11-19 18:24:38    --------    d-----w-    C:\windows\System32\drivers\NISx64\1501000.012
2013-11-05 17:15:03    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-11-05 17:15:03    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-05 03:03:16    --------    d-----w-    C:\Users\parents\AppData\Local\BrowserSafeguard
2013-11-03 19:51:26    --------    d-----w-    C:\Users\parents\AppData\Local\WordOv
2013-11-03 19:51:24    --------    d-----w-    C:\temp
2013-11-03 19:51:07    --------    d-----w-    C:\Program Files (x86)\Optimizer Pro
2013-11-03 19:49:24    --------    d-----w-    C:\Program Files (x86)\sp
2013-11-02 19:28:17    829264    ----a-w-    C:\windows\System32\msvcr100.dll
2013-11-02 19:28:17    608080    ----a-w-    C:\windows\System32\msvcp100.dll
2013-11-02 13:21:07    --------    d-----w-    C:\ProgramData\Canneverbe Limited
2013-11-02 13:20:23    --------    d-----w-    C:\Users\parents\AppData\Roaming\Canneverbe Limited
2013-11-02 13:20:08    --------    d-----w-    C:\Users\parents\AppData\Local\NativeMessaging
2013-10-30 13:32:26    --------    d--h--w-    C:\ProgramData\Common Files
2013-10-30 13:32:13    --------    d-----w-    C:\ProgramData\Conduit
2013-10-30 13:32:12    --------    d-----w-    C:\Users\parents\AppData\Local\Conduit
2013-10-30 13:32:02    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-10-30 13:30:52    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
.
==================== Find3M  ====================
.
2013-11-19 18:25:26    177752    ----a-w-    C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-10-11 00:43:27    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 00:43:27    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-03 13:54:04    27208    ----a-w-    C:\windows\System32\AdobePDFUI.dll
2013-09-03 13:54:02    55872    ----a-w-    C:\windows\System32\AdobePDF.dll
.
============= FINISH:  9:56:38.76 ===============
 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 27 November 2013 - 10:56 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 JoeS6

JoeS6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 27 November 2013 - 11:16 AM

Hi Marius,

 

Thanks for the quick response. Here is what you requested:

 

