Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow even in safe mode cant find virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 t.wiruth

t.wiruth

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 January 2015 - 10:52 PM

I came home one day logged on to find my laptop slower than ever. hijack file attached..I have ran differ scans and cant come up with any thing.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:47:31 PM, on 1/13/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16599)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\AWIRUTH\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} (SkyFex Client Object) - https://skyfex.com/download/SkyFexClient.cab
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca2348b29cfa10) (gupdate1ca2348b29cfa10) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9568 bytes
 


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 14 January 2015 - 03:51 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 14 January 2015 - 10:09 AM

bare with me as its on the slow end 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by AWIRUTH (administrator) on AWIRUTH-PC on 14-01-2015 09:42:15
Running from C:\Users\AWIRUTH\Downloads
Loaded Profile: AWIRUTH (Available profiles: AWIRUTH)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\AWIRUTH\Downloads\1m7gk5b7.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1087752 2009-11-25] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1082832 2014-08-20] (Mischel Internet Security)
HKU\S-1-5-21-3039267758-649541010-2719466187-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3039267758-649541010-2719466187-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-16] (Google Inc.)
HKU\S-1-5-21-3039267758-649541010-2719466187-1000\...\MountPoints2: {8944fecb-45fb-11df-ad6c-001e33d470f9} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3039267758-649541010-2719466187-1000\...\MountPoints2: {91c47917-c37a-11e1-89ed-001e33d470f9} - F:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3039267758-649541010-2719466187-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3039267758-649541010-2719466187-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3039267758-649541010-2719466187-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {CA046CFD-247E-4E52-88D7-3C2AB5F85B31} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.0&uid=&did=%7b587fa315-9d9f-40e7-83ac-10fa7ea044d7%7d&q={searchTerms}
SearchScopes: HKLM-x32 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-3039267758-649541010-2719466187-1000 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSHB_en
SearchScopes: HKU\S-1-5-21-3039267758-649541010-2719466187-1000 -> {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = 
SearchScopes: HKU\S-1-5-21-3039267758-649541010-2719466187-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKU\S-1-5-21-3039267758-649541010-2719466187-1000 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7TSHB_en
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3039267758-649541010-2719466187-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3039267758-649541010-2719466187-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F84E0B64-1E86-4640-8094-5B38CEB28C1E} https://skyfex.com/download/SkyFexClient.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-04]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-09]
CHR Extension: (Google Search) - C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
S4 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2009-03-06] (TOSHIBA CORPORATION) [File not signed]
S4 Fix-It Task Manager; C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe [152832 2008-08-26] (Avanquest North America, Inc.)
S2 gupdate1ca2348b29cfa10; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-13] (SurfRight B.V.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
S4 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-15] ()
R2 QBCFMonitorService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2009-12-16] (Intuit) [File not signed]
S3 QBFCService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S4 RSELSVC; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [55808 2009-02-19] (TOSHIBA Corporation) [File not signed]
S4 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
S4 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
S4 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [251392 2009-04-14] (TOSHIBA Corporation) [File not signed]
S4 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [84480 2009-03-17] (TOSHIBA Corporation) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
U1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150108.002\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.040\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.040\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-23] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS [510168 2014-08-25] (Symantec Corporation)
S2 tmpreflt; C:\Program Files (x86)\Avanquest\Fix-It\tmpreflt.sys [32528 2007-08-31] (Trend Micro Inc.)
S2 tmxpflt; C:\Program Files (x86)\Avanquest\Fix-It\tmxpflt.sys [199440 2007-08-31] (Trend Micro Inc.)
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2009-04-11] (Microsoft Corporation)
S2 Vsapint; C:\Program Files (x86)\Avanquest\Fix-It\Vsapint.sys [1052472 2007-08-31] (Trend Micro Inc.)
R2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2009-08-08] ()
R2 WinVd32; C:\Windows\WinVd32.sys [197728 2009-08-08] ()
U3 aetw8wnc; C:\Windows\System32\Drivers\aetw8wnc.sys [0 ] (Microsoft Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]
U3 kgliqfog; \??\C:\Users\AWIRUTH\AppData\Local\Temp\kgliqfog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 09:42 - 2015-01-14 09:47 - 00024434 _____ () C:\Users\AWIRUTH\Downloads\FRST.txt
2015-01-14 09:42 - 2015-01-14 09:43 - 00000000 ____D () C:\FRST
2015-01-14 09:40 - 2015-01-14 09:41 - 02124288 _____ (Farbar) C:\Users\AWIRUTH\Downloads\FRST64.exe
2015-01-14 09:35 - 2015-01-14 09:36 - 00380416 _____ () C:\Users\AWIRUTH\Downloads\1m7gk5b7.exe
2015-01-13 22:47 - 2015-01-13 22:47 - 00009569 _____ () C:\Users\AWIRUTH\Desktop\hijackthis.log
2015-01-13 21:43 - 2015-01-13 21:43 - 00019714 _____ () C:\ComboFix.txt
2015-01-13 20:04 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-13 20:04 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-13 20:04 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-13 20:04 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-13 20:04 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-13 20:04 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-13 20:04 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-13 20:04 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-13 19:57 - 2015-01-13 21:44 - 00000000 ____D () C:\Qoobox
2015-01-13 19:50 - 2015-01-13 21:24 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 19:46 - 2015-01-13 19:46 - 00000880 _____ () C:\Users\AWIRUTH\Desktop\ComboFix.exe - Shortcut.lnk
2015-01-13 19:43 - 2015-01-13 19:44 - 05609736 ____R (Swearware) C:\Users\AWIRUTH\Downloads\ComboFix.exe
2015-01-13 17:49 - 2015-01-13 17:49 - 00001743 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-13 17:49 - 2015-01-13 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-13 17:49 - 2015-01-13 17:49 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-13 17:48 - 2015-01-13 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 17:46 - 2015-01-13 17:46 - 00000925 _____ () C:\Users\AWIRUTH\Desktop\HitmanPro_x64 (1).exe - Shortcut.lnk
2015-01-13 17:41 - 2015-01-13 17:49 - 11225840 _____ (SurfRight B.V.) C:\Users\AWIRUTH\Downloads\HitmanPro_x64 (1).exe
2015-01-13 17:19 - 2015-01-13 17:19 - 09741664 _____ (SurfRight B.V.) C:\Users\AWIRUTH\Downloads\HitmanPro_x64.exe
2015-01-09 22:50 - 2015-01-13 17:42 - 00000000 ____D () C:\Users\AWIRUTH\Downloads\backups
2015-01-09 22:44 - 2015-01-09 22:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\AWIRUTH\Downloads\HijackThis (1).exe
2015-01-09 22:39 - 2015-01-09 22:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\AWIRUTH\Desktop\HijackThis.exe
2015-01-09 16:27 - 2015-01-09 16:27 - 00000000 ____D () C:\Users\AWIRUTH\AppData\Roaming\TrojanHunter
2015-01-08 12:22 - 2015-01-08 12:22 - 02191360 _____ () C:\Users\AWIRUTH\Downloads\AdwCleaner (2).exe
2015-01-08 12:21 - 2015-01-13 16:26 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-01-08 12:21 - 2015-01-08 12:22 - 00000000 ____D () C:\ProgramData\TrojanHunter
2015-01-08 12:21 - 2015-01-08 12:21 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2015-01-08 12:21 - 2015-01-08 12:21 - 00000935 _____ () C:\Users\AWIRUTH\Desktop\TrojanHunter.lnk
2015-01-08 12:21 - 2015-01-08 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-01-08 12:15 - 2015-01-08 12:16 - 04334200 _____ (Bytelayer AB ) C:\Users\AWIRUTH\Downloads\TrojanHunterSetup (1).exe
2015-01-08 11:55 - 2015-01-08 11:59 - 04334200 _____ (Bytelayer AB ) C:\Users\AWIRUTH\Downloads\TrojanHunterSetup.exe
2015-01-08 10:15 - 2015-01-08 12:33 - 00000000 ____D () C:\AdwCleaner
2015-01-08 10:08 - 2015-01-08 10:08 - 02191360 _____ () C:\Users\AWIRUTH\Downloads\AdwCleaner (1).exe
2015-01-08 10:03 - 2015-01-08 10:04 - 02191360 _____ () C:\Users\AWIRUTH\Downloads\AdwCleaner.exe
2015-01-06 23:14 - 2015-01-08 17:26 - 00000732 _____ () C:\Users\AWIRUTH\AppData\Local\d3d9caps64.dat
2015-01-06 13:26 - 2015-01-07 00:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-04 00:53 - 2015-01-04 00:53 - 00190616 _____ () C:\Users\AWIRUTH\AppData\Local\census.cache
2015-01-04 00:52 - 2015-01-04 00:52 - 00172661 _____ () C:\Users\AWIRUTH\AppData\Local\ars.cache
2015-01-04 00:15 - 2015-01-04 00:15 - 00000010 _____ () C:\Users\AWIRUTH\AppData\Local\sponge.last.runtime.cache
2015-01-03 23:42 - 2015-01-03 23:42 - 00000036 _____ () C:\Users\AWIRUTH\AppData\Local\housecall.guid.cache
2015-01-03 23:39 - 2015-01-03 23:40 - 02073112 _____ (Trend Micro Inc.) C:\Users\AWIRUTH\Downloads\HousecallLauncher.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 09:56 - 2009-08-22 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 09:45 - 2010-08-23 23:20 - 02010595 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 09:32 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 09:32 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 21:43 - 2014-04-22 23:36 - 00000000 ____D () C:\Users\dub_cm_auto
2015-01-13 21:43 - 2006-11-02 08:33 - 00000000 __RHD () C:\Users\Default
2015-01-13 21:40 - 2009-08-04 19:00 - 00105984 _____ () C:\Users\AWIRUTH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-13 21:22 - 2011-08-18 17:35 - 00000000 ____D () C:\Users\AWIRUTH\AppData\Local\CrashDumps
2015-01-13 21:12 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-13 18:45 - 2006-11-02 07:46 - 00758926 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 18:31 - 2009-08-22 11:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 18:30 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 18:26 - 2010-12-31 13:17 - 00354326 _____ () C:\Windows\PFRO.log
2015-01-13 18:22 - 2006-11-02 10:42 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-13 10:07 - 2009-08-22 11:49 - 00000880 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-07 00:31 - 2009-10-12 22:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-05 23:19 - 2009-08-04 20:03 - 00121712 _____ () C:\Users\AWIRUTH\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 18:23 - 2011-05-10 21:39 - 00016462 _____ () C:\Windows\setupact.log
2014-12-17 08:33 - 2010-02-28 23:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-13 18:33

==================== End Of Log ============================


#4 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 14 January 2015 - 10:14 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by AWIRUTH at 2015-01-14 10:00:05
Running from C:\Users\AWIRUTH\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.26 - Adobe Systems Incorporated)
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Amazon Links (HKLM-x32\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 9.05 (HKLM-x32\...\Ashampoo Burning Studio 9_is1) (Version: 9.0.5 - ashampoo GmbH & Co. KG)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
ATI Catalyst Install Manager (HKLM\...\{190A60F1-2FEE-0A11-7D37-D8607809CC39}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-495CW (HKLM-x32\...\{0A02D347-5E53-48A5-BC49-1469393103FA}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
ccc-core-static (x32 Version: 2009.0421.2132.36832 - ATI) Hidden
CCleaner (HKLM-x32\...\CCleaner) (Version:  - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerCinema for TOSHIBA (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2616a - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fix-It Utilities 8 Professional (HKLM-x32\...\{5158974E-2D28-4018-9335-7694C2974746}) (Version: 8.0.4.2 - Avanquest Software USA, Inc.)
Garmin TOPO U.S. 100K v4 (HKLM-x32\...\{E3997715-B309-4098-98B6-AADD759A5A61}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{07A8ED9E-B98E-437F-B750-241B412BE924}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GrabIt 1.7.2 Beta 4 (build 997) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
K-Lite Codec Pack 4.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.7.0 - )
LightScribe  1.4.124.1 (x32 Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Logitech Gaming Software 64 (HKLM-x32\...\InstallShield_{58BF5D14-CBCF-473C-B0E0-A7955A23224E}) (Version:  - )
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Medal of Honor Airborne (HKLM-x32\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{86A4C6D9-29EE-4719-AFA1-BA3341862B83}) (Version: 3.4.54.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{1FDA5A37-B22D-43FF-B582-B8964050DC13}) (Version: 3.4.18.0 - Microsoft Corporation)
Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{3E061CBA-1DBB-45DD-8873-D100072ADCAD}) (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Live Add-in 1.4 (HKLM-x32\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
QuickBooks (x32 Version: 20.0.4005.807 - Intuit Inc.) Hidden
QuickBooks Financial Center (HKLM-x32\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4005.807 - Intuit Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5809 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.39 - Piriform)
RICOH R5U230 Media Driver ver.2.02.02.01 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.02.02.01 - RICOH)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Skins (x32 Version: 2009.0421.2132.36832 - ATI) Hidden
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.0 - Synaptics Incorporated)
Texas Cheat'Em Demo (HKLM-x32\...\Steam App 23520) (Version:  - Wideload Games)
TOSHIBA Agreement Notification Utility (HKLM-x32\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation)
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.4 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA)
Toshiba AutoTask (HKLM-x32\...\Toshiba AutoTask) (Version:  - )
TOSHIBA ConfigFree (HKLM-x32\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.8 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.2.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.4.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.9 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.64.0 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version:  - )
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.1.64 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation)
Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
Toshiba Resources Page (HKLM-x32\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version:  - Agere Systems)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.1.0 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.66 - WildTangent)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
Windows Driver Package - TOSHIBA (FwLnk) System  (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Search Protection (HKLM-x32\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3039267758-649541010-2719466187-1000_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3039267758-649541010-2719466187-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3039267758-649541010-2719466187-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)

==================== Restore Points  =========================

13-01-2015 18:11:27 Checkpoint by HitmanPro
13-01-2015 18:17:03 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2015-01-13 21:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07064F27-E0D5-428F-B85F-89C0FE4A7F5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23C6BD41-24C8-43FC-BA1B-2EA1E55A517B} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe [2009-06-26] (Microsoft Corporation)
Task: {2FDBBB93-8FB9-44DC-A6A4-FCED1A5B9E3D} - System32\Tasks\{843FD450-2CA3-41D5-926A-019D67CC950B} => pcalua.exe -a C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Task: {30B2F72E-2433-413C-B99F-20F0D21A41AE} - System32\Tasks\{9C52CF1C-F798-43C2-AB1A-DFF80ECA3897} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {323B6094-E2B0-4BF5-AC60-1190EB00A85E} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3BC18786-D6A5-42C6-AF3B-FFCFB20B4DC1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2009-05-26] (Microsoft Corporation)
Task: {46CB914C-6B3A-4B2A-BC80-6FB7CD818EAA} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-07] (Google)
Task: {4B244D61-A386-4BFC-AB59-4BF4FF1BBE8E} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {59908EA2-C376-4FEC-8FEC-7392425D2CED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {74ACA92A-9572-48D0-B823-313F7BF33533} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A0457A39-BD56-4D0D-9C41-61836E90CD9B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {A54EAF00-135D-4CBF-9438-BCA10F649D1D} - System32\Tasks\{C70C0A86-3A0D-4A30-8440-DC37D1DBF4A4} => pcalua.exe -a "C:\Users\AWIRUTH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\285GA76A\p400_Win2000XP[1].exe" -d C:\Windows\system32
Task: {A60F2401-1D6B-4E79-BFF9-F71C5CE8F468} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {AF6C45B8-0962-4F5D-B632-DBA137F561E8} - System32\Tasks\{31272ECB-7777-4087-A52E-47DD8A2596FD} => pcalua.exe -a C:\Users\AWIRUTH\AppData\Local\Temp\Low\kiwee_setup.exe -d C:\Users\AWIRUTH\Desktop -c -s
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-09-06 11:27 - 2007-09-06 11:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2009-02-27 09:11 - 2009-02-27 09:11 - 00335360 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-06-28 12:12 - 2009-04-22 00:06 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2010-02-17 17:56 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2009-06-28 12:14 - 2009-06-28 12:14 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 12:19 - 2008-11-25 12:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2009-01-30 12:41 - 2009-01-30 12:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-06-28 12:14 - 2009-06-28 12:14 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-14 09:35 - 2015-01-14 09:36 - 00380416 _____ () C:\Users\AWIRUTH\Downloads\1m7gk5b7.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-12 08:13 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 08:13 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-04-10 22:16 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 22:16 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\AWIRUTH\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: camsvc => 2
MSCONFIG\Services: ConfigFree Gadget Service => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: Fix-It Task Manager => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate1ca2348b29cfa10 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LVPrcS64 => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RSELSVC => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TMachInfo => 2
MSCONFIG\Services: TNaviSrv => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 2
MSCONFIG\Services: TPCHSrv => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AutoTask => "C:\Program Files (x86)\AutoTask\AutoTask.exe" /STARTUP
MSCONFIG\startupreg: BrMfcWnd => "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
MSCONFIG\startupreg: cfFncEnabler.exe => "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: ControlCenter3 => "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NDSTray.exe => "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PCMAgent => "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\Windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
MSCONFIG\startupreg: TPCHWMsg => %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: VirusScannerPro => C:\PROGRA~2\AVANQU~1\Fix-It\MemCheck.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: YSearchProtection => "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3039267758-649541010-2719466187-500 - Administrator - Disabled)
AWIRUTH (S-1-5-21-3039267758-649541010-2719466187-1000 - Administrator - Enabled) => C:\Users\AWIRUTH
Guest (S-1-5-21-3039267758-649541010-2719466187-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2015 09:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37354643

Error: (01/14/2015 09:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37354643

Error: (01/14/2015 09:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 09:23:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37351585

Error: (01/14/2015 09:23:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37351585

Error: (01/14/2015 09:23:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 09:23:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37342022

Error: (01/14/2015 09:23:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37342022

Error: (01/14/2015 09:22:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 09:22:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37340992


System errors:
=============
Error: (01/13/2015 09:11:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (01/13/2015 09:08:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/13/2015 08:42:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (01/13/2015 06:42:47 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.134.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (01/13/2015 06:37:37 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.134.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (01/13/2015 06:34:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: tmxpfltVsapint%%1275

Error: (01/13/2015 06:34:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: tmprefltVsapint%%1275

Error: (01/13/2015 06:34:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Vsapint%%1275

Error: (01/13/2015 06:32:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\PROGRA~2\AVANQU~1\Fix-It\Vsapint.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/13/2015 06:32:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/14/2015 09:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37354643

Error: (01/14/2015 09:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37354643

Error: (01/14/2015 09:23:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 09:23:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37351585

Error: (01/14/2015 09:23:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37351585

Error: (01/14/2015 09:23:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 09:23:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37342022

Error: (01/14/2015 09:23:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37342022

Error: (01/14/2015 09:22:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 09:22:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37340992


CodeIntegrity Errors:
===================================
  Date: 2015-01-14 09:47:04.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:47:04.161
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:47:03.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:47:03.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:45:13.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:45:13.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:45:12.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:45:12.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:45:11.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 09:45:11.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 4093.04 MB
Available physical RAM: 1895.77 MB
Total Pagefile: 8387.35 MB
Available Pagefile: 6119.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI100343V0F) (Fixed) (Total:454.05 GB) (Free:208.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (OFFICE14) (CDROM) (Total:0.71 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CC4608EA)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=454.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)

==================== End Of Log ============================


#5 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 14 January 2015 - 10:57 AM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-14 10:53:06
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 465.76GB
Running: 1m7gk5b7.exe; Driver: C:\Users\AWIRUTH\AppData\Local\Temp\kgliqfog.sys


---- Devices - GMER 2.1 ----

Device  \Driver\aetw8wnc \GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-14 10:53:06
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 465.76GB
Running: 1m7gk5b7.exe; Driver: C:\Users\AWIRUTH\AppData\Local\Temp\kgliqfog.sys


---- Devices - GMER 2.1 ----

Device  \Driver\aetw8wnc \Device\Scsi\aetw8wnc1                                                                                 fffffa8006e112c0
Device  \Driver\aetw8wnc \Device\Scsi\aetw8wnc1Port2Path0Target0Lun0                                                            fffffa8006e112c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                  fffffa8003cdb2c0
Device  \Driver\usbehci \Device\USBFDO-7                                                                                        fffffa800520f2c0
Device  \Driver\usbuhci \Device\USBPDO-5                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBFDO-3                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBPDO-1                                                                                        fffffa8006c682c0
Device  \Driver\netbt \Device\NetBT_Tcpip_{A4A44328-599E-4D3F-A9DD-FBA8BAA2259C}                                                fffffa80083812c0
Device  \Driver\iScsiPrt \Device\RaidPort0                                                                                      fffffa8006eee2c0
Device  \Driver\WUDFRd \Device\UMDFCtrlDev-848beb79-9b7b-11e4-b979-001e33d470f9                                                 fffffa600a2363f4
Device  \Driver\cdrom \Device\CdRom0                                                                                            fffffa8006df22c0
Device  \Driver\cdrom \Device\CdRom1                                                                                            fffffa8006df22c0
Device  \Driver\usbuhci \Device\USBPDO-6                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBFDO-4                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBFDO-0                                                                                        fffffa8006c682c0
Device  \Driver\usbehci \Device\USBPDO-2                                                                                        fffffa800520f2c0
Device  \Driver\usbehci \Device\USBPDO-7                                                                                        fffffa800520f2c0
Device  \Driver\usbuhci \Device\USBFDO-5                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBPDO-3                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBFDO-1                                                                                        fffffa8006c682c0
Device  \Driver\netbt \Device\NetBT_Tcpip_{1ECBAE86-6D2F-4511-8587-3A92CBB5C44C}                                                fffffa80083812c0
Device  \Driver\netbt \Device\NetBt_Wins_Export                                                                                 fffffa80083812c0
Device  \Driver\usbuhci \Device\USBFDO-6                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBPDO-4                                                                                        fffffa8006c682c0
Device  \Driver\usbehci \Device\USBFDO-2                                                                                        fffffa800520f2c0
Device  \Driver\usbuhci \Device\USBPDO-0                                                                                        fffffa8006c682c0
Device  \Driver\iScsiPrt \Device\ScsiPort1                                                                                      fffffa8006eee2c0
Device  \Driver\aetw8wnc \Device\ScsiPort2                                                                                      fffffa8006e112c0
Device  \Driver\Smb \Device\NetbiosSmb                                                                                          fffffa80082922c0

---- Modules - GMER 2.1 ----

Module  \SystemRoot\System32\Drivers\aetw8wnc.SYS                                                                               fffffa60025ac000-fffffa60025fd000 (331776 bytes)

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x2C 0xF6 0xB5 0xAF ...
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x05 0x39 0xD4 0x8F ...
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0xC6 0x0D 0xBC 0x67 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                        
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x61 0xAE 0x6D 0xBD ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x05 0x39 0xD4 0x8F ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC6 0x0D 0xBC 0x67 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{16f370e1-81b1-4ccd-8b31-c7617888c9cd}@Dhcpv6State  0
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0xF2 0x1E 0xE7 0x55 ...
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x05 0x39 0xD4 0x8F ...
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x43 0x9F 0x16 0x59 ...

---- EOF - GMER 2.1 ----
Device\Scsi\aetw8wnc1                                                                                 fffffa8006e112c0
Device  \Driver\aetw8wnc \Device\Scsi\aetw8wnc1Port2Path0Target0Lun0                                                            fffffa8006e112c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                  fffffa8003cdb2c0
Device  \Driver\usbehci \Device\USBFDO-7                                                                                        fffffa800520f2c0
Device  \Driver\usbuhci \Device\USBPDO-5                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBFDO-3                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBPDO-1                                                                                        fffffa8006c682c0
Device  \Driver\netbt \Device\NetBT_Tcpip_{A4A44328-599E-4D3F-A9DD-FBA8BAA2259C}                                                fffffa80083812c0
Device  \Driver\iScsiPrt \Device\RaidPort0                                                                                      fffffa8006eee2c0
Device  \Driver\WUDFRd \Device\UMDFCtrlDev-848beb79-9b7b-11e4-b979-001e33d470f9                                                 fffffa600a2363f4
Device  \Driver\cdrom \Device\CdRom0                                                                                            fffffa8006df22c0
Device  \Driver\cdrom \Device\CdRom1                                                                                            fffffa8006df22c0
Device  \Driver\usbuhci \Device\USBPDO-6                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBFDO-4                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBFDO-0                                                                                        fffffa8006c682c0
Device  \Driver\usbehci \Device\USBPDO-2                                                                                        fffffa800520f2c0
Device  \Driver\usbehci \Device\USBPDO-7                                                                                        fffffa800520f2c0
Device  \Driver\usbuhci \Device\USBFDO-5                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBPDO-3                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBFDO-1                                                                                        fffffa8006c682c0
Device  \Driver\netbt \Device\NetBT_Tcpip_{1ECBAE86-6D2F-4511-8587-3A92CBB5C44C}                                                fffffa80083812c0
Device  \Driver\netbt \Device\NetBt_Wins_Export                                                                                 fffffa80083812c0
Device  \Driver\usbuhci \Device\USBFDO-6                                                                                        fffffa8006c682c0
Device  \Driver\usbuhci \Device\USBPDO-4                                                                                        fffffa8006c682c0
Device  \Driver\usbehci \Device\USBFDO-2                                                                                        fffffa800520f2c0
Device  \Driver\usbuhci \Device\USBPDO-0                                                                                        fffffa8006c682c0
Device  \Driver\iScsiPrt \Device\ScsiPort1                                                                                      fffffa8006eee2c0
Device  \Driver\aetw8wnc \Device\ScsiPort2                                                                                      fffffa8006e112c0
Device  \Driver\Smb \Device\NetbiosSmb                                                                                          fffffa80082922c0

---- Modules - GMER 2.1 ----

Module  \SystemRoot\System32\Drivers\aetw8wnc.SYS                                                                               fffffa60025ac000-fffffa60025fd000 (331776 bytes)

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x2C 0xF6 0xB5 0xAF ...
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x05 0x39 0xD4 0x8F ...
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0xC6 0x0D 0xBC 0x67 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                        
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x61 0xAE 0x6D 0xBD ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x05 0x39 0xD4 0x8F ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC6 0x0D 0xBC 0x67 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{16f370e1-81b1-4ccd-8b31-c7617888c9cd}@Dhcpv6State  0
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0xF2 0x1E 0xE7 0x55 ...
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x05 0x39 0xD4 0x8F ...
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x43 0x9F 0x16 0x59 ...