11:11:40.0432 0x0e68  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
11:11:46.0596 0x0e68  ============================================================
11:11:46.0596 0x0e68  Current date / time: 2013/11/27 11:11:46.0596
11:11:46.0596 0x0e68  SystemInfo:
11:11:46.0596 0x0e68  
11:11:46.0596 0x0e68  OS Version: 6.1.7601 ServicePack: 1.0
11:11:46.0596 0x0e68  Product type: Workstation
11:11:46.0597 0x0e68  ComputerName: PARENTS-PC
11:11:46.0597 0x0e68  UserName: parents
11:11:46.0597 0x0e68  Windows directory: C:\windows
11:11:46.0597 0x0e68  System windows directory: C:\windows
11:11:46.0597 0x0e68  Running under WOW64
11:11:46.0597 0x0e68  Processor architecture: Intel x64
11:11:46.0597 0x0e68  Number of processors: 2
11:11:46.0597 0x0e68  Page size: 0x1000
11:11:46.0597 0x0e68  Boot type: Normal boot
11:11:46.0597 0x0e68  ============================================================
11:11:48.0008 0x0e68  KLMD registered as C:\windows\system32\drivers\22936302.sys
11:11:48.0916 0x0e68  System UUID: {D6FAFAAC-D74B-2E9F-BED9-01C52390B530}
11:11:50.0300 0x0e68  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:11:50.0309 0x0e68  ============================================================
11:11:50.0309 0x0e68  \Device\Harddisk0\DR0:
11:11:50.0309 0x0e68  MBR partitions:
11:11:50.0309 0x0e68  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48810800
11:11:50.0309 0x0e68  ============================================================
11:11:50.0349 0x0e68  C: <-> \Device\Harddisk0\DR0\Partition1
11:11:50.0349 0x0e68  ============================================================
11:11:50.0349 0x0e68  Initialize success
11:11:50.0349 0x0e68  ============================================================
11:11:55.0530 0x0a7c  ============================================================
11:11:55.0530 0x0a7c  Scan started
11:11:55.0530 0x0a7c  Mode: Manual;
11:11:55.0531 0x0a7c  ============================================================
11:11:55.0531 0x0a7c  KSN ping started
11:11:58.0908 0x0a7c  KSN ping finished: true
11:11:59.0547 0x0a7c  ================ Scan system memory ========================
11:11:59.0547 0x0a7c  System memory - ok
11:11:59.0548 0x0a7c  ================ Scan services =============================
11:11:59.0831 0x0a7c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
11:11:59.0847 0x0a7c  1394ohci - ok
11:11:59.0966 0x0a7c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:11:59.0983 0x0a7c  ACPI - ok
11:12:00.0028 0x0a7c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
11:12:00.0030 0x0a7c  AcpiPmi - ok
11:12:00.0414 0x0a7c  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:12:00.0417 0x0a7c  AdobeARMservice - ok
11:12:00.0620 0x0a7c  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:12:00.0636 0x0a7c  AdobeFlashPlayerUpdateSvc - ok
11:12:00.0724 0x0a7c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
11:12:00.0745 0x0a7c  adp94xx - ok
11:12:00.0812 0x0a7c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
11:12:00.0835 0x0a7c  adpahci - ok
11:12:00.0890 0x0a7c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
11:12:00.0898 0x0a7c  adpu320 - ok
11:12:00.0927 0x0a7c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:12:00.0931 0x0a7c  AeLookupSvc - ok
11:12:01.0027 0x0a7c  [ D5B031C308A409A0A576BFF4CF083D30, 081FCB53C65BC48093AEA5B067757F04C5C92F920D32A4DF01DD1DFF6B2FB20D ] AFD             C:\windows\system32\drivers\afd.sys
11:12:01.0044 0x0a7c  AFD - ok
11:12:01.0079 0x0a7c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
11:12:01.0081 0x0a7c  agp440 - ok
11:12:01.0126 0x0a7c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
11:12:01.0132 0x0a7c  ALG - ok
11:12:01.0165 0x0a7c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
11:12:01.0168 0x0a7c  aliide - ok
11:12:01.0188 0x0a7c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
11:12:01.0191 0x0a7c  amdide - ok
11:12:01.0205 0x0a7c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
11:12:01.0210 0x0a7c  AmdK8 - ok
11:12:01.0220 0x0a7c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
11:12:01.0225 0x0a7c  AmdPPM - ok
11:12:01.0267 0x0a7c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:12:01.0274 0x0a7c  amdsata - ok
11:12:01.0294 0x0a7c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
11:12:01.0306 0x0a7c  amdsbs - ok
11:12:01.0336 0x0a7c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:12:01.0338 0x0a7c  amdxata - ok
11:12:01.0382 0x0a7c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
11:12:01.0386 0x0a7c  AppID - ok
11:12:01.0438 0x0a7c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:12:01.0441 0x0a7c  AppIDSvc - ok
11:12:01.0497 0x0a7c  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\windows\System32\appinfo.dll
11:12:01.0503 0x0a7c  Appinfo - ok
11:12:01.0644 0x0a7c  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:12:01.0650 0x0a7c  Apple Mobile Device - ok
11:12:01.0730 0x0a7c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
11:12:01.0738 0x0a7c  arc - ok
11:12:01.0782 0x0a7c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
11:12:01.0790 0x0a7c  arcsas - ok
11:12:01.0806 0x0a7c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
11:12:01.0808 0x0a7c  AsyncMac - ok
11:12:01.0849 0x0a7c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
11:12:01.0850 0x0a7c  atapi - ok
11:12:01.0935 0x0a7c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:12:01.0974 0x0a7c  AudioEndpointBuilder - ok
11:12:02.0377 0x0a7c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
11:12:02.0395 0x0a7c  AudioSrv - ok
11:12:02.0451 0x0a7c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:12:02.0454 0x0a7c  AxInstSV - ok
11:12:02.0498 0x0a7c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
11:12:02.0510 0x0a7c  b06bdrv - ok
11:12:02.0544 0x0a7c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
11:12:02.0552 0x0a7c  b57nd60a - ok
11:12:02.0615 0x0a7c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
11:12:02.0623 0x0a7c  BDESVC - ok
11:12:02.0647 0x0a7c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
11:12:02.0649 0x0a7c  Beep - ok
11:12:02.0740 0x0a7c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
11:12:02.0761 0x0a7c  BFE - ok
11:12:03.0036 0x0a7c  [ CB1B72BDCCF77B8F2104CF068FD2355C, BD6D8932B77660666824522F110F13DCCA06BE6FC27C186D79C0BD80EC17845B ] BHDrvx64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys
11:12:03.0069 0x0a7c  BHDrvx64 - ok
11:12:03.0195 0x0a7c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
11:12:03.0245 0x0a7c  BITS - ok
11:12:03.0293 0x0a7c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
11:12:03.0296 0x0a7c  blbdrive - ok
11:12:03.0401 0x0a7c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:12:03.0428 0x0a7c  Bonjour Service - ok
11:12:03.0448 0x0a7c  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:12:03.0455 0x0a7c  bowser - ok
11:12:03.0489 0x0a7c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
11:12:03.0492 0x0a7c  BrFiltLo - ok
11:12:03.0500 0x0a7c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
11:12:03.0503 0x0a7c  BrFiltUp - ok
11:12:03.0550 0x0a7c  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\windows\System32\browser.dll
11:12:03.0560 0x0a7c  Browser - ok
11:12:03.0598 0x0a7c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
11:12:03.0616 0x0a7c  Brserid - ok
11:12:03.0644 0x0a7c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
11:12:03.0648 0x0a7c  BrSerWdm - ok
11:12:03.0656 0x0a7c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
11:12:03.0658 0x0a7c  BrUsbMdm - ok
11:12:03.0679 0x0a7c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
11:12:03.0682 0x0a7c  BrUsbSer - ok
11:12:03.0692 0x0a7c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
11:12:03.0698 0x0a7c  BTHMODEM - ok
11:12:03.0749 0x0a7c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
11:12:03.0755 0x0a7c  bthserv - ok
11:12:03.0876 0x0a7c  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS       C:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys
11:12:03.0886 0x0a7c  ccSet_NIS - ok
11:12:03.0966 0x0a7c  [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSet_NST       C:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys
11:12:03.0978 0x0a7c  ccSet_NST - ok
11:12:04.0006 0x0a7c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:12:04.0014 0x0a7c  cdfs - ok
11:12:04.0102 0x0a7c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
11:12:04.0113 0x0a7c  cdrom - ok
11:12:04.0165 0x0a7c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
11:12:04.0169 0x0a7c  CertPropSvc - ok
11:12:04.0209 0x0a7c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
11:12:04.0212 0x0a7c  circlass - ok
11:12:04.0265 0x0a7c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
11:12:04.0289 0x0a7c  CLFS - ok
11:12:04.0392 0x0a7c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:12:04.0395 0x0a7c  clr_optimization_v2.0.50727_32 - ok
11:12:04.0451 0x0a7c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:12:04.0457 0x0a7c  clr_optimization_v2.0.50727_64 - ok
11:12:04.0602 0x0a7c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:12:04.0608 0x0a7c  clr_optimization_v4.0.30319_32 - ok
11:12:04.0707 0x0a7c  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:12:04.0713 0x0a7c  clr_optimization_v4.0.30319_64 - ok
11:12:04.0757 0x0a7c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
11:12:04.0758 0x0a7c  CmBatt - ok
11:12:04.0777 0x0a7c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
11:12:04.0778 0x0a7c  cmdide - ok
11:12:04.0831 0x0a7c  [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG             C:\windows\system32\Drivers\cng.sys
11:12:04.0861 0x0a7c  CNG - ok
11:12:05.0016 0x0a7c  [ 20506F12AFAD3DB588D007EA9325FBBC, 275ECBD0F668782ACE055AD5CA600A6885CFCDD4943BC52A2EA8339AF71EABAE ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
11:12:05.0060 0x0a7c  CnxtHdAudService - ok
11:12:05.0092 0x0a7c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
11:12:05.0093 0x0a7c  Compbatt - ok
11:12:05.0134 0x0a7c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
11:12:05.0135 0x0a7c  CompositeBus - ok
11:12:05.0144 0x0a7c  COMSysApp - ok
11:12:05.0157 0x0a7c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
11:12:05.0159 0x0a7c  crcdisk - ok
11:12:05.0193 0x0a7c  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:12:05.0204 0x0a7c  CryptSvc - ok
11:12:05.0279 0x0a7c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
11:12:05.0315 0x0a7c  DcomLaunch - ok
11:12:05.0353 0x0a7c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
11:12:05.0365 0x0a7c  defragsvc - ok
11:12:05.0399 0x0a7c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
11:12:05.0404 0x0a7c  DfsC - ok
11:12:05.0454 0x0a7c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
11:12:05.0465 0x0a7c  Dhcp - ok
11:12:05.0489 0x0a7c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
11:12:05.0491 0x0a7c  discache - ok
11:12:05.0519 0x0a7c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
11:12:05.0522 0x0a7c  Disk - ok
11:12:05.0571 0x0a7c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:12:05.0576 0x0a7c  Dnscache - ok
11:12:05.0603 0x0a7c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
11:12:05.0610 0x0a7c  dot3svc - ok
11:12:05.0634 0x0a7c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
11:12:05.0638 0x0a7c  DPS - ok
11:12:05.0666 0x0a7c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:12:05.0667 0x0a7c  drmkaud - ok
11:12:05.0714 0x0a7c  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:12:05.0735 0x0a7c  DXGKrnl - ok