---- EOF - GMER 2.1 ----



#6 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 14 January 2015 - 11:03 AM

10:58:06.0174 0x12fc  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
10:58:10.0403 0x12fc  ============================================================
10:58:10.0403 0x12fc  Current date / time: 2015/01/14 10:58:10.0403
10:58:10.0403 0x12fc  SystemInfo:
10:58:10.0403 0x12fc  
10:58:10.0403 0x12fc  OS Version: 6.0.6002 ServicePack: 2.0
10:58:10.0403 0x12fc  Product type: Workstation
10:58:10.0403 0x12fc  ComputerName: AWIRUTH-PC
10:58:10.0403 0x12fc  UserName: AWIRUTH
10:58:10.0403 0x12fc  Windows directory: C:\Windows
10:58:10.0403 0x12fc  System windows directory: C:\Windows
10:58:10.0403 0x12fc  Running under WOW64
10:58:10.0403 0x12fc  Processor architecture: Intel x64
10:58:10.0403 0x12fc  Number of processors: 2
10:58:10.0403 0x12fc  Page size: 0x1000
10:58:10.0403 0x12fc  Boot type: Normal boot
10:58:10.0403 0x12fc  ============================================================
10:58:10.0653 0x12fc  KLMD registered as C:\Windows\system32\drivers\62936922.sys
10:58:11.0206 0x12fc  System UUID: {B449A592-5275-BCBE-60D4-16B61B29E5F3}
10:58:11.0884 0x12fc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:58:11.0895 0x12fc  ============================================================
10:58:11.0895 0x12fc  \Device\Harddisk0\DR0:
10:58:11.0900 0x12fc  MBR partitions:
10:58:11.0900 0x12fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38C1B800
10:58:11.0900 0x12fc  ============================================================
10:58:11.0946 0x12fc  C: <-> \Device\Harddisk0\DR0\Partition1
10:58:11.0946 0x12fc  ============================================================
10:58:11.0946 0x12fc  Initialize success
10:58:11.0946 0x12fc  ============================================================
10:58:16.0135 0x1218  ============================================================
10:58:16.0135 0x1218  Scan started
10:58:16.0135 0x1218  Mode: Manual; 
10:58:16.0135 0x1218  ============================================================
10:58:16.0135 0x1218  KSN ping started
10:58:19.0225 0x1218  KSN ping finished: true
10:58:21.0064 0x1218  ================ Scan system memory ========================
10:58:21.0064 0x1218  System memory - ok
10:58:21.0067 0x1218  ================ Scan services =============================
10:58:21.0382 0x1218  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
10:58:21.0391 0x1218  ACPI - ok
10:58:21.0580 0x1218  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:58:21.0592 0x1218  adp94xx - ok
10:58:21.0630 0x1218  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:58:21.0638 0x1218  adpahci - ok
10:58:21.0670 0x1218  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
10:58:21.0674 0x1218  adpu160m - ok
10:58:21.0721 0x1218  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:58:21.0726 0x1218  adpu320 - ok
10:58:21.0764 0x1218  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:58:21.0766 0x1218  AeLookupSvc - ok
10:58:21.0844 0x1218  [ E58A17E945593544C707423F9772EEA0, FC17AFF979354EB89DCA307BF07C52B84629AF540D4C6A32DD537695CA654205 ] AFD             C:\Windows\system32\drivers\afd.sys
10:58:21.0853 0x1218  AFD - ok
10:58:21.0894 0x1218  [ 8FE65709982F2CB7D291F6C9B2C60805, 23EE0C166082D420E09595FBC7162296E820B5712A69BA2BCBCB0AC8EED2164B ] AgereModemAudio C:\Windows\system32\agr64svc.exe
10:58:21.0895 0x1218  AgereModemAudio - ok
10:58:21.0978 0x1218  [ 55FCDB10E31C22EB67454AAEF42B6725, 4A02A3203573766F254643C0EC2AB1AF2BFCA49BF6E5D7627D27E93F92203379 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
10:58:22.0007 0x1218  AgereSoftModem - ok
10:58:22.0054 0x1218  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:58:22.0057 0x1218  agp440 - ok
10:58:22.0081 0x1218  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
10:58:22.0085 0x1218  aic78xx - ok
10:58:22.0107 0x1218  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
10:58:22.0110 0x1218  ALG - ok
10:58:22.0137 0x1218  [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:58:22.0138 0x1218  aliide - ok
10:58:22.0197 0x1218  [ C5EF0A376CE36979409774A5B9DC7903, 1832427B7F95D83114344E5B1F665C2DE09867720CADA4C059F99C6CA2912492 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:58:22.0202 0x1218  AMD External Events Utility - ok
10:58:22.0226 0x1218  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:58:22.0227 0x1218  amdide - ok
10:58:22.0254 0x1218  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:58:22.0256 0x1218  AmdK8 - ok
10:58:22.0299 0x1218  [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] Appinfo         C:\Windows\System32\appinfo.dll
10:58:22.0301 0x1218  Appinfo - ok
10:58:22.0435 0x1218  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:58:22.0437 0x1218  Apple Mobile Device - ok
10:58:22.0479 0x1218  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
10:58:22.0481 0x1218  arc - ok
10:58:22.0514 0x1218  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:58:22.0517 0x1218  arcsas - ok
10:58:22.0733 0x1218  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:58:22.0735 0x1218  aspnet_state - ok
10:58:22.0782 0x1218  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:58:22.0784 0x1218  AsyncMac - ok
10:58:22.0808 0x1218  [ B388797CAAB36D523840347CC6A39B96, E63FB05F2D98F7B419C17EDAA09EC45A18F6B620D3C88384BBE4F50FB08C6CBE ] atapi           C:\Windows\system32\drivers\atapi.sys
10:58:22.0810 0x1218  atapi - ok
10:58:23.0054 0x1218  [ C28928BECD9D35248C2A6CB18032CACC, 83DBC9EBC87E139BED7B0AFB10C5FCA82B6A24B0F7E51B04B54F8570D9752C65 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:58:23.0174 0x1218  atikmdag - ok
10:58:23.0254 0x1218  [ 4FCE8096191D260028FB6585A4159D6F, FCCB53A93CE69C8A21B61A4DE678AB3A59A55828BCA655D5E5AB6B08CE6FB412 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:58:23.0265 0x1218  AudioEndpointBuilder - ok
10:58:23.0281 0x1218  [ 4FCE8096191D260028FB6585A4159D6F, FCCB53A93CE69C8A21B61A4DE678AB3A59A55828BCA655D5E5AB6B08CE6FB412 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:58:23.0291 0x1218  AudioSrv - ok
10:58:23.0310 0x1218  Beep - ok
10:58:23.0368 0x1218  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
10:58:23.0380 0x1218  BFE - ok
10:58:23.0660 0x1218  [ D90F5136CB6512B2B9A855C94F79B0B5, 7E2FFDF2B1147E25EA2530DB55667352116EE676D0B6F76ED4C6FEAFC88AB5D4 ] BHDrvx64        C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys
10:58:23.0696 0x1218  BHDrvx64 - ok
10:58:23.0797 0x1218  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\system32\qmgr.dll
10:58:23.0829 0x1218  BITS - ok
10:58:23.0895 0x1218  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:58:23.0897 0x1218  blbdrive - ok
10:58:23.0992 0x1218  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:58:24.0003 0x1218  Bonjour Service - ok
10:58:24.0047 0x1218  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:58:24.0050 0x1218  bowser - ok
10:58:24.0097 0x1218  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
10:58:24.0098 0x1218  BrFiltLo - ok
10:58:24.0132 0x1218  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
10:58:24.0133 0x1218  BrFiltUp - ok
10:58:24.0160 0x1218  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
10:58:24.0164 0x1218  Browser - ok
10:58:24.0191 0x1218  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
10:58:24.0193 0x1218  Brserid - ok
10:58:24.0220 0x1218  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
10:58:24.0222 0x1218  BrSerWdm - ok
10:58:24.0243 0x1218  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
10:58:24.0244 0x1218  BrUsbMdm - ok
10:58:24.0286 0x1218  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
10:58:24.0287 0x1218  BrUsbSer - ok
10:58:24.0310 0x1218  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:58:24.0312 0x1218  BTHMODEM - ok
10:58:24.0404 0x1218  [ F1140ED3A1E1D6824A63F27AFD9EEF32, AF40AA352857A4161B500C404B88DEBD41E0A06640393B57CD5FD14E325BBE97 ] camsvc          C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
10:58:24.0405 0x1218  camsvc - ok
10:58:24.0433 0x1218  catchme - ok
10:58:24.0564 0x1218  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys
10:58:24.0568 0x1218  ccSet_N360 - ok
10:58:24.0626 0x1218  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:58:24.0629 0x1218  cdfs - ok
10:58:24.0681 0x1218  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:58:24.0685 0x1218  cdrom - ok
10:58:24.0745 0x1218  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:58:24.0748 0x1218  CertPropSvc - ok
10:58:24.0803 0x1218  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:58:24.0805 0x1218  circlass - ok
10:58:24.0851 0x1218  [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS            C:\Windows\system32\CLFS.sys
10:58:24.0860 0x1218  CLFS - ok
10:58:24.0956 0x1218  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:58:24.0959 0x1218  clr_optimization_v2.0.50727_32 - ok
10:58:25.0043 0x1218  [ 753049933D5326D835F4FCACDF4AD5E3, 715BEE09C19BCBCAD2A93E4725DB3A1FDD8E2FEFFF6E0C3D2F98FC607FED5D3A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:58:25.0046 0x1218  clr_optimization_v2.0.50727_64 - ok
10:58:25.0132 0x1218  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:58:25.0136 0x1218  clr_optimization_v4.0.30319_32 - ok
10:58:25.0150 0x1218  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:58:25.0155 0x1218  clr_optimization_v4.0.30319_64 - ok
10:58:25.0191 0x1218  [ B52D9A14CE4101577900A364BA86F3DF, A8AA928DDF5FE3861973D4EA03A5B700E99138236F1E8FF594293B9705BF470C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:58:25.0193 0x1218  CmBatt - ok
10:58:25.0219 0x1218  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:58:25.0220 0x1218  cmdide - ok
10:58:25.0247 0x1218  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:58:25.0249 0x1218  Compbatt - ok
10:58:25.0254 0x1218  COMSysApp - ok
10:58:25.0287 0x1218  [ BCF2C3177E4777E3793310BAC0244C1A, 574E47D17DC513DA23532FA02D155DE5FB4B177771B1CF25775E9B7A35B0DF01 ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
10:58:25.0289 0x1218  ConfigFree Gadget Service - ok
10:58:25.0304 0x1218  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
10:58:25.0305 0x1218  ConfigFree Service - ok
10:58:25.0339 0x1218  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:58:25.0341 0x1218  crcdisk - ok
10:58:25.0389 0x1218  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:58:25.0394 0x1218  CryptSvc - ok
10:58:25.0472 0x1218  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:58:25.0496 0x1218  DcomLaunch - ok
10:58:25.0538 0x1218  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:58:25.0540 0x1218  DfsC - ok
10:58:25.0711 0x1218  [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR            C:\Windows\system32\DFSR.exe
10:58:25.0845 0x1218  DFSR - ok
10:58:25.0919 0x1218  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
10:58:25.0927 0x1218  Dhcp - ok
10:58:25.0964 0x1218  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
10:58:25.0967 0x1218  disk - ok
10:58:26.0019 0x1218  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:58:26.0025 0x1218  Dnscache - ok
10:58:26.0081 0x1218  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
10:58:26.0089 0x1218  dot3svc - ok
10:58:26.0130 0x1218  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
10:58:26.0136 0x1218  DPS - ok
10:58:26.0172 0x1218  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:58:26.0173 0x1218  drmkaud - ok
10:58:26.0262 0x1218  [ 362CCEF305F45829316D62D3410F2062, 35033749E9B6B5AFC9C8C305F4AA1597E9776D465E7BBC24A20E836B7BEF0D73 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:58:26.0286 0x1218  DXGKrnl - ok
10:58:26.0328 0x1218  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
10:58:26.0332 0x1218  E1G60 - ok
10:58:26.0375 0x1218  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
10:58:26.0380 0x1218  EapHost - ok
10:58:26.0458 0x1218  [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache          C:\Windows\system32\drivers\ecache.sys
10:58:26.0463 0x1218  Ecache - ok
10:58:26.0551 0x1218  [ 47A68B3DBBB34D4FE61DE221A8536627, BC61CE4BD4F3A12C75BA6EB9D239F24CD3F54495DE9D6C901F4DAF5D92E8366B ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:58:26.0562 0x1218  eeCtrl - ok
10:58:26.0626 0x1218  [ 33510BE001CCDB5A01FCC88F4DD8DFC7, 58766C86EE63B4D6FD7DA8E8119165E601D10C0787BBF08A8D6EF6CA91ABC6A7 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:58:26.0639 0x1218  ehRecvr - ok
10:58:26.0660 0x1218  [ 1ABC6436B0EDAA3D496D9C827F92820D, 700BEF8CC38D75C8003A4208D2AF7A45F752A1BC88F7ECD28BDC38F773BB861F ] ehSched         C:\Windows\ehome\ehsched.exe