11:12:05.0772 0x0a7c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
11:12:05.0775 0x0a7c  EapHost - ok
11:12:05.0901 0x0a7c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
11:12:05.0984 0x0a7c  ebdrv - ok
11:12:06.0066 0x0a7c  [ 1B7AA375F711F66D5FF2B855F9EC987F, 151E3897A31F0E828D08EBBB9C10A60047B48534BB38349EF1C8D9245524CA58 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:12:06.0079 0x0a7c  eeCtrl - ok
11:12:06.0150 0x0a7c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\windows\System32\lsass.exe
11:12:06.0152 0x0a7c  EFS - ok
11:12:06.0225 0x0a7c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
11:12:06.0240 0x0a7c  ehRecvr - ok
11:12:06.0266 0x0a7c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
11:12:06.0269 0x0a7c  ehSched - ok
11:12:06.0320 0x0a7c  [ 4778EEECB75C6FB419745BEED3530B9D, 8683639FF5CC4DB9955C61C28922637D10BB9CDAA20AD260292F8E90DE198205 ] ElRawDisk       C:\windows\system32\drivers\rsdrvx64.sys
11:12:06.0321 0x0a7c  ElRawDisk - ok
11:12:06.0350 0x0a7c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
11:12:06.0364 0x0a7c  elxstor - ok
11:12:06.0417 0x0a7c  [ 8C0F9B877BC0B7FFD327EF55F9EFB642, 238FB9A33DE89BC2D0F38734A44E16B6FE0E8806CDF9C09C0F238239DC9DA74B ] EraserUtilDrv11122 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
11:12:06.0421 0x0a7c  EraserUtilDrv11122 - ok
11:12:06.0477 0x0a7c  [ 1343DF3451BC0C442DC69837C6FBA21B, A09E1BE327D7CE41A1380BA8C480883F129FDA7BD476C31D4BC1DB099C920EB8 ] EraserUtilDrv11210 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
11:12:06.0481 0x0a7c  EraserUtilDrv11210 - ok
11:12:06.0539 0x0a7c  [ C5BCCB378D0A896304A3E71BE7215983, 33202DEDDA66C7D5D268E7B36320C104A097A43D099BD9D2E4EC20EC0997FBF3 ] EraserUtilDrv11220 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
11:12:06.0543 0x0a7c  EraserUtilDrv11220 - ok
11:12:06.0611 0x0a7c  [ 23C3061D2F7F8BCB6140A098447035B4, A89A628D99637DA72F51E90A6C3CBAAB552B423447C2EDC561E3D7CCB4D7EAB7 ] EraserUtilDrv11311 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys
11:12:06.0621 0x0a7c  EraserUtilDrv11311 - ok
11:12:06.0682 0x0a7c  [ 7230C8B80DDE1F0524C353240B78CC0E, 15F73EBFB9152010E7736AFE518A47C209E17DDB347A40C4CDA0D9BBD26D1176 ] EraserUtilDrv11312 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys
11:12:06.0692 0x0a7c  EraserUtilDrv11312 - ok
11:12:06.0710 0x0a7c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
11:12:06.0712 0x0a7c  ErrDev - ok
11:12:06.0809 0x0a7c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
11:12:06.0828 0x0a7c  EventSystem - ok
11:12:06.0988 0x0a7c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
11:12:07.0003 0x0a7c  exfat - ok
11:12:07.0066 0x0a7c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:12:07.0074 0x0a7c  fastfat - ok
11:12:07.0127 0x0a7c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
11:12:07.0146 0x0a7c  Fax - ok
11:12:07.0156 0x0a7c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
11:12:07.0158 0x0a7c  fdc - ok
11:12:07.0190 0x0a7c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
11:12:07.0192 0x0a7c  fdPHost - ok
11:12:07.0207 0x0a7c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
11:12:07.0211 0x0a7c  FDResPub - ok
11:12:07.0232 0x0a7c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:12:07.0238 0x0a7c  FileInfo - ok
11:12:07.0255 0x0a7c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:12:07.0260 0x0a7c  Filetrace - ok
11:12:07.0268 0x0a7c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
11:12:07.0271 0x0a7c  flpydisk - ok
11:12:07.0316 0x0a7c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:12:07.0332 0x0a7c  FltMgr - ok
11:12:07.0469 0x0a7c  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\windows\system32\FntCache.dll
11:12:07.0511 0x0a7c  FontCache - ok
11:12:07.0681 0x0a7c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:12:07.0684 0x0a7c  FontCache3.0.0.0 - ok
11:12:07.0743 0x0a7c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:12:07.0748 0x0a7c  FsDepends - ok
11:12:07.0782 0x0a7c  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:12:07.0784 0x0a7c  Fs_Rec - ok
11:12:07.0829 0x0a7c  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:12:07.0840 0x0a7c  fvevol - ok
11:12:07.0863 0x0a7c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
11:12:07.0868 0x0a7c  gagp30kx - ok
11:12:07.0960 0x0a7c  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:12:07.0973 0x0a7c  GamesAppService - ok
11:12:08.0049 0x0a7c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:12:08.0052 0x0a7c  GEARAspiWDM - ok
11:12:08.0138 0x0a7c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
11:12:08.0169 0x0a7c  gpsvc - ok
11:12:08.0243 0x0a7c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:12:08.0252 0x0a7c  gupdate - ok
11:12:08.0290 0x0a7c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:12:08.0299 0x0a7c  gupdatem - ok
11:12:08.0367 0x0a7c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:12:08.0381 0x0a7c  gusvc - ok
11:12:08.0423 0x0a7c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
11:12:08.0427 0x0a7c  hcw85cir - ok
11:12:08.0486 0x0a7c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:12:08.0504 0x0a7c  HdAudAddService - ok
11:12:08.0528 0x0a7c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
11:12:08.0534 0x0a7c  HDAudBus - ok
11:12:08.0546 0x0a7c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
11:12:08.0548 0x0a7c  HidBatt - ok
11:12:08.0557 0x0a7c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
11:12:08.0562 0x0a7c  HidBth - ok
11:12:08.0569 0x0a7c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
11:12:08.0572 0x0a7c  HidIr - ok
11:12:08.0595 0x0a7c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
11:12:08.0598 0x0a7c  hidserv - ok
11:12:08.0639 0x0a7c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
11:12:08.0643 0x0a7c  HidUsb - ok
11:12:08.0691 0x0a7c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
11:12:08.0697 0x0a7c  hkmsvc - ok
11:12:08.0732 0x0a7c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:12:08.0746 0x0a7c  HomeGroupListener - ok
11:12:08.0785 0x0a7c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:12:08.0795 0x0a7c  HomeGroupProvider - ok
11:12:08.0822 0x0a7c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:12:08.0827 0x0a7c  HpSAMD - ok
11:12:08.0891 0x0a7c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:12:08.0927 0x0a7c  HTTP - ok
11:12:08.0958 0x0a7c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:12:08.0959 0x0a7c  hwpolicy - ok
11:12:08.0986 0x0a7c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
11:12:08.0992 0x0a7c  i8042prt - ok
11:12:09.0122 0x0a7c  [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
11:12:09.0139 0x0a7c  iaStor - ok
11:12:09.0188 0x0a7c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:12:09.0205 0x0a7c  iaStorV - ok
11:12:09.0294 0x0a7c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:12:09.0300 0x0a7c  IDriverT - ok
11:12:09.0397 0x0a7c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:12:09.0558 0x0a7c  idsvc - ok
11:12:09.0686 0x0a7c  [ B96F641291378569E8525383FAA183EB, 9C728BA6B1D558B5C3F76003AE93DA61793DB4684E8FC326FF002CDC6060EED7 ] IDSVia64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131126.001\IDSvia64.sys
11:12:09.0717 0x0a7c  IDSVia64 - ok
11:12:10.0768 0x0a7c  [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0, 92F264325C3B1F70E0ACDBC886F7DC4C32371759EA94CE359B0FABD89573DCA4 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
11:12:11.0246 0x0a7c  igfx - ok
11:12:11.0289 0x0a7c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
11:12:11.0294 0x0a7c  iirsp - ok
11:12:11.0375 0x0a7c  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\windows\System32\ikeext.dll
11:12:11.0403 0x0a7c  IKEEXT - ok
11:12:11.0558 0x0a7c  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
11:12:11.0585 0x0a7c  IntcDAud - ok
11:12:11.0599 0x0a7c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
11:12:11.0600 0x0a7c  intelide - ok
11:12:11.0639 0x0a7c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
11:12:11.0641 0x0a7c  intelppm - ok
11:12:11.0682 0x0a7c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
11:12:11.0686 0x0a7c  IPBusEnum - ok
11:12:11.0713 0x0a7c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:12:11.0716 0x0a7c  IpFilterDriver - ok
11:12:11.0750 0x0a7c  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:12:11.0765 0x0a7c  iphlpsvc - ok
11:12:11.0804 0x0a7c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
11:12:11.0807 0x0a7c  IPMIDRV - ok
11:12:11.0813 0x0a7c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:12:11.0816 0x0a7c  IPNAT - ok
11:12:11.0948 0x0a7c  [ B6E8B931EFEF4112C6A401931627DC6B, 89A0745360928F7DD0A522FF5FBFEED4FC831F37D6CF88D5E66FA91FD6F0A1DF ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:12:11.0969 0x0a7c  iPod Service - ok
11:12:12.0008 0x0a7c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:12:12.0011 0x0a7c  IRENUM - ok
11:12:12.0020 0x0a7c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:12:12.0023 0x0a7c  isapnp - ok
11:12:12.0060 0x0a7c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
11:12:12.0080 0x0a7c  iScsiPrt - ok
11:12:12.0108 0x0a7c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
11:12:12.0112 0x0a7c  kbdclass - ok
11:12:12.0148 0x0a7c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
11:12:12.0152 0x0a7c  kbdhid - ok
11:12:12.0164 0x0a7c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\windows\system32\lsass.exe
11:12:12.0168 0x0a7c  KeyIso - ok
11:12:12.0215 0x0a7c  [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:12:12.0222 0x0a7c  KSecDD - ok
11:12:12.0242 0x0a7c  [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:12:12.0250 0x0a7c  KSecPkg - ok
11:12:12.0280 0x0a7c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
11:12:12.0282 0x0a7c  ksthunk - ok
11:12:12.0335 0x0a7c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
11:12:12.0362 0x0a7c  KtmRm - ok
11:12:12.0401 0x0a7c  [ EBED8B3FF4A823C1A6EEBEED7B29353F, 0942200EEDEDA1FF4E634CDC5182D8EDC9BC9F66E89A5DAB8DF82C3FBB2F0D59 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
11:12:12.0406 0x0a7c  L1C - ok
11:12:12.0457 0x0a7c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
11:12:12.0474 0x0a7c  LanmanServer - ok
11:12:12.0514 0x0a7c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:12:12.0523 0x0a7c  LanmanWorkstation - ok
11:12:13.0137 0x0a7c  [ 32F1B95C60042F3D95FC8AB43559B3B1, 52652B1CE93C6B9DC12E56B5D4C44F45042901D89D21974BFE1D7116BFADEE74 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
11:12:13.0418 0x0a7c  LeapFrog Connect Device Service - ok
11:12:13.0522 0x0a7c  Level Quality Watcher - ok
11:12:13.0550 0x0a7c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:12:13.0553 0x0a7c  lltdio - ok
11:12:13.0593 0x0a7c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:12:13.0602 0x0a7c  lltdsvc - ok
11:12:13.0620 0x0a7c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
11:12:13.0622 0x0a7c  lmhosts - ok
11:12:13.0723 0x0a7c  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:12:13.0738 0x0a7c  LMS - ok
11:12:13.0798 0x0a7c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
11:12:13.0807 0x0a7c  LSI_FC - ok
11:12:13.0821 0x0a7c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
11:12:13.0829 0x0a7c  LSI_SAS - ok
11:12:13.0841 0x0a7c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
11:12:13.0846 0x0a7c  LSI_SAS2 - ok
11:12:13.0859 0x0a7c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
11:12:13.0868 0x0a7c  LSI_SCSI - ok
11:12:13.0898 0x0a7c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