10:58:26.0664 0x1218  ehSched - ok
10:58:26.0673 0x1218  [ 08F48CB2CD4019AFB0456869B49CD76F, EC6814160A17F1774FD8FF346395EFD23C411CB6DF7D6CD64248E36DBEC41EBE ] ehstart         C:\Windows\ehome\ehstart.dll
10:58:26.0674 0x1218  ehstart - ok
10:58:26.0719 0x1218  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:58:26.0728 0x1218  elxstor - ok
10:58:26.0793 0x1218  [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
10:58:26.0804 0x1218  EMDMgmt - ok
10:58:26.0851 0x1218  [ B9773081AAF65E6D553496BA0CADCBB3, 3A77A12544755BFA1ABAA6DC53E5F03522627F57EF7092E3CC54C6431C75076A ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:58:26.0854 0x1218  EraserUtilRebootDrv - ok
10:58:26.0883 0x1218  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:58:26.0884 0x1218  ErrDev - ok
10:58:26.0963 0x1218  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
10:58:26.0974 0x1218  EventSystem - ok
10:58:27.0072 0x1218  [ B43896E1DE42639BA7AD4FD7988C01E5, AE41B889380D84B8DE11BEE4A0917A7A318128FB9580116BE9BC6CBFCEF1F104 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:58:27.0112 0x1218  EvtEng - ok
10:58:27.0166 0x1218  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
10:58:27.0172 0x1218  exfat - ok
10:58:27.0229 0x1218  [ 1E34B436811CCA4A2783C0BC7A0BEB2E, 7C9496100DEA53FBADDA8B1EFF9F943FD13E75601A039632887A35F190C1F799 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:58:27.0235 0x1218  fastfat - ok
10:58:27.0279 0x1218  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:58:27.0280 0x1218  fdc - ok
10:58:27.0319 0x1218  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:58:27.0322 0x1218  fdPHost - ok
10:58:27.0343 0x1218  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:58:27.0347 0x1218  FDResPub - ok
10:58:27.0360 0x1218  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:58:27.0363 0x1218  FileInfo - ok
10:58:27.0392 0x1218  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:58:27.0393 0x1218  Filetrace - ok
10:58:27.0432 0x1218  Fix-It Task Manager - ok
10:58:27.0509 0x1218  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:58:27.0510 0x1218  flpydisk - ok
10:58:27.0588 0x1218  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:58:27.0595 0x1218  FltMgr - ok
10:58:27.0670 0x1218  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache       C:\Windows\system32\FntCache.dll
10:58:27.0703 0x1218  FontCache - ok
10:58:27.0765 0x1218  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:58:27.0767 0x1218  FontCache3.0.0.0 - ok
10:58:27.0806 0x1218  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:58:27.0807 0x1218  Fs_Rec - ok
10:58:27.0852 0x1218  [ 6D06B5EEBBA23C16789EFC820EE1F253, 24920CF69DE6413DBF17554CFFBD3BF9B73F3311F6EBB53678360A42F7A6F280 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
10:58:27.0853 0x1218  FwLnk - ok
10:58:27.0885 0x1218  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:58:27.0887 0x1218  gagp30kx - ok
10:58:27.0960 0x1218  [ D154305DE6090E6E84E525F84BB08A06, 7B235178C3F26043AB7DB9EAD9A2185CEAF3C07BC48D63CA0EB6D56BCFEDF41A ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
10:58:27.0965 0x1218  GameConsoleService - ok
10:58:28.0005 0x1218  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:58:28.0007 0x1218  GEARAspiWDM - ok
10:58:28.0085 0x1218  [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:58:28.0104 0x1218  gpsvc - ok
10:58:28.0148 0x1218  [ 38F92E8510B8FAEC9BBB9E31724236DC, 4BF19BE677B94AEA8B3007BAFB6E618FA9BB4117D0220E68B71A0A27DF789286 ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
10:58:28.0150 0x1218  grmnusb - ok
10:58:28.0234 0x1218  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate1ca2348b29cfa10 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:58:28.0236 0x1218  gupdate1ca2348b29cfa10 - ok
10:58:28.0243 0x1218  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:58:28.0246 0x1218  gupdatem - ok
10:58:28.0275 0x1218  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:58:28.0280 0x1218  gusvc - ok
10:58:28.0329 0x1218  [ DF45F8142DC6DF9D18C39B3EFFBD0409, E0F04525530FF403C5A34B7E9A03CDE70B7BACE12E2E50103554E92AF374BD09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:58:28.0336 0x1218  HdAudAddService - ok
10:58:28.0406 0x1218  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:58:28.0433 0x1218  HDAudBus - ok
10:58:28.0488 0x1218  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:58:28.0490 0x1218  HidBth - ok
10:58:28.0525 0x1218  [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:58:28.0527 0x1218  HidIr - ok
10:58:28.0610 0x1218  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\System32\hidserv.dll
10:58:28.0614 0x1218  hidserv - ok
10:58:28.0665 0x1218  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:58:28.0666 0x1218  HidUsb - ok
10:58:28.0770 0x1218  [ 39E6D726A126157D807221DBAF367F37, FB421F8926D95F47C4783C56ADDD3E489010652ED86066A576CBE8D16ABD459A ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
10:58:28.0773 0x1218  HitmanProScheduler - ok
10:58:28.0811 0x1218  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:58:28.0818 0x1218  hkmsvc - ok
10:58:28.0860 0x1218  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
10:58:28.0862 0x1218  HpCISSs - ok
10:58:28.0903 0x1218  [ 57BA73B5B321291E5114CB21350E1EA0, C7057D934D71CDF4320416E38208310B79E447B2579922CACF6F0B7D729E83F5 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:58:28.0911 0x1218  HSFHWAZL - ok
10:58:29.0003 0x1218  [ E6CD7F641916484B0141D191A390D866, 4D58A1B75AA340C89CFE8D7044823DE2851E388F9731905F0FD68E6927BC3D99 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:58:29.0046 0x1218  HSF_DPV - ok
10:58:29.0106 0x1218  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:58:29.0120 0x1218  HTTP - ok
10:58:29.0154 0x1218  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
10:58:29.0156 0x1218  i2omp - ok
10:58:29.0183 0x1218  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:58:29.0185 0x1218  i8042prt - ok
10:58:29.0247 0x1218  [ 1ADAA4F16073FD0C7270F451FD024E97, A42F8DACBECC75FF841ED960DE8C52F4B9C6279727397BE4FBA314D07A547546 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:58:29.0257 0x1218  iaStor - ok
10:58:29.0300 0x1218  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
10:58:29.0307 0x1218  iaStorV - ok
10:58:29.0394 0x1218  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:58:29.0396 0x1218  IDriverT - ok
10:58:29.0573 0x1218  [ A9AA69F749AC1D318151E77372CC83DB, 2A50A4D6ED22F5F6CB5DC56A639D904AD71E511DC744A6F6C3D1D4D39756AF31 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:58:29.0596 0x1218  idsvc - ok
10:58:29.0761 0x1218  [ 77095B7820F1690A5A9DE26AF6819F20, D1A17BB9635F552C8780CE9921091D5FAEAD54DF11C8DB42253A3CE4A8FEA561 ] IDSVia64        C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150108.002\IDSvia64.sys
10:58:29.0777 0x1218  IDSVia64 - ok
10:58:29.0811 0x1218  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:58:29.0814 0x1218  iirsp - ok
10:58:29.0875 0x1218  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
10:58:29.0889 0x1218  IKEEXT - ok
10:58:29.0989 0x1218  [ CE57D1A91272A35989837B868C8366DF, 9C35882934608333B6B3043B5541DAD2C7E1BD6FA3BC03715BC8C5EA7D63E9CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:58:30.0042 0x1218  IntcAzAudAddService - ok
10:58:30.0078 0x1218  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\drivers\intelide.sys
10:58:30.0080 0x1218  intelide - ok
10:58:30.0110 0x1218  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:58:30.0112 0x1218  intelppm - ok
10:58:30.0146 0x1218  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:58:30.0152 0x1218  IPBusEnum - ok
10:58:30.0198 0x1218  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:58:30.0201 0x1218  IpFilterDriver - ok
10:58:30.0269 0x1218  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:58:30.0278 0x1218  iphlpsvc - ok
10:58:30.0283 0x1218  IpInIp - ok
10:58:30.0323 0x1218  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
10:58:30.0326 0x1218  IPMIDRV - ok
10:58:30.0349 0x1218  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
10:58:30.0352 0x1218  IPNAT - ok
10:58:30.0420 0x1218  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:58:30.0434 0x1218  iPod Service - ok
10:58:30.0490 0x1218  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:58:30.0491 0x1218  IRENUM - ok
10:58:30.0514 0x1218  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:58:30.0516 0x1218  isapnp - ok
10:58:30.0564 0x1218  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:58:30.0570 0x1218  iScsiPrt - ok
10:58:30.0598 0x1218  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
10:58:30.0600 0x1218  iteatapi - ok
10:58:30.0660 0x1218  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
10:58:30.0662 0x1218  iteraid - ok
10:58:30.0682 0x1218  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:58:30.0684 0x1218  kbdclass - ok
10:58:30.0751 0x1218  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:58:30.0753 0x1218  kbdhid - ok
10:58:30.0772 0x1218  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
10:58:30.0778 0x1218  KeyIso - ok
10:58:30.0800 0x1218  [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:58:30.0812 0x1218  KSecDD - ok
10:58:30.0854 0x1218  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:58:30.0855 0x1218  ksthunk - ok
10:58:30.0902 0x1218  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:58:30.0916 0x1218  KtmRm - ok
10:58:30.0976 0x1218  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:58:30.0989 0x1218  LanmanServer - ok
10:58:31.0034 0x1218  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:58:31.0048 0x1218  LanmanWorkstation - ok
10:58:31.0117 0x1218  [ 6E5DAC168D1FF9843E84A59D51D31107, A847CFEB0D18E7865D483C74560DF67772DCB8EC22DB0F5910F3A68BFA9F3DCD ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:58:31.0119 0x1218  LightScribeService - ok
10:58:31.0136 0x1218  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:58:31.0139 0x1218  lltdio - ok
10:58:31.0211 0x1218  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:58:31.0223 0x1218  lltdsvc - ok
10:58:31.0244 0x1218  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:58:31.0249 0x1218  lmhosts - ok
10:58:31.0285 0x1218  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:58:31.0289 0x1218  LSI_FC - ok
10:58:31.0309 0x1218  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:58:31.0313 0x1218  LSI_SAS - ok
10:58:31.0339 0x1218  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:58:31.0343 0x1218  LSI_SCSI - ok
10:58:31.0376 0x1218  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:58:31.0380 0x1218  luafv - ok
10:58:31.0424 0x1218  [ B2085E335F2B57077B0CBADB6F1245CD, 69C81753B2ABAE8C89CEDADFCB73FB332E5FCD555576959AD412BF036EC9E343 ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
10:58:31.0430 0x1218  lvpopf64 - ok
10:58:31.0468 0x1218  [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:58:31.0470 0x1218  LVPr2M64 - ok
10:58:31.0477 0x1218  [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:58:31.0479 0x1218  LVPr2Mon - ok
10:58:31.0577 0x1218  [ A35679E56E78091E1042A2D7ADBF2958, F2282B697DCDD5767F65D99FEA374D3757C6133D42BD5A9C582C217619213290 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
10:58:31.0582 0x1218  LVPrcS64 - ok
10:58:31.0675 0x1218  [ 986C1CB787A007BAA5F74E7D316D7246, 8846D5FF09A669816F57C98507FBCBE60F770B22BC784269765E46B36EE38D9D ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
10:58:31.0683 0x1218  LVRS64 - ok
10:58:32.0100 0x1218  [ 5747BC465ABEA2858C5D037252AED84E, 1D62E05ED1D3265FEFDD02C8653B2901B05994091F1D417632E2FBF053C5D451 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
10:58:32.0374 0x1218  LVUVC64 - ok
10:58:32.0438 0x1218  [ 6DA30C0DE0CC8525E89D612C5063CAC1, E992FE10680B4B532ECF46CDC6B423F7B2E378A3FAA8681505219F4B45D9B91C ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:58:32.0456 0x1218  Mcx2Svc - ok
10:58:32.0519 0x1218  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:58:32.0522 0x1218  megasas - ok
10:58:32.0566 0x1218  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
10:58:32.0577 0x1218  MegaSR - ok
10:58:32.0672 0x1218  Microsoft SharePoint Workspace Audit Service - ok
10:58:32.0716 0x1218  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
10:58:32.0722 0x1218  MMCSS - ok
10:58:32.0755 0x1218  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
10:58:32.0757 0x1218  Modem - ok
10:58:32.0789 0x1218  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:58:32.0791 0x1218  monitor - ok