11:12:13.0906 0x0a7c  luafv - ok
11:12:13.0957 0x0a7c  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
11:12:13.0960 0x0a7c  MBAMProtector - ok
11:12:14.0070 0x0a7c  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:12:14.0096 0x0a7c  MBAMScheduler - ok
11:12:14.0176 0x0a7c  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:12:14.0206 0x0a7c  MBAMService - ok
11:12:14.0280 0x0a7c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
11:12:14.0303 0x0a7c  Mcx2Svc - ok
11:12:14.0327 0x0a7c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
11:12:14.0331 0x0a7c  megasas - ok
11:12:14.0380 0x0a7c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
11:12:14.0399 0x0a7c  MegaSR - ok
11:12:14.0433 0x0a7c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
11:12:14.0438 0x0a7c  MEIx64 - ok
11:12:14.0475 0x0a7c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
11:12:14.0482 0x0a7c  MMCSS - ok
11:12:14.0491 0x0a7c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
11:12:14.0496 0x0a7c  Modem - ok
11:12:14.0541 0x0a7c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
11:12:14.0544 0x0a7c  monitor - ok
11:12:14.0581 0x0a7c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
11:12:14.0585 0x0a7c  mouclass - ok
11:12:14.0614 0x0a7c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
11:12:14.0617 0x0a7c  mouhid - ok
11:12:14.0646 0x0a7c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:12:14.0653 0x0a7c  mountmgr - ok
11:12:14.0757 0x0a7c  [ 5E0686615A80A6279B2314E13CD23F6E, 659931AB2DD395FAA2E5036D02BC6AAE8A7E4C9FF1A902B1FF9C15E878C89E77 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:12:14.0765 0x0a7c  MozillaMaintenance - ok
11:12:14.0796 0x0a7c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
11:12:14.0808 0x0a7c  mpio - ok
11:12:14.0844 0x0a7c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
11:12:14.0850 0x0a7c  mpsdrv - ok
11:12:15.0009 0x0a7c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
11:12:15.0063 0x0a7c  MpsSvc - ok
11:12:15.0115 0x0a7c  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
11:12:15.0122 0x0a7c  MRxDAV - ok
11:12:15.0148 0x0a7c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
11:12:15.0155 0x0a7c  mrxsmb - ok
11:12:15.0172 0x0a7c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
11:12:15.0185 0x0a7c  mrxsmb10 - ok
11:12:15.0195 0x0a7c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
11:12:15.0201 0x0a7c  mrxsmb20 - ok
11:12:15.0213 0x0a7c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
11:12:15.0215 0x0a7c  msahci - ok
11:12:15.0237 0x0a7c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
11:12:15.0244 0x0a7c  msdsm - ok
11:12:15.0266 0x0a7c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
11:12:15.0274 0x0a7c  MSDTC - ok
11:12:15.0300 0x0a7c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
11:12:15.0302 0x0a7c  Msfs - ok
11:12:15.0335 0x0a7c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
11:12:15.0338 0x0a7c  mshidkmdf - ok
11:12:15.0364 0x0a7c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
11:12:15.0367 0x0a7c  msisadrv - ok
11:12:15.0437 0x0a7c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
11:12:15.0450 0x0a7c  MSiSCSI - ok
11:12:15.0458 0x0a7c  msiserver - ok
11:12:15.0488 0x0a7c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
11:12:15.0491 0x0a7c  MSKSSRV - ok
11:12:15.0514 0x0a7c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
11:12:15.0516 0x0a7c  MSPCLOCK - ok
11:12:15.0524 0x0a7c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
11:12:15.0526 0x0a7c  MSPQM - ok
11:12:15.0574 0x0a7c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
11:12:15.0599 0x0a7c  MsRPC - ok
11:12:15.0626 0x0a7c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
11:12:15.0629 0x0a7c  mssmbios - ok
11:12:15.0654 0x0a7c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
11:12:15.0656 0x0a7c  MSTEE - ok
11:12:15.0665 0x0a7c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
11:12:15.0668 0x0a7c  MTConfig - ok
11:12:15.0696 0x0a7c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
11:12:15.0702 0x0a7c  Mup - ok
11:12:15.0766 0x0a7c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
11:12:15.0799 0x0a7c  napagent - ok
11:12:15.0861 0x0a7c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
11:12:15.0882 0x0a7c  NativeWifiP - ok
11:12:15.0950 0x0a7c  [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] NAVENG          C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131126.016\ENG64.SYS
11:12:15.0958 0x0a7c  NAVENG - ok
11:12:16.0180 0x0a7c  [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] NAVEX15         C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131126.016\EX64.SYS
11:12:16.0227 0x0a7c  NAVEX15 - ok
11:12:16.0341 0x0a7c  [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] NCO             C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
11:12:16.0350 0x0a7c  NCO - ok
11:12:16.0606 0x0a7c  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\windows\system32\drivers\ndis.sys
11:12:16.0649 0x0a7c  NDIS - ok
11:12:16.0690 0x0a7c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
11:12:16.0692 0x0a7c  NdisCap - ok
11:12:16.0735 0x0a7c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
11:12:16.0738 0x0a7c  NdisTapi - ok
11:12:16.0763 0x0a7c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
11:12:16.0769 0x0a7c  Ndisuio - ok
11:12:16.0795 0x0a7c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
11:12:16.0804 0x0a7c  NdisWan - ok
11:12:16.0845 0x0a7c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
11:12:16.0849 0x0a7c  NDProxy - ok
11:12:16.0897 0x0a7c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
11:12:16.0901 0x0a7c  NetBIOS - ok
11:12:16.0925 0x0a7c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
11:12:16.0941 0x0a7c  NetBT - ok
11:12:16.0975 0x0a7c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\windows\system32\lsass.exe
11:12:16.0979 0x0a7c  Netlogon - ok
11:12:17.0029 0x0a7c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
11:12:17.0049 0x0a7c  Netman - ok
11:12:17.0140 0x0a7c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
11:12:17.0163 0x0a7c  netprofm - ok
11:12:17.0200 0x0a7c  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:12:17.0206 0x0a7c  NetTcpPortSharing - ok
11:12:17.0247 0x0a7c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
11:12:17.0251 0x0a7c  nfrd960 - ok
11:12:17.0478 0x0a7c  [ C87442B6D17912785DC143CEDCA508C9, 58599BC7EE1FFC66291BF38F1800AFE087195EE3E2305BAB9C7F18F9033A93E0 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
11:12:17.0495 0x0a7c  NIS - ok
11:12:17.0569 0x0a7c  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\windows\System32\nlasvc.dll
11:12:17.0582 0x0a7c  NlaSvc - ok
11:12:17.0620 0x0a7c  Norton PC Checkup Application Launcher - ok
11:12:17.0661 0x0a7c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
11:12:17.0665 0x0a7c  Npfs - ok
11:12:17.0705 0x0a7c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
11:12:17.0710 0x0a7c  nsi - ok
11:12:17.0729 0x0a7c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
11:12:17.0731 0x0a7c  nsiproxy - ok
11:12:17.0871 0x0a7c  [ A2F74975097F52A00745F9637451FDD8, C681DDBD3382C477C2A030E828B5CFB529CB57C7847BD9AFF25E2A5E58B2DAF3 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
11:12:17.0975 0x0a7c  Ntfs - ok
11:12:17.0997 0x0a7c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
11:12:17.0998 0x0a7c  Null - ok
11:12:18.0029 0x0a7c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
11:12:18.0035 0x0a7c  nvraid - ok
11:12:18.0066 0x0a7c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
11:12:18.0073 0x0a7c  nvstor - ok
11:12:18.0115 0x0a7c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
11:12:18.0120 0x0a7c  nv_agp - ok
11:12:18.0139 0x0a7c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
11:12:18.0143 0x0a7c  ohci1394 - ok
11:12:18.0209 0x0a7c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:12:18.0215 0x0a7c  ose - ok
11:12:18.0290 0x0a7c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
11:12:18.0314 0x0a7c  p2pimsvc - ok
11:12:18.0359 0x0a7c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
11:12:18.0390 0x0a7c  p2psvc - ok
11:12:18.0491 0x0a7c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
11:12:18.0499 0x0a7c  Parport - ok
11:12:18.0529 0x0a7c  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\windows\system32\drivers\partmgr.sys
11:12:18.0533 0x0a7c  partmgr - ok
11:12:18.0559 0x0a7c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
11:12:18.0568 0x0a7c  PcaSvc - ok
11:12:18.0637 0x0a7c  [ 2F86BE1818C2D7AC90478E3323EE7FCB, CE721FCFFDC9D24483DEB6BB77DAFEBE79BA143CA2EE68BF28E2A9297AADB2D4 ] PCCUJobMgr      C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
11:12:18.0645 0x0a7c  PCCUJobMgr - ok
11:12:18.0670 0x0a7c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
11:12:18.0683 0x0a7c  pci - ok
11:12:18.0712 0x0a7c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\DRIVERS\pciide.sys
11:12:18.0714 0x0a7c  pciide - ok
11:12:18.0747 0x0a7c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
11:12:18.0763 0x0a7c  pcmcia - ok
11:12:18.0782 0x0a7c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
11:12:18.0787 0x0a7c  pcw - ok
11:12:18.0855 0x0a7c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
11:12:18.0889 0x0a7c  PEAUTH - ok
11:12:18.0978 0x0a7c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
11:12:18.0982 0x0a7c  PerfHost - ok
11:12:19.0040 0x0a7c  [ 91111CEBBDE8015E822C46120ED9537C, 255B85FEF663C2E0652CECF3F9B67B12B576F924A34415DEE13F0F5137E1E7F7 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
11:12:19.0043 0x0a7c  PGEffect - ok
11:12:19.0162 0x0a7c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
11:12:19.0212 0x0a7c  pla - ok
11:12:19.0281 0x0a7c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
11:12:19.0304 0x0a7c  PlugPlay - ok
11:12:19.0340 0x0a7c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
11:12:19.0343 0x0a7c  PNRPAutoReg - ok
11:12:19.0379 0x0a7c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
11:12:19.0401 0x0a7c  PNRPsvc - ok
11:12:19.0483 0x0a7c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
11:12:19.0512 0x0a7c  PolicyAgent - ok
11:12:19.0536 0x0a7c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
11:12:19.0544 0x0a7c  Power - ok
11:12:19.0582 0x0a7c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
11:12:19.0587 0x0a7c  PptpMiniport - ok
11:12:19.0605 0x0a7c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
11:12:19.0608 0x0a7c  Processor - ok
11:12:19.0666 0x0a7c  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\windows\system32\profsvc.dll
11:12:19.0682 0x0a7c  ProfSvc - ok
11:12:19.0697 0x0a7c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\windows\system32\lsass.exe
11:12:19.0700 0x0a7c  ProtectedStorage - ok
11:12:19.0730 0x0a7c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
11:12:19.0736 0x0a7c  Psched - ok
11:12:19.0778 0x0a7c  [ C8FCB4899F8B70CC34E0D9876A80963C, E4CFC69C3EE1BC5C0FFF96CE034EAD8DD9727DA165A790CB57979AA0A6CEE350 ] QIOMem          C:\windows\system32\DRIVERS\QIOMem.sys
11:12:19.0781 0x0a7c  QIOMem - ok
11:12:19.0893 0x0a7c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
11:12:19.0933 0x0a7c  ql2300 - ok
11:12:19.0958 0x0a7c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
11:12:19.0961 0x0a7c  ql40xx - ok
11:12:20.0000 0x0a7c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
11:12:20.0008 0x0a7c  QWAVE - ok
11:12:20.0013 0x0a7c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
11:12:20.0015 0x0a7c  QWAVEdrv - ok