10:58:32.0807 0x1218  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:58:32.0809 0x1218  mouclass - ok
10:58:32.0830 0x1218  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:58:32.0832 0x1218  mouhid - ok
10:58:32.0908 0x1218  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
10:58:32.0911 0x1218  MountMgr - ok
10:58:32.0944 0x1218  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
10:58:32.0948 0x1218  mpio - ok
10:58:32.0970 0x1218  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:58:32.0973 0x1218  mpsdrv - ok
10:58:33.0056 0x1218  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:58:33.0075 0x1218  MpsSvc - ok
10:58:33.0090 0x1218  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
10:58:33.0092 0x1218  Mraid35x - ok
10:58:33.0137 0x1218  [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:58:33.0141 0x1218  MRxDAV - ok
10:58:33.0196 0x1218  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:58:33.0200 0x1218  mrxsmb - ok
10:58:33.0233 0x1218  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:58:33.0240 0x1218  mrxsmb10 - ok
10:58:33.0253 0x1218  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:58:33.0257 0x1218  mrxsmb20 - ok
10:58:33.0285 0x1218  [ E7E3E515D1D33A2A372D7FCE2BBEF5D9, 65FDFA5920FF981BEE99350763CB2F589FFD5DAC723277592DB37A17FA95972D ] msahci          C:\Windows\system32\drivers\msahci.sys
10:58:33.0287 0x1218  msahci - ok
10:58:33.0338 0x1218  [ 023E10227D83B47D3B72C9FFCD323704, 462533E8E9235D59C4B4D07AB9E955C211A9A147639FB79919C0C804253D57F2 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
10:58:33.0342 0x1218  MSCamSvc - ok
10:58:33.0381 0x1218  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:58:33.0384 0x1218  msdsm - ok
10:58:33.0421 0x1218  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
10:58:33.0429 0x1218  MSDTC - ok
10:58:33.0470 0x1218  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:58:33.0472 0x1218  Msfs - ok
10:58:33.0515 0x1218  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:58:33.0516 0x1218  msisadrv - ok
10:58:33.0568 0x1218  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:58:33.0576 0x1218  MSiSCSI - ok
10:58:33.0580 0x1218  msiserver - ok
10:58:33.0619 0x1218  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:58:33.0620 0x1218  MSKSSRV - ok
10:58:33.0631 0x1218  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:58:33.0632 0x1218  MSPCLOCK - ok
10:58:33.0660 0x1218  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:58:33.0661 0x1218  MSPQM - ok
10:58:33.0705 0x1218  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:58:33.0712 0x1218  MsRPC - ok
10:58:33.0759 0x1218  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:58:33.0761 0x1218  mssmbios - ok
10:58:33.0819 0x1218  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:58:33.0821 0x1218  MSTEE - ok
10:58:33.0858 0x1218  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:58:33.0860 0x1218  Mup - ok
10:58:33.0987 0x1218  [ 4258B1AA8FAC8E96D85B699C7FDA5CA1, 9DFF433627ED5BCCB377FFE5B79A131D04E272BEA2E884FBAD53612EA928284B ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
10:58:33.0994 0x1218  N360 - ok
10:58:34.0063 0x1218  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
10:58:34.0082 0x1218  napagent - ok
10:58:34.0145 0x1218  [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:58:34.0150 0x1218  NativeWifiP - ok
10:58:34.0277 0x1218  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.040\ENG64.SYS
10:58:34.0281 0x1218  NAVENG - ok
10:58:34.0401 0x1218  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.040\EX64.SYS
10:58:34.0450 0x1218  NAVEX15 - ok
10:58:34.0517 0x1218  [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:58:34.0535 0x1218  NDIS - ok
10:58:34.0554 0x1218  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:58:34.0557 0x1218  NdisTapi - ok
10:58:34.0572 0x1218  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:58:34.0576 0x1218  Ndisuio - ok
10:58:34.0632 0x1218  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:58:34.0637 0x1218  NdisWan - ok
10:58:34.0658 0x1218  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:58:34.0660 0x1218  NDProxy - ok
10:58:34.0676 0x1218  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:58:34.0678 0x1218  NetBIOS - ok
10:58:34.0733 0x1218  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
10:58:34.0740 0x1218  netbt - ok
10:58:34.0775 0x1218  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
10:58:34.0780 0x1218  Netlogon - ok
10:58:34.0829 0x1218  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
10:58:34.0843 0x1218  Netman - ok
10:58:34.0905 0x1218  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:58:34.0909 0x1218  NetMsmqActivator - ok
10:58:34.0916 0x1218  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:58:34.0921 0x1218  NetPipeActivator - ok
10:58:34.0997 0x1218  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
10:58:35.0009 0x1218  netprofm - ok
10:58:35.0038 0x1218  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:58:35.0042 0x1218  NetTcpActivator - ok
10:58:35.0054 0x1218  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:58:35.0058 0x1218  NetTcpPortSharing - ok
10:58:35.0264 0x1218  [ 2BDCB7B7917380794C9D87AC2153CE33, F190B59DDEAE676589D197CF31942EF891CAACA3033353416BC08FEA665F01AA ] NETw5v64        C:\Windows\system32\DRIVERS\NETw5v64.sys
10:58:35.0433 0x1218  NETw5v64 - ok
10:58:35.0485 0x1218  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:58:35.0488 0x1218  nfrd960 - ok
10:58:35.0536 0x1218  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:58:35.0547 0x1218  NlaSvc - ok
10:58:35.0611 0x1218  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:58:35.0613 0x1218  Npfs - ok
10:58:35.0650 0x1218  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
10:58:35.0657 0x1218  nsi - ok
10:58:35.0686 0x1218  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:58:35.0688 0x1218  nsiproxy - ok
10:58:35.0784 0x1218  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:58:35.0826 0x1218  Ntfs - ok
10:58:35.0875 0x1218  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
10:58:35.0876 0x1218  Null - ok
10:58:35.0909 0x1218  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:58:35.0913 0x1218  nvraid - ok
10:58:35.0939 0x1218  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:58:35.0941 0x1218  nvstor - ok
10:58:35.0960 0x1218  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:58:35.0965 0x1218  nv_agp - ok
10:58:35.0969 0x1218  NwlnkFlt - ok
10:58:35.0974 0x1218  NwlnkFwd - ok
10:58:36.0015 0x1218  [ B5B1CE65AC15BBD11C0619E3EF7CFC28, E9AA27724A7576D1869FF861A498DB8AF79A7B297F10272F1D63E6CB88CD455B ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
10:58:36.0018 0x1218  ohci1394 - ok
10:58:36.0078 0x1218  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:58:36.0082 0x1218  ose - ok
10:58:36.0338 0x1218  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:58:36.0570 0x1218  osppsvc - ok
10:58:36.0753 0x1218  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
10:58:36.0784 0x1218  p2pimsvc - ok
10:58:36.0812 0x1218  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:58:36.0838 0x1218  p2psvc - ok
10:58:36.0872 0x1218  [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport         C:\Windows\system32\drivers\parport.sys
10:58:36.0876 0x1218  Parport - ok
10:58:36.0920 0x1218  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:58:36.0923 0x1218  partmgr - ok
10:58:36.0955 0x1218  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:58:36.0963 0x1218  PcaSvc - ok
10:58:37.0027 0x1218  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
10:58:37.0033 0x1218  pci - ok
10:58:37.0062 0x1218  [ 8D618C829034479985A9ED56106CC732, 9F3773A5184064092920FA2C88CCF5BFE44C63573B443E67230C4F596B7884C2 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
10:58:37.0064 0x1218  pciide - ok
10:58:37.0093 0x1218  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:58:37.0099 0x1218  pcmcia - ok
10:58:37.0146 0x1218  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:58:37.0163 0x1218  PEAUTH - ok
10:58:37.0234 0x1218  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:58:37.0242 0x1218  PerfHost - ok
10:58:37.0269 0x1218  [ 2C3BA65F8CA712730050C29104E093F9, 9F352B6380BBB5340FD5230196F129AF47E2E837E6C8B4CA3656EFB38424F25F ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
10:58:37.0271 0x1218  PGEffect - ok
10:58:37.0360 0x1218  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
10:58:37.0406 0x1218  pla - ok
10:58:37.0459 0x1218  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:58:37.0474 0x1218  PlugPlay - ok
10:58:37.0605 0x1218  [ C183B7E8C4DD96AF66D7ACE48D2D9B05, 8B9B0E4CFEA6E006999B0C6C50D9DA6A3C0FDA5AECE6E752C3AB5016637A6199 ] PnkBstrA        C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
10:58:37.0607 0x1218  PnkBstrA - ok
10:58:37.0687 0x1218  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
10:58:37.0712 0x1218  PNRPAutoReg - ok
10:58:37.0782 0x1218  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
10:58:37.0807 0x1218  PNRPsvc - ok
10:58:37.0848 0x1218  [ A6D06378F37BDBA0C0019294C2AABBD0, B213F21CE3A93BAB3082A5D6F43F73DADB68261C0F9547F6F1CE4BCCD6ADB628 ] Point64         C:\Windows\system32\DRIVERS\point64k.sys
10:58:37.0851 0x1218  Point64 - ok
10:58:37.0917 0x1218  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:58:37.0932 0x1218  PolicyAgent - ok
10:58:37.0974 0x1218  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:58:37.0978 0x1218  PptpMiniport - ok
10:58:38.0003 0x1218  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
10:58:38.0006 0x1218  Processor - ok
10:58:38.0063 0x1218  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc         C:\Windows\system32\profsvc.dll
10:58:38.0074 0x1218  ProfSvc - ok
10:58:38.0086 0x1218  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:58:38.0092 0x1218  ProtectedStorage - ok
10:58:38.0142 0x1218  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
10:58:38.0145 0x1218  PSched - ok
10:58:38.0232 0x1218  [ C8AFE59E2D1FDA67A6C5777A13082103, 4B47834CDC2DB7545BF58892B8E4D27C2067219247F4FA82EF10F44741FB0653 ] QBCFMonitorService c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:58:38.0234 0x1218  QBCFMonitorService - ok
10:58:38.0295 0x1218  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:58:38.0298 0x1218  QBFCService - ok
10:58:38.0385 0x1218  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:58:38.0419 0x1218  ql2300 - ok
10:58:38.0453 0x1218  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:58:38.0457 0x1218  ql40xx - ok
10:58:38.0507 0x1218  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
10:58:38.0520 0x1218  QWAVE - ok
10:58:38.0538 0x1218  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:58:38.0541 0x1218  QWAVEdrv - ok
10:58:38.0578 0x1218  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:58:38.0580 0x1218  RasAcd - ok
10:58:38.0606 0x1218  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
10:58:38.0616 0x1218  RasAuto - ok
10:58:38.0660 0x1218  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:58:38.0664 0x1218  Rasl2tp - ok
10:58:38.0725 0x1218  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
10:58:38.0739 0x1218  RasMan - ok
10:58:38.0777 0x1218  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:58:38.0780 0x1218  RasPppoe - ok
10:58:38.0832 0x1218  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:58:38.0835 0x1218  RasSstp - ok
10:58:39.0188 0x1218  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:58:39.0196 0x1218  rdbss - ok
10:58:39.0232 0x1218  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:58:39.0234 0x1218  RDPCDD - ok
10:58:39.0273 0x1218  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
10:58:39.0281 0x1218  rdpdr - ok
10:58:39.0303 0x1218  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:58:39.0306 0x1218  RDPENCDD - ok
10:58:39.0379 0x1218  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:58:39.0384 0x1218  RDPWD - ok
10:58:39.0495 0x1218  [ 02B918C898D017B428536AE77BCAAB25, 382D6259A6FC899052F0B95CE4B7DB75D878B248539E69FCAB16E11CB51F2F04 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:58:39.0516 0x1218  RegSrvc - ok
10:58:39.0562 0x1218  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:58:39.0570 0x1218  RemoteAccess - ok
10:58:39.0616 0x1218  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:58:39.0628 0x1218  RemoteRegistry - ok
10:58:39.0677 0x1218  [ ABF0D2EAE54A7F071A54BD2828C982CA, E697D5630E6D3B9A91E95A741D14D1C4CBF2F46114D6E04FC28D50FDE0F6AC44 ] rimspci         C:\Windows\system32\DRIVERS\rimspe64.sys
10:58:39.0680 0x1218  rimspci - ok