11:12:20.0019 0x0a7c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
11:12:20.0020 0x0a7c  RasAcd - ok
11:12:20.0055 0x0a7c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
11:12:20.0057 0x0a7c  RasAgileVpn - ok
11:12:20.0082 0x0a7c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
11:12:20.0092 0x0a7c  RasAuto - ok
11:12:20.0131 0x0a7c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
11:12:20.0141 0x0a7c  Rasl2tp - ok
11:12:20.0189 0x0a7c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
11:12:20.0215 0x0a7c  RasMan - ok
11:12:20.0249 0x0a7c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
11:12:20.0256 0x0a7c  RasPppoe - ok
11:12:20.0269 0x0a7c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
11:12:20.0276 0x0a7c  RasSstp - ok
11:12:20.0309 0x0a7c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
11:12:20.0330 0x0a7c  rdbss - ok
11:12:20.0351 0x0a7c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
11:12:20.0354 0x0a7c  rdpbus - ok
11:12:20.0375 0x0a7c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
11:12:20.0377 0x0a7c  RDPCDD - ok
11:12:20.0425 0x0a7c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
11:12:20.0427 0x0a7c  RDPENCDD - ok
11:12:20.0440 0x0a7c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
11:12:20.0441 0x0a7c  RDPREFMP - ok
11:12:20.0462 0x0a7c  [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
11:12:20.0472 0x0a7c  RDPWD - ok
11:12:20.0515 0x0a7c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
11:12:20.0525 0x0a7c  rdyboost - ok
11:12:20.0560 0x0a7c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
11:12:20.0569 0x0a7c  RemoteAccess - ok
11:12:20.0628 0x0a7c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
11:12:20.0642 0x0a7c  RemoteRegistry - ok
11:12:20.0679 0x0a7c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
11:12:20.0687 0x0a7c  RpcEptMapper - ok
11:12:20.0721 0x0a7c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
11:12:20.0725 0x0a7c  RpcLocator - ok
11:12:20.0777 0x0a7c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
11:12:20.0807 0x0a7c  RpcSs - ok
11:12:20.0853 0x0a7c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
11:12:20.0860 0x0a7c  rspndr - ok
11:12:20.0904 0x0a7c  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
11:12:20.0921 0x0a7c  RSUSBSTOR - ok
11:12:20.0963 0x0a7c  [ E5DC911D0FEB72CAFF2BBDD6E7C3672F, E50825E0413049898A81DDF2AFE24BC92E48A0E9AA7653776F0F6EEE7D82E5D6 ] RSUSBVSTOR      C:\windows\system32\Drivers\RTSUVSTOR.sys
11:12:20.0980 0x0a7c  RSUSBVSTOR - ok
11:12:21.0066 0x0a7c  [ 64FDF4FE366CA42DA2B7D9D424B6E39B, FC3844152E29B703373788F24862CDD307837AA53D21F978FB9C038A34593B95 ] RTL8192Ce       C:\windows\system32\DRIVERS\rtl8192Ce.sys
11:12:21.0095 0x0a7c  RTL8192Ce - ok
11:12:21.0119 0x0a7c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\windows\system32\lsass.exe
11:12:21.0120 0x0a7c  SamSs - ok
11:12:21.0144 0x0a7c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
11:12:21.0149 0x0a7c  sbp2port - ok
11:12:21.0204 0x0a7c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
11:12:21.0220 0x0a7c  SCardSvr - ok
11:12:21.0239 0x0a7c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
11:12:21.0243 0x0a7c  scfilter - ok
11:12:21.0317 0x0a7c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
11:12:21.0353 0x0a7c  Schedule - ok
11:12:21.0378 0x0a7c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
11:12:21.0380 0x0a7c  SCPolicySvc - ok
11:12:21.0409 0x0a7c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
11:12:21.0417 0x0a7c  SDRSVC - ok
11:12:21.0448 0x0a7c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
11:12:21.0450 0x0a7c  secdrv - ok
11:12:21.0466 0x0a7c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
11:12:21.0473 0x0a7c  seclogon - ok
11:12:21.0502 0x0a7c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
11:12:21.0509 0x0a7c  SENS - ok
11:12:21.0538 0x0a7c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
11:12:21.0544 0x0a7c  SensrSvc - ok
11:12:21.0558 0x0a7c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
11:12:21.0562 0x0a7c  Serenum - ok
11:12:21.0598 0x0a7c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
11:12:21.0606 0x0a7c  Serial - ok
11:12:21.0622 0x0a7c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
11:12:21.0626 0x0a7c  sermouse - ok
11:12:21.0678 0x0a7c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
11:12:21.0690 0x0a7c  SessionEnv - ok
11:12:21.0698 0x0a7c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
11:12:21.0701 0x0a7c  sffdisk - ok
11:12:21.0710 0x0a7c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
11:12:21.0713 0x0a7c  sffp_mmc - ok
11:12:21.0721 0x0a7c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
11:12:21.0724 0x0a7c  sffp_sd - ok
11:12:21.0731 0x0a7c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
11:12:21.0733 0x0a7c  sfloppy - ok
11:12:21.0774 0x0a7c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
11:12:21.0790 0x0a7c  SharedAccess - ok
11:12:21.0826 0x0a7c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:12:21.0843 0x0a7c  ShellHWDetection - ok
11:12:21.0877 0x0a7c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
11:12:21.0881 0x0a7c  SiSRaid2 - ok
11:12:21.0904 0x0a7c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
11:12:21.0911 0x0a7c  SiSRaid4 - ok
11:12:21.0938 0x0a7c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
11:12:21.0944 0x0a7c  Smb - ok
11:12:21.0986 0x0a7c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
11:12:21.0990 0x0a7c  SNMPTRAP - ok
11:12:22.0000 0x0a7c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
11:12:22.0003 0x0a7c  spldr - ok
11:12:22.0050 0x0a7c  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\windows\System32\spoolsv.exe
11:12:22.0069 0x0a7c  Spooler - ok
11:12:22.0324 0x0a7c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
11:12:22.0482 0x0a7c  sppsvc - ok
11:12:22.0506 0x0a7c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
11:12:22.0509 0x0a7c  sppuinotify - ok
11:12:22.0667 0x0a7c  [ 8BFD1752AAA15BF47D668E9AC5AF96FB, EEC6CDA06A971D2E2C2634987228E550970C9246659C25DCCF87AC9CD08F55F3 ] SRTSP           C:\windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS
11:12:22.0702 0x0a7c  SRTSP - ok
11:12:22.0710 0x0a7c  [ B18CE01B9C09C59422BA7C7064248B35, B355EE2FBB37C4B0EFFE4DC5E0788A26579266828E7988EDC497B0AE7375F8AB ] SRTSPX          C:\windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS
11:12:22.0712 0x0a7c  SRTSPX - ok
11:12:22.0749 0x0a7c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
11:12:22.0763 0x0a7c  srv - ok
11:12:22.0793 0x0a7c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
11:12:22.0805 0x0a7c  srv2 - ok
11:12:22.0853 0x0a7c  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\windows\system32\DRIVERS\VSTAZL6.SYS
11:12:22.0870 0x0a7c  SrvHsfHDA - ok
11:12:22.0953 0x0a7c  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\windows\system32\DRIVERS\VSTDPV6.SYS
11:12:22.0992 0x0a7c  SrvHsfV92 - ok
11:12:23.0107 0x0a7c  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\windows\system32\DRIVERS\VSTCNXT6.SYS
11:12:23.0135 0x0a7c  SrvHsfWinac - ok
11:12:23.0163 0x0a7c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
11:12:23.0170 0x0a7c  srvnet - ok
11:12:23.0202 0x0a7c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
11:12:23.0211 0x0a7c  SSDPSRV - ok
11:12:23.0230 0x0a7c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
11:12:23.0235 0x0a7c  SstpSvc - ok
11:12:23.0247 0x0a7c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
11:12:23.0250 0x0a7c  stexstor - ok
11:12:23.0316 0x0a7c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
11:12:23.0342 0x0a7c  stisvc - ok
11:12:23.0372 0x0a7c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
11:12:23.0374 0x0a7c  swenum - ok
11:12:23.0448 0x0a7c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
11:12:23.0485 0x0a7c  swprv - ok
11:12:23.0563 0x0a7c  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS
11:12:23.0596 0x0a7c  SymDS - ok
11:12:23.0714 0x0a7c  [ 08AF51153E441687130B759A8F6892ED, C9DFC0667EF9CE7FACBBB0DE53BD6E0DC9E0ED582CB89FBB2E7FE91CEAC47C5B ] SymEFA          C:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS
11:12:23.0758 0x0a7c  SymEFA - ok
11:12:23.0819 0x0a7c  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
11:12:23.0831 0x0a7c  SymEvent - ok
11:12:23.0884 0x0a7c  [ 48C2934683CBD06F662B088EEF49EF6A, 2212A3588C28F33EFCB1D34618B3054EBBAC6731D177A581D21D1F969FE040C0 ] SymIRON         C:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS
11:12:23.0900 0x0a7c  SymIRON - ok
11:12:23.0949 0x0a7c  [ 78A2F073AD9EA5EBC04A70931EA36C9A, 011395F07D7879D30E1700F060CA8C02407F8FFC99998B2E7507E7AF22578B68 ] SymNetS         C:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS
11:12:23.0983 0x0a7c  SymNetS - ok
11:12:24.0107 0x0a7c  [ F5B46DF59FEAA48A442AED7EEB754D4B, 8415FDD5E7B4D4819BB9B0937CDF254548C871045787958BCF708096204B1714 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
11:12:24.0159 0x0a7c  SynTP - ok
11:12:24.0242 0x0a7c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
11:12:24.0288 0x0a7c  SysMain - ok
11:12:24.0306 0x0a7c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
11:12:24.0310 0x0a7c  TabletInputService - ok
11:12:24.0334 0x0a7c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
11:12:24.0344 0x0a7c  TapiSrv - ok
11:12:24.0380 0x0a7c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
11:12:24.0383 0x0a7c  TBS - ok
11:12:24.0496 0x0a7c  [ F0E98C00A09FDF791525829A1D14240F, 4C3D96B1BE73A8B8FFCAA73DB5B33A84E30D076F2F737C65F33F52E1D9DCF38F ] Tcpip           C:\windows\system32\drivers\tcpip.sys
11:12:24.0546 0x0a7c  Tcpip - ok
11:12:24.0615 0x0a7c  [ F0E98C00A09FDF791525829A1D14240F, 4C3D96B1BE73A8B8FFCAA73DB5B33A84E30D076F2F737C65F33F52E1D9DCF38F ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
11:12:24.0656 0x0a7c  TCPIP6 - ok
11:12:24.0674 0x0a7c  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
11:12:24.0676 0x0a7c  tcpipreg - ok
11:12:24.0717 0x0a7c  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
11:12:24.0720 0x0a7c  tdcmdpst - ok
11:12:24.0743 0x0a7c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
11:12:24.0746 0x0a7c  TDPIPE - ok
11:12:24.0772 0x0a7c  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
11:12:24.0774 0x0a7c  TDTCP - ok
11:12:24.0797 0x0a7c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
11:12:24.0803 0x0a7c  tdx - ok
11:12:24.0819 0x0a7c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
11:12:24.0823 0x0a7c  TermDD - ok
11:12:24.0889 0x0a7c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
11:12:24.0919 0x0a7c  TermService - ok
11:12:24.0943 0x0a7c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
11:12:24.0947 0x0a7c  Themes - ok
11:12:24.0974 0x0a7c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
11:12:24.0978 0x0a7c  THREADORDER - ok
11:12:25.0049 0x0a7c  [ 71C321649B28638EE80A2EEB164C1DC8, D75D296B506DCC38A4DED82C71141388AEB60B065785DCC5BC2F4B3B77ACEDC7 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:12:25.0054 0x0a7c  TMachInfo - ok
11:12:25.0107 0x0a7c  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19, CFE8A69E3F2A42C3BA2B38EC9233076D0AD32C441500E6407219F2E866905D9B ] TODDSrv         C:\Windows\system32\TODDSrv.exe
11:12:25.0119 0x0a7c  TODDSrv - ok
11:12:25.0287 0x0a7c  [ 1C73689B900428C7D054A41C4687F55C, 6DD3CDC09E4A62F40A81872789A5C8678C0FE23DD911C2951DFF5494B6BFC012 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:12:25.0320 0x0a7c  TosCoSrv - ok