10:58:39.0691 0x1218  [ E8ED37D472EB5211C0A34FD63A3971E9, 10E7DAA31C6BB926521813D5979067653836C249AFE7464FCD9853B81E5A8FFF ] rixdpcie        C:\Windows\system32\DRIVERS\rixdpe64.sys
10:58:39.0694 0x1218  rixdpcie - ok
10:58:39.0717 0x1218  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
10:58:39.0722 0x1218  RpcLocator - ok
10:58:39.0784 0x1218  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
10:58:39.0808 0x1218  RpcSs - ok
10:58:39.0876 0x1218  RSELSVC - ok
10:58:39.0903 0x1218  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:58:39.0907 0x1218  rspndr - ok
10:58:39.0974 0x1218  [ C3CF92F7983477FF305BD1AFAE411152, 073EAC946A698306F59C6FE4C63CE714BF0BB1E1D91514AC53502A8640F15056 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:58:39.0980 0x1218  RTHDMIAzAudService - ok
10:58:40.0034 0x1218  [ BFEB9C99AE9AE0C635AC1DC38A2B2F1D, DE8E3143226D0E5929482200BD3FA59A3BE71B28243F53F0432DEE720A3307FC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
10:58:40.0042 0x1218  RTL8169 - ok
10:58:40.0053 0x1218  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
10:58:40.0058 0x1218  SamSs - ok
10:58:40.0105 0x1218  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:58:40.0108 0x1218  sbp2port - ok
10:58:40.0180 0x1218  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:58:40.0191 0x1218  SCardSvr - ok
10:58:40.0279 0x1218  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule        C:\Windows\system32\schedsvc.dll
10:58:40.0311 0x1218  Schedule - ok
10:58:40.0402 0x1218  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:58:40.0404 0x1218  SCPolicySvc - ok
10:58:40.0470 0x1218  [ BE100BC2BE2513314C717BB2C4CFFF10, 8D798CCB6FEA7D0B3943FEDE3AB43BB50DC4EA8D6FECBD906157BA20C63A1393 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
10:58:40.0474 0x1218  sdbus - ok
10:58:40.0509 0x1218  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:58:40.0521 0x1218  SDRSVC - ok
10:58:40.0583 0x1218  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:58:40.0585 0x1218  secdrv - ok
10:58:40.0625 0x1218  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
10:58:40.0634 0x1218  seclogon - ok
10:58:40.0672 0x1218  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\system32\sens.dll
10:58:40.0681 0x1218  SENS - ok
10:58:40.0714 0x1218  [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:58:40.0716 0x1218  Serenum - ok
10:58:40.0757 0x1218  [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial          C:\Windows\system32\drivers\serial.sys
10:58:40.0761 0x1218  Serial - ok
10:58:40.0782 0x1218  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:58:40.0785 0x1218  sermouse - ok
10:58:40.0823 0x1218  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
10:58:40.0832 0x1218  SessionEnv - ok
10:58:40.0880 0x1218  [ 3A19C899BCF0EA24CFEC2038E6A489DB, C42F568D3BC9DAA1B6DF2FEE8D6015CC223B8F2442C4C414CE682AFE33F146F4 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
10:58:40.0882 0x1218  sffdisk - ok
10:58:40.0911 0x1218  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:58:40.0913 0x1218  sffp_mmc - ok
10:58:40.0949 0x1218  [ FDCA63A2EEE528585EB66CEAC183EC22, D7990D4A402A80233DD5AFFFBDBAD4DBEEB0959B17A78B3A02EB0B530A0077AA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
10:58:40.0951 0x1218  sffp_sd - ok
10:58:40.0972 0x1218  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:58:40.0974 0x1218  sfloppy - ok
10:58:41.0026 0x1218  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:58:41.0039 0x1218  SharedAccess - ok
10:58:41.0107 0x1218  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:58:41.0121 0x1218  ShellHWDetection - ok
10:58:41.0161 0x1218  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
10:58:41.0164 0x1218  SiSRaid2 - ok
10:58:41.0205 0x1218  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:58:41.0208 0x1218  SiSRaid4 - ok
10:58:41.0352 0x1218  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
10:58:41.0462 0x1218  slsvc - ok
10:58:41.0511 0x1218  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
10:58:41.0521 0x1218  SLUINotify - ok
10:58:41.0565 0x1218  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:58:41.0569 0x1218  Smb - ok
10:58:41.0612 0x1218  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:58:41.0620 0x1218  SNMPTRAP - ok
10:58:41.0673 0x1218  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:58:41.0676 0x1218  spldr - ok
10:58:41.0731 0x1218  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
10:58:41.0746 0x1218  Spooler - ok
10:58:41.0799 0x1218  [ D6AB7C13FCDD2E4CAC35244D2C172D9A, 64A66368F5336B7A5879D083C2FE57DFD384410ADCC18004F327A4004A4F4300 ] sptd            C:\Windows\System32\Drivers\sptd.sys
10:58:41.0812 0x1218  sptd - ok
10:58:41.0999 0x1218  [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP           C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS
10:58:42.0023 0x1218  SRTSP - ok
10:58:42.0057 0x1218  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
10:58:42.0059 0x1218  SRTSPX - ok
10:58:42.0139 0x1218  [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:58:42.0151 0x1218  srv - ok
10:58:42.0190 0x1218  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:58:42.0195 0x1218  srv2 - ok
10:58:42.0233 0x1218  [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:58:42.0237 0x1218  srvnet - ok
10:58:42.0279 0x1218  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:58:42.0291 0x1218  SSDPSRV - ok
10:58:42.0308 0x1218  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:58:42.0320 0x1218  SstpSvc - ok
10:58:42.0353 0x1218  Steam Client Service - ok
10:58:42.0381 0x1218  [ 14B4DB4381E4A55F570D8BB699B791D6, 14975F249C59F9D13359FF064433246C46A8A3328ED69A23712649ACAAE9121D ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:58:42.0383 0x1218  StillCam - ok
10:58:42.0444 0x1218  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc          C:\Windows\System32\wiaservc.dll
10:58:42.0466 0x1218  stisvc - ok
10:58:42.0521 0x1218  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:58:42.0523 0x1218  swenum - ok
10:58:42.0582 0x1218  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
10:58:42.0603 0x1218  swprv - ok
10:58:42.0656 0x1218  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
10:58:42.0659 0x1218  Symc8xx - ok
10:58:42.0728 0x1218  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
10:58:42.0739 0x1218  SymDS - ok
10:58:42.0820 0x1218  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
10:58:42.0852 0x1218  SymEFA - ok
10:58:42.0922 0x1218  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:58:42.0927 0x1218  SymEvent - ok
10:58:42.0931 0x1218  SYMFW - ok
10:58:43.0000 0x1218  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS
10:58:43.0006 0x1218  SymIRON - ok
10:58:43.0015 0x1218  SYMNDISV - ok
10:58:43.0061 0x1218  [ 018D1F8343C301B4AF9DD042D2FFBCC8, 5DE8FADCBFA91B018DFA1E9B55CC84F70539791E1EDABB06301569EE92AFD970 ] SYMTDIv         C:\Windows\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS
10:58:43.0073 0x1218  SYMTDIv - ok
10:58:43.0147 0x1218  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
10:58:43.0149 0x1218  Sym_hi - ok
10:58:43.0175 0x1218  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
10:58:43.0177 0x1218  Sym_u3 - ok
10:58:43.0230 0x1218  [ 6DE6D25CC1D1CB694A1CC3E4604DB644, 6D508EE53C272749310E5CBE4601C0886346F2403F75FD99DCA7A863037D4256 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:58:43.0237 0x1218  SynTP - ok
10:58:43.0314 0x1218  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
10:58:43.0346 0x1218  SysMain - ok
10:58:43.0384 0x1218  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
10:58:43.0394 0x1218  TabletInputService - ok
10:58:43.0449 0x1218  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:58:43.0464 0x1218  TapiSrv - ok
10:58:43.0495 0x1218  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
10:58:43.0505 0x1218  TBS - ok
10:58:43.0594 0x1218  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:58:43.0634 0x1218  Tcpip - ok
10:58:43.0714 0x1218  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
10:58:43.0747 0x1218  Tcpip6 - ok
10:58:43.0807 0x1218  [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:58:43.0810 0x1218  tcpipreg - ok
10:58:43.0833 0x1218  [ D45586A9FACB2C9708B10E491EF748A6, 04F6A9D8B89DC8C2FAA77D415ACB12C51AA7FF65A2C9F209088232E447878B9C ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
10:58:43.0836 0x1218  tdcmdpst - ok
10:58:43.0896 0x1218  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:58:43.0898 0x1218  TDPIPE - ok
10:58:43.0931 0x1218  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:58:43.0933 0x1218  TDTCP - ok
10:58:43.0978 0x1218  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:58:43.0982 0x1218  tdx - ok
10:58:44.0004 0x1218  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:58:44.0007 0x1218  TermDD - ok
10:58:44.0073 0x1218  [ 5A67A1108E347FCA6A64B74FFB108BDE, F9EC8932366FF4101C6F059567DDF099D895C90567C3E770DDDC71562434A821 ] TermService     C:\Windows\System32\termsrv.dll
10:58:44.0093 0x1218  TermService - ok
10:58:44.0118 0x1218  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
10:58:44.0132 0x1218  Themes - ok
10:58:44.0176 0x1218  [ E29A0C5C97615BFFAB138ABE308733B4, A126E3AC2406A2F627F998E7392B3755280F5DF163098B16DF42531E8B7A573D ] Thpdrv          C:\Windows\system32\DRIVERS\thpdrv.sys
10:58:44.0178 0x1218  Thpdrv - ok
10:58:44.0221 0x1218  [ D6704940A79831B4FA271D7A73D291D8, 9F6088AE2E4F4058D4414C32ACC2E3D9707BA90587B8611F4416DDDCD1717762 ] Thpevm          C:\Windows\system32\DRIVERS\Thpevm.SYS
10:58:44.0223 0x1218  Thpevm - ok
10:58:44.0266 0x1218  [ 8F0D1A0C9C25CC61E193C0C22422A9EA, 72B0C3EDA923C060015C20858552272566E33C51CFC1A1382BA7A6516B277266 ] Thpsrv          C:\Windows\system32\ThpSrv.exe
10:58:44.0286 0x1218  Thpsrv - ok
10:58:44.0316 0x1218  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:58:44.0322 0x1218  THREADORDER - ok
10:58:44.0409 0x1218  [ FB8448D1B0DA00D70C28ADF9282B31BB, 7342DE5FBCFE6D1B0E916030176A485E8BFD65CD52640807082294D146697DDC ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:58:44.0411 0x1218  TMachInfo - ok
10:58:44.0501 0x1218  [ E4D1BFEEE3A2526D9A986C314A4A4D52, DB1B617D7CA3E7FF4F72C296BD640251A1B0885FA2243E1E68A1A0655B8026A7 ] tmpreflt        C:\PROGRA~2\AVANQU~1\Fix-It\tmpreflt.sys
10:58:44.0503 0x1218  tmpreflt - ok
10:58:44.0540 0x1218  [ D975CE5AB8D80F785938FE2FCC374B0A, 35F2E0ABCB7D52D9DC63A3E357327B73EB2B0EBD945444AF2517916A3DAAFCBF ] tmxpflt         C:\PROGRA~2\AVANQU~1\Fix-It\tmxpflt.sys
10:58:44.0546 0x1218  tmxpflt - ok
10:58:44.0602 0x1218  [ 22BC804EFE155F54252F389B0781D7F2, 10E88C4E4CF3170DDD9D778FFBB4FC04C4D0FBC8E7781D4CD79B600564E4022C ] TNaviSrv        C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
10:58:44.0612 0x1218  TNaviSrv - ok
10:58:44.0656 0x1218  [ 19AF3434564E973BC232BBD629EC2BF6, 1791B3221F83E7E77A773F9635F1D304E06DCAAD5366292A227A2A453A9B196B ] TODDSrv         C:\Windows\system32\TODDSrv.exe
10:58:44.0668 0x1218  TODDSrv - ok
10:58:44.0751 0x1218  [ 7810E3A97E004CD2641FD3FC5D2A62CD, 38E5541C48FC2FD826F51268AED15FE1A4F5E075A4767CD7978DE5ED31109E76 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:58:44.0762 0x1218  TosCoSrv - ok
10:58:44.0833 0x1218  [ 947B552AF9371BB52AB1E8C184D1A3D0, 42C3482F03B3DB1C88427C0BB928E79C0637612C8B64C70961B97BD1ED84BD5F ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
10:58:44.0839 0x1218  TOSHIBA eco Utility Service - ok
10:58:44.0891 0x1218  [ B67C69E2982769355D9FF76DD3B2A0FD, 2EA039FF19648D2F6163ECE88A751B2889DD293F59BA254C59D2F21D4EE81EED ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:58:44.0894 0x1218  TOSHIBA HDD SSD Alert Service - ok
10:58:44.0968 0x1218  [ DD50A5DF5F7B29FDB6B5FEA728C43DC3, 93D91A0821D6255DCCBF0466DB7B040801D15FACDE7AD053173E6E4999C61826 ] tos_sps64       C:\Windows\system32\DRIVERS\tos_sps64.sys
10:58:44.0980 0x1218  tos_sps64 - ok
10:58:45.0060 0x1218  [ 66C4503D050DBACAFC5B38FE54EDD86F, 7C00ADE6E9F2A312B94AEF5F13BDBC4F972B88FB78543EACADB77A07AAED096E ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
10:58:45.0082 0x1218  TPCHSrv - ok
10:58:45.0128 0x1218  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
10:58:45.0139 0x1218  TrkWks - ok
10:58:45.0229 0x1218  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:58:45.0230 0x1218  TrustedInstaller - ok
10:58:45.0275 0x1218  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:58:45.0277 0x1218  tssecsrv - ok
10:58:45.0303 0x1218  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
10:58:45.0305 0x1218  tunmp - ok