11:12:25.0394 0x0a7c  [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58, ACAD9D96CE58EDB620AC13ACA8C6F4122BA8B2AF78468A760F21A01B43D93312 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
11:12:25.0413 0x0a7c  TOSHIBA eco Utility Service - ok
11:12:25.0465 0x0a7c  [ 29D0886CF250FCEF1BF9E65AB8D2C0C8, 8D852DB100AC68A07A6E2AD21198410EAAB36E83BB8BAEA71CB698680B5DCE71 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:12:25.0474 0x0a7c  TOSHIBA HDD SSD Alert Service - ok
11:12:25.0545 0x0a7c  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
11:12:25.0578 0x0a7c  tos_sps64 - ok
11:12:25.0677 0x0a7c  [ 098B8A408C17E125A3D9A8E1166780C8, F25F09F62713C8234CB2B6A40A4455502C8004090BFB9EE9465546AD48369956 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:12:25.0709 0x0a7c  TPCHSrv - ok
11:12:25.0755 0x0a7c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
11:12:25.0766 0x0a7c  TrkWks - ok
11:12:25.0830 0x0a7c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:12:25.0841 0x0a7c  TrustedInstaller - ok
11:12:25.0860 0x0a7c  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
11:12:25.0864 0x0a7c  tssecsrv - ok
11:12:25.0890 0x0a7c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
11:12:25.0895 0x0a7c  TsUsbFlt - ok
11:12:25.0917 0x0a7c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
11:12:25.0921 0x0a7c  TsUsbGD - ok
11:12:25.0962 0x0a7c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
11:12:25.0970 0x0a7c  tunnel - ok
11:12:26.0016 0x0a7c  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:12:26.0020 0x0a7c  TVALZ - ok
11:12:26.0054 0x0a7c  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
11:12:26.0057 0x0a7c  TVALZFL - ok
11:12:26.0084 0x0a7c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
11:12:26.0090 0x0a7c  uagp35 - ok
11:12:26.0134 0x0a7c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
11:12:26.0157 0x0a7c  udfs - ok
11:12:26.0205 0x0a7c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
11:12:26.0212 0x0a7c  UI0Detect - ok
11:12:26.0235 0x0a7c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
11:12:26.0241 0x0a7c  uliagpkx - ok
11:12:26.0272 0x0a7c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
11:12:26.0276 0x0a7c  umbus - ok
11:12:26.0319 0x0a7c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
11:12:26.0322 0x0a7c  UmPass - ok
11:12:26.0536 0x0a7c  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:12:26.0594 0x0a7c  UNS - ok
11:12:26.0631 0x0a7c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
11:12:26.0641 0x0a7c  upnphost - ok
11:12:26.0662 0x0a7c  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
11:12:26.0665 0x0a7c  USBAAPL64 - ok
11:12:26.0695 0x0a7c  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
11:12:26.0702 0x0a7c  usbccgp - ok
11:12:26.0730 0x0a7c  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\windows\system32\drivers\usbcir.sys
11:12:26.0737 0x0a7c  usbcir - ok
11:12:26.0763 0x0a7c  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
11:12:26.0767 0x0a7c  usbehci - ok
11:12:26.0805 0x0a7c  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
11:12:26.0826 0x0a7c  usbhub - ok
11:12:26.0851 0x0a7c  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\windows\system32\drivers\usbohci.sys
11:12:26.0855 0x0a7c  usbohci - ok
11:12:26.0881 0x0a7c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
11:12:26.0884 0x0a7c  usbprint - ok
11:12:26.0934 0x0a7c  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
11:12:26.0939 0x0a7c  usbscan - ok
11:12:26.0965 0x0a7c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
11:12:26.0972 0x0a7c  USBSTOR - ok
11:12:26.0980 0x0a7c  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
11:12:26.0984 0x0a7c  usbuhci - ok
11:12:27.0014 0x0a7c  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
11:12:27.0026 0x0a7c  usbvideo - ok
11:12:27.0071 0x0a7c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
11:12:27.0077 0x0a7c  UxSms - ok
11:12:27.0098 0x0a7c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\windows\system32\lsass.exe
11:12:27.0102 0x0a7c  VaultSvc - ok
11:12:27.0155 0x0a7c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
11:12:27.0159 0x0a7c  vdrvroot - ok
11:12:27.0216 0x0a7c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
11:12:27.0240 0x0a7c  vds - ok
11:12:27.0258 0x0a7c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
11:12:27.0260 0x0a7c  vga - ok
11:12:27.0282 0x0a7c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
11:12:27.0284 0x0a7c  VgaSave - ok
11:12:27.0298 0x0a7c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
11:12:27.0308 0x0a7c  vhdmp - ok
11:12:27.0314 0x0a7c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
11:12:27.0316 0x0a7c  viaide - ok
11:12:27.0330 0x0a7c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
11:12:27.0334 0x0a7c  volmgr - ok
11:12:27.0363 0x0a7c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
11:12:27.0378 0x0a7c  volmgrx - ok
11:12:27.0407 0x0a7c  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
11:12:27.0420 0x0a7c  volsnap - ok
11:12:27.0450 0x0a7c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
11:12:27.0458 0x0a7c  vsmraid - ok
11:12:27.0578 0x0a7c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
11:12:27.0620 0x0a7c  VSS - ok
11:12:27.0634 0x0a7c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
11:12:27.0635 0x0a7c  vwifibus - ok
11:12:27.0664 0x0a7c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
11:12:27.0666 0x0a7c  vwififlt - ok
11:12:27.0711 0x0a7c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
11:12:27.0734 0x0a7c  W32Time - ok
11:12:27.0752 0x0a7c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
11:12:27.0755 0x0a7c  WacomPen - ok
11:12:27.0804 0x0a7c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
11:12:27.0811 0x0a7c  WANARP - ok
11:12:27.0821 0x0a7c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
11:12:27.0826 0x0a7c  Wanarpv6 - ok
11:12:27.0966 0x0a7c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
11:12:28.0025 0x0a7c  wbengine - ok
11:12:28.0035 0x0a7c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
11:12:28.0042 0x0a7c  WbioSrvc - ok
11:12:28.0067 0x0a7c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
11:12:28.0078 0x0a7c  wcncsvc - ok
11:12:28.0088 0x0a7c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:12:28.0091 0x0a7c  WcsPlugInService - ok
11:12:28.0114 0x0a7c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
11:12:28.0117 0x0a7c  Wd - ok
11:12:28.0172 0x0a7c  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
11:12:28.0207 0x0a7c  Wdf01000 - ok
11:12:28.0245 0x0a7c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
11:12:28.0254 0x0a7c  WdiServiceHost - ok
11:12:28.0265 0x0a7c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
11:12:28.0274 0x0a7c  WdiSystemHost - ok
11:12:28.0309 0x0a7c  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\windows\System32\webclnt.dll
11:12:28.0328 0x0a7c  WebClient - ok
11:12:28.0358 0x0a7c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
11:12:28.0371 0x0a7c  Wecsvc - ok
11:12:28.0392 0x0a7c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
11:12:28.0397 0x0a7c  wercplsupport - ok
11:12:28.0425 0x0a7c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
11:12:28.0431 0x0a7c  WerSvc - ok
11:12:28.0477 0x0a7c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
11:12:28.0480 0x0a7c  WfpLwf - ok
11:12:28.0498 0x0a7c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
11:12:28.0502 0x0a7c  WIMMount - ok
11:12:28.0519 0x0a7c  WinDefend - ok
11:12:28.0526 0x0a7c  WinHttpAutoProxySvc - ok
11:12:28.0611 0x0a7c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
11:12:28.0627 0x0a7c  Winmgmt - ok
11:12:28.0759 0x0a7c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
11:12:28.0812 0x0a7c  WinRM - ok
11:12:28.0859 0x0a7c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
11:12:28.0861 0x0a7c  WinUsb - ok
11:12:28.0937 0x0a7c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
11:12:28.0973 0x0a7c  Wlansvc - ok
11:12:29.0027 0x0a7c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:12:29.0031 0x0a7c  wlcrasvc - ok
11:12:29.0237 0x0a7c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:12:29.0296 0x0a7c  wlidsvc - ok
11:12:29.0323 0x0a7c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
11:12:29.0324 0x0a7c  WmiAcpi - ok
11:12:29.0366 0x0a7c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
11:12:29.0372 0x0a7c  wmiApSrv - ok
11:12:29.0408 0x0a7c  WMPNetworkSvc - ok
11:12:29.0438 0x0a7c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
11:12:29.0444 0x0a7c  WPCSvc - ok
11:12:29.0467 0x0a7c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
11:12:29.0475 0x0a7c  WPDBusEnum - ok
11:12:29.0516 0x0a7c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
11:12:29.0519 0x0a7c  ws2ifsl - ok
11:12:29.0541 0x0a7c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
11:12:29.0549 0x0a7c  wscsvc - ok
11:12:29.0554 0x0a7c  WSearch - ok
11:12:29.0707 0x0a7c  [ 9DF12EDBC698B0BC353B3EF84861E430, 5777972DC6242096EE2D4DAEEFC822DE9077560322DED7B9696BB23B7C240403 ] wuauserv        C:\windows\system32\wuaueng.dll
11:12:29.0800 0x0a7c  wuauserv - ok
11:12:29.0832 0x0a7c  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
11:12:29.0836 0x0a7c  WudfPf - ok
11:12:29.0871 0x0a7c  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
11:12:29.0883 0x0a7c  WUDFRd - ok
11:12:29.0915 0x0a7c  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
11:12:29.0924 0x0a7c  wudfsvc - ok
11:12:29.0961 0x0a7c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\windows\System32\wwansvc.dll
11:12:29.0978 0x0a7c  WwanSvc - ok
11:12:29.0991 0x0a7c  ================ Scan global ===============================
11:12:30.0036 0x0a7c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
11:12:30.0087 0x0a7c  [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\windows\system32\winsrv.dll
11:12:30.0103 0x0a7c  [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\windows\system32\winsrv.dll
11:12:30.0125 0x0a7c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
11:12:30.0155 0x0a7c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
11:12:30.0165 0x0a7c  [ Global ] - ok
11:12:30.0165 0x0a7c  ================ Scan MBR ==================================
11:12:30.0183 0x0a7c  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
11:12:30.0419 0x0a7c  \Device\Harddisk0\DR0 - ok
11:12:30.0420 0x0a7c  ================ Scan VBR ==================================
11:12:30.0435 0x0a7c  [ A29569CF610E153C1CB1DE7062DA60B9 ] \Device\Harddisk0\DR0\Partition1
11:12:30.0439 0x0a7c  \Device\Harddisk0\DR0\Partition1 - ok
11:12:30.0441 0x0a7c  Waiting for KSN requests completion. In queue: 73
11:12:31.0441 0x0a7c  Waiting for KSN requests completion. In queue: 73
11:12:32.0441 0x0a7c  Waiting for KSN requests completion. In queue: 73
11:12:33.0441 0x0a7c  Waiting for KSN requests completion. In queue: 73
11:12:34.0441 0x0a7c  Waiting for KSN requests completion. In queue: 73
11:12:35.0501 0x0a7c  AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe ( 21.1.0.0 ), 0x51000 ( enabled : updated )
11:12:35.0506 0x0a7c  FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe ( 21.1.0.0 ), 0x51010 ( enabled )
11:12:38.0377 0x0a7c  ============================================================
11:12:38.0377 0x0a7c  Scan finished
11:12:38.0377 0x0a7c  ============================================================
11:12:38.0398 0x0c70  Detected object count: 0
11:12:38.0398 0x0c70  Actual detected object count: 0
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 27 November 2013 - 11:28 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 JoeS6

JoeS6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 27 November 2013 - 11:59 AM

Here is the report:

 

ComboFix 13-11-27.01 - parents 11/27/2013  11:42:42.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2083 [GMT -5:00]
Running from: c:\users\parents\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Level Quality Watcher
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-27 to 2013-11-27  )))))))))))))))))))))))))))))))
.
.
2013-11-27 14:27 . 2013-11-27 14:27    --------    d-----w-    c:\program files (x86)\MozBackup
2013-11-27 02:02 . 2013-11-27 02:02    388096    ----a-r-    c:\users\parents\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-27 02:02 . 2013-11-27 02:02    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-11-26 20:51 . 2013-11-26 20:51    --------    d-----w-    c:\program files\Level Quality Watcher
2013-11-20 16:18 . 2013-11-20 16:18    --------    d--h--w-    c:\programdata\CanonIJMyPrinter
2013-11-20 14:11 . 2013-11-20 14:11    --------    d-----w-    c:\program files\Canon
2013-11-19 18:24 . 2013-11-27 01:32    --------    d-----w-    c:\windows\system32\drivers\NISx64\1501000.012
2013-11-05 17:15 . 2013-11-05 17:15    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-05 17:15 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-05 03:03 . 2013-11-05 03:03    --------    d-----w-    c:\users\parents\AppData\Local\BrowserSafeguard
2013-11-03 19:51 . 2013-11-03 19:53    --------    d-----w-    c:\users\parents\AppData\Local\WordOv
2013-11-03 19:51 . 2013-11-26 20:52    --------    d-----w-    C:\temp
2013-11-03 19:51 . 2013-11-03 19:53    --------    d-----w-    c:\program files (x86)\Optimizer Pro
2013-11-03 19:49 . 2013-11-03 19:49    --------    d-----w-    c:\program files (x86)\sp
2013-11-02 19:28 . 2013-09-09 07:57    829264    ----a-w-    c:\windows\system32\msvcr100.dll
2013-11-02 19:28 . 2013-09-09 07:57    608080    ----a-w-    c:\windows\system32\msvcp100.dll
2013-11-02 13:21 . 2013-11-02 13:21    --------    d-----w-    c:\programdata\Canneverbe Limited
2013-11-02 13:20 . 2013-11-02 13:20    --------    d-----w-    c:\users\parents\AppData\Roaming\Canneverbe Limited
2013-11-02 13:20 . 2013-11-02 19:29    --------    d-----w-    c:\users\parents\AppData\Local\NativeMessaging
2013-10-30 13:32 . 2013-10-30 13:32    --------    d--h--w-    c:\programdata\Common Files
2013-10-30 13:32 . 2013-11-05 18:55    --------    d-----w-    c:\programdata\Conduit
2013-10-30 13:32 . 2013-11-02 19:31    --------    d-----w-    c:\users\parents\AppData\Local\Conduit
2013-10-30 13:32 . 2013-11-02 19:31    --------    d-----w-    c:\program files (x86)\Conduit
2013-10-30 13:30 . 2013-10-31 18:50    --------    d-----w-    c:\program files (x86)\MyPC Backup
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 18:25 . 2013-02-06 01:03    177752    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-10-11 00:43 . 2011-11-03 06:12    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-03 13:54 . 2013-09-03 13:54    27208    ----a-w-    c:\windows\system32\AdobePDFUI.dll
2013-09-03 13:54 . 2013-09-03 13:54    55872    ----a-w-    c:\windows\system32\AdobePDF.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Player"="c:\users\parents\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-05-29 3113792]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-29 39408]
"BackgroundContainer"="c:\users\parents\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-10-15 319264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2013-2-2 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2013-2-2 15360]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2013-2-2 1081344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [x]
R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
R3 EraserUtilDrv11311;EraserUtilDrv11311;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [x]
R3 EraserUtilDrv11312;EraserUtilDrv11312;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131126.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131126.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 16:01    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 00:43]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 04:14]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 04:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\84F6D656C696E6B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\86F6D656C696E6B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E7EB00EB-33AF-43FA-BC9A-F58270AA69C5}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\chdyuf6p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN12903192771556955&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=US&userid=9b976f8c-8352-8034-52bf-56f381cddc4b&searchtype=ds&installDate=02/11/2013&q=
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7e8a1050-cf67-4575-92df-dcc60e7d952d} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Amazon MP3 Downloader - c:\users\parents\Desktop\GnR\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\SysWOW64\Rundll32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-11-27  11:56:24 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-27 16:56
.
Pre-Run: 458,961,207,296 bytes free
Post-Run: 461,953,142,784 bytes free
.
- - End Of File - - 0E8CD218CFB1B381C5A1CCE92F016DED
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 28 November 2013 - 02:47 PM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 JoeS6