10:58:45.0341 0x1218  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:58:45.0343 0x1218  tunnel - ok
10:58:45.0395 0x1218  [ 9A744CC3D804EC38A6C2C65BC3C6FCD8, 28CDF1A8614444F4A7249FB7189B423579CA91D1373138CD3E6C048CE6D2799F ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
10:58:45.0398 0x1218  TVALZ - ok
10:58:45.0444 0x1218  [ BE32A8658A0B56474AD4D0BB8AFA8E55, EAF696605FCB7322AEE6EDF6D769DA088D2EF1205C3A206D296AB33F2C8AEF8A ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
10:58:45.0446 0x1218  TVALZFL - ok
10:58:45.0491 0x1218  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:58:45.0494 0x1218  uagp35 - ok
10:58:45.0588 0x1218  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:58:45.0596 0x1218  udfs - ok
10:58:45.0653 0x1218  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:58:45.0663 0x1218  UI0Detect - ok
10:58:45.0706 0x1218  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:58:45.0709 0x1218  uliagpkx - ok
10:58:45.0764 0x1218  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
10:58:45.0772 0x1218  uliahci - ok
10:58:45.0797 0x1218  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
10:58:45.0802 0x1218  UlSata - ok
10:58:45.0856 0x1218  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
10:58:45.0861 0x1218  ulsata2 - ok
10:58:45.0922 0x1218  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:58:45.0924 0x1218  umbus - ok
10:58:45.0940 0x1218  [ 01ABE05C401E70795B43A8933B44831E, FF41E2C37F2629C7D18ED448D5217076EB9A5D038D6EC026FC54E3EB41FDAC86 ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
10:58:45.0942 0x1218  UMPass - ok
10:58:45.0986 0x1218  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
10:58:46.0002 0x1218  upnphost - ok
10:58:46.0085 0x1218  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:58:46.0088 0x1218  USBAAPL64 - ok
10:58:46.0133 0x1218  [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:58:46.0137 0x1218  usbaudio - ok
10:58:46.0200 0x1218  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:58:46.0204 0x1218  usbccgp - ok
10:58:46.0253 0x1218  [ F8E1CB9B8DA037219953190CD2ACA358, 8722EBCCFF120BC8275993D4B6267AD8FFBA1549EA1AD4AA86C496A54351998E ] USBCCID         C:\Windows\system32\DRIVERS\usbccid.sys
10:58:46.0255 0x1218  USBCCID - ok
10:58:46.0288 0x1218  [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:58:46.0291 0x1218  usbcir - ok
10:58:46.0325 0x1218  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:58:46.0327 0x1218  usbehci - ok
10:58:46.0401 0x1218  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:58:46.0408 0x1218  usbhub - ok
10:58:46.0460 0x1218  [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:58:46.0462 0x1218  usbohci - ok
10:58:46.0505 0x1218  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:58:46.0508 0x1218  usbprint - ok
10:58:46.0542 0x1218  [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:58:46.0546 0x1218  USBSTOR - ok
10:58:46.0570 0x1218  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:58:46.0573 0x1218  usbuhci - ok
10:58:46.0623 0x1218  [ BF7A051DCCBA57C95541135B29CE0FB4, F3570ED5B57CB64A8222164038D53D1C2009013C50CFDE2E6105E8D4F642FEA6 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:58:46.0628 0x1218  usbvideo - ok
10:58:46.0679 0x1218  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
10:58:46.0689 0x1218  UxSms - ok
10:58:46.0748 0x1218  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
10:58:46.0767 0x1218  vds - ok
10:58:46.0829 0x1218  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:58:46.0831 0x1218  vga - ok
10:58:46.0866 0x1218  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:58:46.0868 0x1218  VgaSave - ok
10:58:46.0886 0x1218  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
10:58:46.0890 0x1218  viaide - ok
10:58:46.0912 0x1218  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:58:46.0915 0x1218  volmgr - ok
10:58:46.0967 0x1218  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:58:46.0977 0x1218  volmgrx - ok
10:58:47.0040 0x1218  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:58:47.0047 0x1218  volsnap - ok
10:58:47.0140 0x1218  [ 4E1EA031D3AB080B7007F13FD6F1F291, 3EF28A86DB96AAE58466D7D6718648BC7903A73C0E0F6304EF4C0D65166DD77A ] Vsapint         C:\PROGRA~2\AVANQU~1\Fix-It\Vsapint.sys
10:58:47.0170 0x1218  Vsapint - ok
10:58:47.0204 0x1218  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:58:47.0209 0x1218  vsmraid - ok
10:58:47.0295 0x1218  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
10:58:47.0343 0x1218  VSS - ok
10:58:47.0456 0x1218  [ ABE39E9AD4DCB46C6CEDC8F11C4BCE8F, 8A87CF3FEF43965FBA39DB5EF999E25D2363876C2C5B435CA5EF998D31D6BE75 ] VX3000          C:\Windows\system32\DRIVERS\VX3000.sys
10:58:47.0504 0x1218  VX3000 - ok
10:58:47.0563 0x1218  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
10:58:47.0581 0x1218  W32Time - ok
10:58:47.0621 0x1218  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:58:47.0624 0x1218  WacomPen - ok
10:58:47.0687 0x1218  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
10:58:47.0691 0x1218  Wanarp - ok
10:58:47.0700 0x1218  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:58:47.0704 0x1218  Wanarpv6 - ok
10:58:47.0795 0x1218  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:58:47.0816 0x1218  wcncsvc - ok
10:58:47.0854 0x1218  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:58:47.0864 0x1218  WcsPlugInService - ok
10:58:47.0900 0x1218  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
10:58:47.0902 0x1218  Wd - ok
10:58:47.0972 0x1218  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:58:47.0994 0x1218  Wdf01000 - ok
10:58:48.0026 0x1218  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:58:48.0037 0x1218  WdiServiceHost - ok
10:58:48.0045 0x1218  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:58:48.0056 0x1218  WdiSystemHost - ok
10:58:48.0094 0x1218  [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient       C:\Windows\System32\webclnt.dll
10:58:48.0108 0x1218  WebClient - ok
10:58:48.0158 0x1218  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:58:48.0173 0x1218  Wecsvc - ok
10:58:48.0202 0x1218  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:58:48.0213 0x1218  wercplsupport - ok
10:58:48.0248 0x1218  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:58:48.0260 0x1218  WerSvc - ok
10:58:48.0316 0x1218  [ B5C348B265178FB9EE55ADDB3929485D, 17DEC543FC483A7EE8432E09579DA68CEEDA0FDD86DBC5A6A20277FE9143EDB5 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:58:48.0334 0x1218  winachsf - ok
10:58:48.0355 0x1218  WinDefend - ok
10:58:48.0454 0x1218  [ 84D7AF0A5B2E5AC36941E5A9F33C1850, 6FD9245CD1954D0DAB30D239B86EB975E9BDE814BFC05DF0A9E8FC02E1D7D6C5 ] WinFLdrv        C:\Windows\syswow64\WinFLdrv.sys
10:58:48.0464 0x1218  WinFLdrv - ok
10:58:48.0467 0x1218  WinHttpAutoProxySvc - ok
10:58:48.0541 0x1218  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:58:48.0549 0x1218  Winmgmt - ok
10:58:48.0657 0x1218  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
10:58:48.0726 0x1218  WinRM - ok
10:58:48.0788 0x1218  [ 8938DA7B728AD4987DF3E5C0FE22A24E, B9B046CF0D1BCDE502C132F808EC1A3FF14A58EE7721BDF62A254285F9BD9111 ] WinVd32         C:\Windows\WinVd32.sys
10:58:48.0806 0x1218  WinVd32 - ok
10:58:48.0881 0x1218  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:58:48.0905 0x1218  Wlansvc - ok
10:58:49.0058 0x1218  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:58:49.0123 0x1218  wlidsvc - ok
10:58:49.0169 0x1218  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:58:49.0172 0x1218  WmiAcpi - ok
10:58:49.0226 0x1218  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:58:49.0233 0x1218  wmiApSrv - ok
10:58:49.0274 0x1218  WMPNetworkSvc - ok
10:58:49.0298 0x1218  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:58:49.0312 0x1218  WPCSvc - ok
10:58:49.0364 0x1218  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:58:49.0376 0x1218  WPDBusEnum - ok
10:58:49.0418 0x1218  [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
10:58:49.0422 0x1218  WpdUsb - ok
10:58:49.0585 0x1218  [ A2BFEDF5D926CBED9C5F7BC46169A99C, 4F336C0D1DFBCDF9583F528331300FD377AE6565E0C70D58CD9E6ACE95B7273F ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:58:49.0631 0x1218  WPFFontCache_v0400 - ok
10:58:49.0671 0x1218  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:58:49.0673 0x1218  ws2ifsl - ok
10:58:49.0718 0x1218  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc          C:\Windows\system32\wscsvc.dll
10:58:49.0730 0x1218  wscsvc - ok
10:58:49.0767 0x1218  [ DE5F5212AB34221DD1618B5FEFE8DB6C, D07CBEE66F7A42EBE68212A01BDCC32EDF1810841F1BD77AE7950B1AD6DAB5DB ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
10:58:49.0770 0x1218  WSDPrintDevice - ok
10:58:49.0774 0x1218  WSearch - ok
10:58:49.0901 0x1218  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:58:49.0976 0x1218  wuauserv - ok
10:58:50.0038 0x1218  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:58:50.0041 0x1218  WudfPf - ok
10:58:50.0062 0x1218  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:58:50.0068 0x1218  WUDFRd - ok
10:58:50.0075 0x1218  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:58:50.0087 0x1218  wudfsvc - ok
10:58:50.0095 0x1218  ================ Scan global ===============================
10:58:50.0161 0x1218  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
10:58:50.0222 0x1218  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
10:58:50.0257 0x1218  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
10:58:50.0404 0x1218  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
10:58:50.0424 0x1218  [ Global ] - ok
10:58:50.0425 0x1218  ================ Scan MBR ==================================
10:58:50.0509 0x1218  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
10:58:51.0110 0x1218  \Device\Harddisk0\DR0 - ok
10:58:51.0111 0x1218  ================ Scan VBR ==================================
10:58:51.0167 0x1218  [ 2EB2E07F6BD0F81AC27E7E0F5C694158 ] \Device\Harddisk0\DR0\Partition1
10:58:51.0200 0x1218  \Device\Harddisk0\DR0\Partition1 - ok
10:58:51.0201 0x1218  ================ Scan generic autorun ======================
10:58:51.0499 0x1218  [ CB0FB2E65CB638BAF292DCC48F1C5050, BCE8C6190F80294C2633F72D980BFA19190AFBD78BEBD4C2EE493A1E0261434C ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:58:51.0745 0x1218  RtHDVCpl - ok
10:58:51.0828 0x1218  [ A96AE077EC13666EA2D111246E39694C, 369BD168C9B170D2C7467AC5536149C49EEB0452FA000C7D0D820630958DD308 ] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
10:58:51.0876 0x1218  Skytel - ok
10:58:52.0041 0x1218  [ 67BD916F01424DEB8AB8CD9E0096F277, D1E4A7BA332DA229138E89E5C4550A58ADD896B85728DF6BA33F1DE57D586E77 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
10:58:52.0044 0x1218  BCSSync - ok
10:58:52.0419 0x1218  [ 59D3CE1A7768DB32D36D05EF9BB65DD8, 569211E58593C27172CAAE82BA11A332767745B9B472E713B008D0A901F82F50 ] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
10:58:52.0506 0x1218  Intuit SyncManager - ok
10:58:52.0605 0x1218  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10:58:52.0611 0x1218  SunJavaUpdateSched - ok
10:58:52.0728 0x1218  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
10:58:52.0730 0x1218  APSDaemon - ok
10:58:52.0904 0x1218  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
10:58:52.0908 0x1218  iTunesHelper - ok
10:58:53.0085 0x1218  [ 2D2FDDED6341754A443A6A5F7066D8C2, 8356641B07E165A4835F6F21E05181F262F93DD2595142F8440F15428A39EF86 ] C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
10:58:53.0128 0x1218  THGuard - ok
10:58:53.0324 0x1218  [ AFE3883FB37A5567C913E7DFCF2924A5, 3CA38EE302E0FF343DB87AE90DA868DCE5B7B490C2AA32164AF8DD4773482265 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
10:58:53.0452 0x1218  DAEMON Tools Lite - ok
10:58:53.0531 0x1218  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
10:58:53.0532 0x1218  swg - ok
10:58:53.0537 0x1218  Waiting for KSN requests completion. In queue: 66
10:58:54.0537 0x1218  Waiting for KSN requests completion. In queue: 66
10:58:55.0537 0x1218  Waiting for KSN requests completion. In queue: 66
10:58:56.0599 0x1218  AV detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51000 ( enabled : updated )
10:58:56.0602 0x1218  FW detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51010 ( enabled )
10:58:59.0122 0x1218  ============================================================
10:58:59.0122 0x1218  Scan finished
10:58:59.0122 0x1218  ============================================================
10:58:59.0131 0x0ed8  Detected object count: 0
10:58:59.0131 0x0ed8  Actual detected object count: 0



#7 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 16 January 2015 - 12:57 AM

Computer did an automatic reboot and still slow..

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 17 January 2015 - 06:16 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 18 January 2015 - 04:13 PM

ComboFix 15-01-08.01 - AWIRUTH 01/18/2015  13:22:13.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4093.1578 [GMT -5:00]
Running from: c:\users\AWIRUTH\Downloads\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-18 to 2015-01-18  )))))))))))))))))))))))))))))))
.
.
2015-01-18 19:55 . 2015-01-18 19:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-15 08:48 . 2014-12-19 00:26	139776	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-15 08:47 . 2014-12-06 03:14	48640	----a-w-	c:\windows\SysWow64\nlaapi.dll
2015-01-15 08:47 . 2014-12-06 03:14	93184	----a-w-	c:\windows\SysWow64\ncsi.dll
2015-01-15 08:47 . 2014-12-06 02:54	61440	----a-w-	c:\windows\system32\nlaapi.dll
2015-01-15 08:47 . 2014-12-06 02:54	205824	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-15 08:27 . 2014-12-06 02:54	178688	----a-w-	c:\windows\system32\profsvc.dll
2015-01-14 14:42 . 2015-01-14 15:04	--------	d-----w-	C:\FRST
2015-01-14 02:43 . 2015-01-18 19:58	--------	d-----w-	c:\users\AWIRUTH\AppData\Local\temp
2015-01-13 22:49 . 2015-01-13 22:49	--------	d-----w-	c:\program files\HitmanPro
2015-01-13 22:48 . 2015-01-13 23:20	--------	d-----w-	c:\programdata\HitmanPro
2015-01-09 21:27 . 2015-01-09 21:27	--------	d-----w-	c:\users\AWIRUTH\AppData\Roaming\TrojanHunter
2015-01-08 17:21 . 2015-01-08 17:22	--------	d-----w-	c:\programdata\TrojanHunter
2015-01-08 17:21 . 2015-01-13 21:26	--------	d-----w-	c:\program files (x86)\TrojanHunter 5.6
2015-01-08 15:15 . 2015-01-08 17:33	--------	d-----w-	C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-15 08:20 . 2006-11-02 12:35	113365784	----a-w-	c:\windows\system32\mrt.exe
2014-12-03 02:06 . 2014-12-10 08:04	278528	----a-w-	c:\windows\SysWow64\schannel.dll
2014-12-03 01:51 . 2014-12-10 08:04	347136	----a-w-	c:\windows\system32\schannel.dll
2014-11-24 22:12 . 2014-12-10 01:53	17874432	----a-w-	c:\windows\system32\mshtml.dll
2014-11-24 21:59 . 2014-12-10 01:53	448512	----a-w-	c:\windows\system32\html.iec
2014-11-24 21:54 . 2014-12-10 01:53	10921984	----a-w-	c:\windows\system32\ieframe.dll
2014-11-24 21:53 . 2014-12-10 01:53	2339840	----a-w-	c:\windows\system32\jscript9.dll
2014-11-24 21:47 . 2014-12-10 01:53	1388032	----a-w-	c:\windows\system32\urlmon.dll
2014-11-24 21:47 . 2014-12-10 01:53	1392128	----a-w-	c:\windows\system32\wininet.dll
2014-11-24 21:45 . 2014-12-10 01:53	1494016	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-24 21:45 . 2014-12-10 01:53	237056	----a-w-	c:\windows\system32\url.dll
2014-11-24 21:45 . 2014-12-10 01:53	86016	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-24 21:44 . 2014-12-10 01:53	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2014-11-24 21:44 . 2014-12-10 01:53	599040	----a-w-	c:\windows\system32\vbscript.dll
2014-11-24 21:44 . 2014-12-10 01:53	2157056	----a-w-	c:\windows\system32\iertutil.dll
2014-11-24 21:44 . 2014-12-10 01:53	816640	----a-w-	c:\windows\system32\jscript.dll
2014-11-24 21:44 . 2014-12-10 01:53	729088	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-24 21:44 . 2014-12-10 01:53	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-24 21:44 . 2014-12-10 01:53	282112	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-24 21:44 . 2014-12-10 01:53	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-11-24 21:44 . 2014-12-10 01:53	11264	----a-w-	c:\windows\system32\msfeedssync.exe
2014-11-24 21:43 . 2014-12-10 01:53	96768	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-24 21:43 . 2014-12-10 01:53	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-24 21:43 . 2014-12-10 01:53	12800	----a-w-	c:\windows\system32\mshta.exe
2014-11-24 21:42 . 2014-12-10 01:53	248320	----a-w-	c:\windows\system32\ieui.dll
2014-11-24 20:44 . 2014-12-10 01:53	367104	----a-w-	c:\windows\SysWow64\html.iec
2014-11-24 20:40 . 2014-12-10 01:53	1810944	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-24 20:35 . 2014-12-10 01:53	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-24 20:34 . 2014-12-10 01:53	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-24 20:33 . 2014-12-10 01:53	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-11-24 20:33 . 2014-12-10 01:53	421376	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-24 20:32 . 2014-12-10 01:53	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2014-11-24 20:32 . 2014-12-10 01:53	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-07 01:33 . 2014-12-10 08:06	974848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-07 01:28 . 2014-12-10 08:06	1209856	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-04 00:35 . 2014-12-10 08:07	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-04 00:19 . 2014-12-10 08:07	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-10-24 01:04 . 2014-11-12 08:02	67072	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-24 01:03 . 2014-11-19 08:01	499200	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-10-24 00:39 . 2014-11-12 08:02	77312	----a-w-	c:\windows\system32\packager.dll
2014-10-24 00:39 . 2014-11-19 08:01	656384	----a-w-	c:\windows\system32\kerberos.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-17 39408]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"THGuard"="c:\program files (x86)\TrojanHunter 5.6\THGuard.exe" [2014-08-20 1082832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-16 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-16 13:57	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 06:03]
.
2015-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-22 03:45]
.
2015-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-22 03:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-13 7220768]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-13 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} - hxxps://skyfex.com/download/SkyFexClient.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761} - c:\program files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe
AddRemove-InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A} - c:\program files (x86)\InstallShield Installation Information\{50F68032-B5B7-4513-9116-C978DBD8F27A}\setup.exe
AddRemove-InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF} - c:\program files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe
AddRemove-InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23} - c:\program files (x86)\InstallShield Installation Information\{83892653-9EB8-4192-803E-D987A85CDD23}\setup.exe
AddRemove-InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC} - c:\program files (x86)\InstallShield Installation Information\{89F7D66C-777D-473B-AA11-319C0F190EAC}\setup.exe
AddRemove-InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E} - c:\program files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe
AddRemove-InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38} - c:\program files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe
AddRemove-InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81} - c:\program files (x86)\InstallShield Installation Information\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}\setup.exe
AddRemove-InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F} - c:\program files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe
AddRemove-{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE} - c:\program files (x86)\InstallShield Installation Information\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}\setup.exe
AddRemove-{0A02D347-5E53-48A5-BC49-1469393103FA} - c:\program files (x86)\InstallShield Installation Information\{0A02D347-5E53-48A5-BC49-1469393103FA}\Setup.exe
AddRemove-{166FCF01-AC98-4288-A01C-90BEB808C059} - c:\program files (x86)\InstallShield Installation Information\{166FCF01-AC98-4288-A01C-90BEB808C059}\setup.exe
AddRemove-{1B87C40B-A60B-4EF3-9A68-706CF4B69978} - c:\program files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe
AddRemove-{21526716-DFD8-4B90-86D9-EF9F47057B3E} - c:\program files (x86)\InstallShield Installation Information\{21526716-DFD8-4B90-86D9-EF9F47057B3E}\setup.exe
AddRemove-{224821ED-CADA-4A8A-AC8D-3734CC0F0931} - c:\program files (x86)\InstallShield Installation Information\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}\setup.exe
AddRemove-{2637C347-9DAD-11D6-9EA2-00055D0CA761} - c:\program files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe
AddRemove-{5E6F6CF3-BACC-4144-868C-E14622C658F3} - c:\program files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe
AddRemove-{6C5F3BDC-0A1B-4436-A696-5939629D5C31} - c:\program files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
AddRemove-{AC6569FA-6919-442A-8552-073BE69E247A} - c:\program files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
AddRemove-{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F} - c:\program files (x86)\InstallShield Installation Information\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2015-01-18  15:27:11
ComboFix-quarantined-files.txt  2015-01-18 20:27
ComboFix2.txt  2015-01-14 02:43
.
Pre-Run: 223,088,340,992 bytes free
Post-Run: 221,946,384,384 bytes free
.
- - End Of File - - 1452DD32815A2303976EEDFE0A6080CE
5B5E648D12FCADC244C1EC30318E1EB9



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 19 January 2015 - 06:04 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 21 January 2015 - 09:36 AM

Interesting I run the gamer.exe and laptop runs smooth but after reboot it's back to slow. I am now doing the check disc and yes it's taking a long time in fact I got a black screen for more than & hours and had to reboot and start over.

#12 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 24 January 2015 - 08:42 PM

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          1/21/2015 10:49:09 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      AWIRUTH-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is TI100343V0F.


A disk check has been scheduled.
Windows will now check the disk.                         
  333568 file records processed.                                  

  1756 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  58 reparse records processed.                               

  434830 index entries processed.                                 

  0 unindexed files processed.                               

  333568 security descriptors processed.                          

Cleaning up 5878 unused index entries from index $SII of file 0x9.
Cleaning up 5878 unused index entries from index $SDH of file 0x9.
Cleaning up 5878 unused security descriptors.
  50632 data files processed.                                    

CHKDSK is verifying Usn Journal...
  37391144 USN bytes processed.                                     

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 476109823 KB total disk space.
 250484660 KB in 260311 files.
    136304 KB in 50633 indexes.
         0 KB in bad sectors.
    461843 KB in use by the system.
     65536 KB occupied by the log file.
 225027016 KB available on disk.

      4096 bytes in each allocation unit.
 119027455 total allocation units on disk.
  56256754 allocation units available on disk.

Internal Info:
00 17 05 00 ab be 04 00 33 0b 08 00 00 00 00 00  ........3.......
d7 1a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
90 c7 da 77 00 00 00 00 50 23 e8 ff 00 00 00 00  ...w....P#......

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-21T15:49:09.000Z" />
    <EventRecordID>155003</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>AWIRUTH-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is TI100343V0F.


A disk check has been scheduled.
Windows will now check the disk.                         
  333568 file records processed.                                  

  1756 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  58 reparse records processed.                               

  434830 index entries processed.                                 

  0 unindexed files processed.                               

  333568 security descriptors processed.                          

Cleaning up 5878 unused index entries from index $SII of file 0x9.
Cleaning up 5878 unused index entries from index $SDH of file 0x9.
Cleaning up 5878 unused security descriptors.
  50632 data files processed.                                    

CHKDSK is verifying Usn Journal...
  37391144 USN bytes processed.                                     

Usn Journal verification completed.
Windows has checked the file system and found no problems.

 476109823 KB total disk space.
 250484660 KB in 260311 files.
    136304 KB in 50633 indexes.
         0 KB in bad sectors.
    461843 KB in use by the system.
     65536 KB occupied by the log file.
 225027016 KB available on disk.

      4096 bytes in each allocation unit.
 119027455 total allocation units on disk.
  56256754 allocation units available on disk.

Internal Info:
00 17 05 00 ab be 04 00 33 0b 08 00 00 00 00 00  ........3.......
d7 1a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
90 c7 da 77 00 00 00 00 50 23 e8 ff 00 00 00 00  ...w....P#......

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#13 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 24 January 2015 - 08:46 PM

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          1/24/2015 11:20:57 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      AWIRUTH-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is TI100343V0F.

A disk check has been scheduled.
Windows will now check the disk.                         
  333568 file records processed.                                  

  1762 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  61 reparse records processed.                               

  435006 index entries processed.                                 

  0 unindexed files processed.                               

  333568 security descriptors processed.                          

Cleaning up 18 unused index entries from index $SII of file 0x9.
Cleaning up 18 unused index entries from index $SDH of file 0x9.
Cleaning up 18 unused security descriptors.
  50720 data files processed.                                    

CHKDSK is verifying Usn Journal...
  34973608 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  333552 files processed.                                         

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  56175834 free clusters processed.                                 

Free space verification is complete.
Windows has checked the file system and found no problems.

 476109823 KB total disk space.
 250810888 KB in 260253 files.
    136312 KB in 50721 indexes.
         0 KB in bad sectors.
    459287 KB in use by the system.
     65536 KB occupied by the log file.
 224703336 KB available on disk.

      4096 bytes in each allocation unit.
 119027455 total allocation units on disk.
  56175834 allocation units available on disk.

Internal Info:
00 17 05 00 c9 be 04 00 ba 0b 08 00 00 00 00 00  ................
d7 1a 00 00 3d 00 00 00 00 00 00 00 00 00 00 00  ....=...........
90 c7 23 77 00 00 00 00 50 23 b9 ff 00 00 00 00  ..#w....P#......

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-24T16:20:57.000Z" />
    <EventRecordID>155109</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>AWIRUTH-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is TI100343V0F.

A disk check has been scheduled.
Windows will now check the disk.                         
  333568 file records processed.                                  

  1762 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  61 reparse records processed.                               

  435006 index entries processed.                                 

  0 unindexed files processed.                               

  333568 security descriptors processed.                          

Cleaning up 18 unused index entries from index $SII of file 0x9.
Cleaning up 18 unused index entries from index $SDH of file 0x9.
Cleaning up 18 unused security descriptors.
  50720 data files processed.                                    

CHKDSK is verifying Usn Journal...
  34973608 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  333552 files processed.                                         

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  56175834 free clusters processed.                                 

Free space verification is complete.
Windows has checked the file system and found no problems.

 476109823 KB total disk space.
 250810888 KB in 260253 files.
    136312 KB in 50721 indexes.
         0 KB in bad sectors.
    459287 KB in use by the system.
     65536 KB occupied by the log file.
 224703336 KB available on disk.

      4096 bytes in each allocation unit.
 119027455 total allocation units on disk.
  56175834 allocation units available on disk.

Internal Info:
00 17 05 00 c9 be 04 00 ba 0b 08 00 00 00 00 00  ................
d7 1a 00 00 3d 00 00 00 00 00 00 00 00 00 00 00  ....=...........
90 c7 23 77 00 00 00 00 50 23 b9 ff 00 00 00 00  ..#w....P#......

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#14 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 24 January 2015 - 08:48 PM

ok very interesting thing I found.. if i put a memory card from my camera in the slot, I have no slow computer... if i pull it, I have a slow computer.. do I need more ram? I am so sorry for the troubles.. and thanks so much for your time in helping me. ! 



#15 t.wiruth

t.wiruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 24 January 2015 - 11:10 PM

cmd scan says windows resource protection found corrupt files but was unable to fix some of them. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users