JoeS6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 28 November 2013 - 08:35 PM

Here are the logs:

 

ComboFix 13-11-27.01 - parents 11/28/2013  19:01:20.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2349 [GMT -5:00]
Running from: c:\users\parents\Desktop\ComboFix.exe
Command switches used :: c:\users\parents\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\CT3298573\plugins\TBVerifier.dll
c:\program files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll
c:\program files (x86)\Conduit\CT3311875\plugins\TBVerifier.dll
c:\program files (x86)\MyPC Backup
c:\program files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe
c:\program files (x86)\Optimizer Pro
c:\program files\Level Quality Watcher
c:\program files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
c:\program files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
c:\programdata\Conduit
c:\users\parents\AppData\Local\BrowserSafeguard
c:\users\parents\AppData\Local\BrowserSafeguard\cookies.dat
c:\users\parents\AppData\Local\Conduit
c:\users\parents\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
c:\users\parents\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll
c:\users\parents\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll
c:\users\parents\AppData\Local\WordOv
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-28 to 2013-11-29  )))))))))))))))))))))))))))))))
.
.
2013-11-29 00:07 . 2013-11-29 00:07    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-27 14:27 . 2013-11-27 14:27    --------    d-----w-    c:\program files (x86)\MozBackup
2013-11-27 02:02 . 2013-11-27 02:02    388096    ----a-r-    c:\users\parents\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-27 02:02 . 2013-11-27 02:02    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-11-20 16:18 . 2013-11-20 16:18    --------    d--h--w-    c:\programdata\CanonIJMyPrinter
2013-11-20 14:11 . 2013-11-20 14:11    --------    d-----w-    c:\program files\Canon
2013-11-19 18:24 . 2013-11-27 01:32    --------    d-----w-    c:\windows\system32\drivers\NISx64\1501000.012
2013-11-05 17:15 . 2013-11-05 17:15    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-05 17:15 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-03 19:51 . 2013-11-26 20:52    --------    d-----w-    C:\temp
2013-11-03 19:49 . 2013-11-03 19:49    --------    d-----w-    c:\program files (x86)\sp
2013-11-02 19:28 . 2013-09-09 07:57    829264    ----a-w-    c:\windows\system32\msvcr100.dll
2013-11-02 19:28 . 2013-09-09 07:57    608080    ----a-w-    c:\windows\system32\msvcp100.dll
2013-11-02 13:21 . 2013-11-02 13:21    --------    d-----w-    c:\programdata\Canneverbe Limited
2013-11-02 13:20 . 2013-11-02 13:20    --------    d-----w-    c:\users\parents\AppData\Roaming\Canneverbe Limited
2013-11-02 13:20 . 2013-11-02 19:29    --------    d-----w-    c:\users\parents\AppData\Local\NativeMessaging
2013-10-30 13:32 . 2013-10-30 13:32    --------    d--h--w-    c:\programdata\Common Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 18:25 . 2013-02-06 01:03    177752    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-10-11 00:43 . 2011-11-03 06:12    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-03 13:54 . 2013-09-03 13:54    27208    ----a-w-    c:\windows\system32\AdobePDFUI.dll
2013-09-03 13:54 . 2013-09-03 13:54    55872    ----a-w-    c:\windows\system32\AdobePDF.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Player"="c:\users\parents\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-05-29 3113792]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2013-2-2 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2013-2-2 15360]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2013-2-2 1081344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [x]
R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
R3 EraserUtilDrv11311;EraserUtilDrv11311;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [x]
R3 EraserUtilDrv11312;EraserUtilDrv11312;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131126.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131126.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 16:01    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 00:43]
.
2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 04:14]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 04:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\84F6D656C696E6B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{215940C0-E839-410C-898E-D75D2DED15E8}\86F6D656C696E6B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E7EB00EB-33AF-43FA-BC9A-F58270AA69C5}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\chdyuf6p.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7e8a1050-cf67-4575-92df-dcc60e7d952d} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Amazon MP3 Downloader - c:\users\parents\Desktop\GnR\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-28  19:08:58
ComboFix-quarantined-files.txt  2013-11-29 00:08
ComboFix2.txt  2013-11-27 16:56
.
Pre-Run: 462,055,714,816 bytes free
Post-Run: 461,751,988,224 bytes free
.
- - End Of File - - D76BC8C25675969FCD292D5D4C4B9238
 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.28.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
parents :: PARENTS-PC [administrator]

Protection: Disabled

11/28/2013 7:13:01 PM
mbam-log-2013-11-28 (19-13-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 412693
Time elapsed: 1 hour(s), 13 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 29 November 2013 - 02:40 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 JoeS6

JoeS6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 29 November 2013 - 10:39 AM

Here are the findings:

 

C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A application
C:\Users\parents\AppData\LocalLow\SweetPacks\ldrtbSwee.dll    a variant of Win32/Toolbar.Conduit.P application
C:\Users\parents\AppData\LocalLow\SweetPacks\tbSwee.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Users\parents\AppData\LocalLow\SweetTunes\ldrtbSwee.dll    a variant of Win32/Toolbar.Conduit.P application
C:\Users\parents\AppData\LocalLow\SweetTunes\tbSwee.dll    a variant of Win32/Toolbar.Conduit.B application
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 02 December 2013 - 03:09 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 JoeS6

JoeS6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 02 December 2013 - 08:03 AM

Here are the logs:

 

# AdwCleaner v3.014 - Report created 02/12/2013 at 07:48:28
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : parents - PARENTS-PC
# Running from : C:\Users\parents\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\parents\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\parents\AppData\Local\PackageAware
Folder Deleted : C:\Users\parents\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\parents\AppData\Roaming\pccustubinstaller
[!] Folder Deleted : C:\Users\parents\Desktop\Inbox
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
File Deleted : C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\chdyuf6p.default\searchplugins\Web Search.xml
File Deleted : C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\chdyuf6p.default\user.js
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Default Tab

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\chdyuf6p.default\prefs.js ]

Line Deleted : user_pref("CT3298573.FF19Solved", "true");
Line Deleted : user_pref("CT3298573.UserID", "UN39627539603824550");
Line Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298573.fullUserID", "UN39627539603824550.IN.20131030093126");
Line Deleted : user_pref("CT3298573.installDate", "30/10/2013 09:31:32");
Line Deleted : user_pref("CT3298573.installSessionId", "{44393196-0A41-4FC7-A1B1-43353DA56BC7}");
Line Deleted : user_pref("CT3298573.installSp", "TRUE");
Line Deleted : user_pref("CT3298573.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3298573.keyword", "true");
Line Deleted : user_pref("CT3298573.originalHomepage", "www.amazon.com");
Line Deleted : user_pref("CT3298573.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3298573.originalSearchEngine", "");
Line Deleted : user_pref("CT3298573.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298573.searchRevert", "false");
Line Deleted : user_pref("CT3298573.searchUserMode", "2");
Line Deleted : user_pref("CT3298573.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298573.toolbarInstallDate", "30-10-2013 09:31:28");
Line Deleted : user_pref("CT3298573.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3298573.xpeMode", "0");
Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN12903192771556955");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN12903192771556955.IN.20131102152845");
Line Deleted : user_pref("CT3310511.installDate", "02/11/2013 15:28:51");
Line Deleted : user_pref("CT3310511.installSessionId", "{9C55C99F-C9C0-4CF7-BAE7-62C104A17A6B}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3310511.keyword", "true");
Line Deleted : user_pref("CT3310511.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3315039&octid=CT3315039&SearchSource=55&CUI=SB_CUI&UM=2&UP=SPB4BE8692-E349-4EAE-A525-A9EA0528A148");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN27258602911193117&UM=2&q=");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "SweetTunes Search");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "SweetTunes Search");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");
Line Deleted : user_pref("CT3310511.toolbarInstallDate", "02-11-2013 15:28:46");
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("CT3311875.FF19Solved", "true");
Line Deleted : user_pref("CT3311875.UserID", "UN27258602911193117");
Line Deleted : user_pref("CT3311875.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311875.fullUserID", "UN27258602911193117.IN.20131102091940");
Line Deleted : user_pref("CT3311875.installDate", "02/11/2013 09:19:43");
Line Deleted : user_pref("CT3311875.installSessionId", "{6B879232-2E95-4ACF-9AA4-755494500257}");
Line Deleted : user_pref("CT3311875.installSp", "TRUE");
Line Deleted : user_pref("CT3311875.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3311875.keyword", "true");
Line Deleted : user_pref("CT3311875.originalHomepage", "about:home");
Line Deleted : user_pref("CT3311875.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3311875.originalSearchEngine", "");
Line Deleted : user_pref("CT3311875.originalSearchEngineName", "");
Line Deleted : user_pref("CT3311875.searchRevert", "false");
Line Deleted : user_pref("CT3311875.searchUserMode", "2");
Line Deleted : user_pref("CT3311875.smartbar.homepage", "true");
Line Deleted : user_pref("CT3311875.toolbarInstallDate", "02-11-2013 09:19:41");
Line Deleted : user_pref("CT3311875.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3311875.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN12903192771556955&UM=2&SearchSource=13&UP=SPB4BE8692-E349-4EAE-A525-A9EA0528A148");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN27258602911193117&UM=2&q=");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN39627539603824550&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN39627539603824550&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.machineId", "DPBSJD5CTXW5FIZRICWNMNVQDMK/VZPLO7WOLJMUJBYQRL9O13J4BW2K/5X0UFYYTMSQZW2BMSIWNUXYFAQRJA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN39627539603824550&UM=2&SearchSource=13");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\parents\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [11055 octets] - [02/12/2013 07:46:51]
AdwCleaner[S0].txt - [10693 octets] - [02/12/2013 07:48:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10754 octets] ##########
 

 

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
 Mozilla Thunderbird (17.0.8)
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 02 December 2013 - 09:50 AM

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 JoeS6

JoeS6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 02 December 2013 - 10:49 AM

I think I will turn on these automatic updates. I stopped using them on past pc's due to the slowness at bootup it would cause. Hopefully, things have changed.

 

I can't thank you enough for your help and of course your time.



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 03 December 2013 - 03:34 AM

You´re welcome! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 03 December 2013 - 03:34 AM

--------------------------------------


Edited by TB-Psychotic, 03 December 2013 - 03:34 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users