Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe (netsvcs) high cpu


  • This topic is locked This topic is locked
14 replies to this topic

#1 cbeau37

cbeau37

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 07 June 2016 - 07:21 AM

Hi,

I'm having high CPU usage from svchost.exe (netsvcs).

My mouse starts moving real slow then comes back.

What should I run to check it out?

Have Norton, ran Malwarebytes and TDSKiller.

Below is my FRST.txt paste. Also Attached is my Addition.txt file.

Thanks in advance!

cbeau37

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2016
Ran by Chris (administrator) on CHRIS-PC (07-06-2016 06:25:58)
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
( ) C:\Windows\System32\lxducoms.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [AsioThk32Reg] => %SYSTEMROOT%\SYSWOW64\REGSVR32.EXE /S %SYSTEMROOT%\SYSWOW64\CTASIO.DLL
HKLM\...\Run: [kX Mixer] => "C:\Windows\system32\kxmixer.exe" --startup
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {12995ec1-f6d3-11e2-a2b6-0022191402b8} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {3e4d999f-1119-11e1-b7cc-0022191402b8} - H:\TLBootstrap_WPP.exe
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {48179c7a-58b5-11e4-9f67-0022191402b8} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {59743ae6-dc96-11e0-b099-0022191402b8} - H:\setup.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {663bf758-f24b-11e4-965c-0022191402b8} - F:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {a7e57548-e564-11de-87e5-0022191402b8} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\MountPoints2: {c9b0d6fb-497d-11e3-a956-0022191402b8} - H:\setup.exe -a
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-03] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43
Tcpip\..\Interfaces\{6F27C8D7-91C0-4084-8C6C-0A7479057FF9}: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43

Internet Explorer:
==================
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {B6C8C2F0-172B-48AB-842B-2159962F459C} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-06] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-10-06] (Logitech, Inc.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2010-02-04] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://uhhospitalsevents.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-03-09] (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-21] (RocketLife, LLP)
FF Plugin-x32: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2016-04-29] (Samsung Techwin)
FF Plugin-x32: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2016-04-29] (Samsung Techwin)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2016-04-29] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2016-04-29] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2016-04-29] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2016-04-29] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-06-04] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3097217664-1659511971-2978430448-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-06-04] (TD Ameritrade)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2016-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-09-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-09-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Firefox\Extensions: [{13F6DC07-FCF7-466A-BFB4-07AD0191E271}] - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}
FF Extension: XULRunner - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} [2010-08-20] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=903578&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Plugin) - C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-31]
CHR Extension: (Google Cast) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-16]
CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2012-12-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-04-16]
CHR Extension: (Logitech SetPoint) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-11-16]
CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2012-12-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-04-16]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-24]
CHR Extension: (Spreed - speed read the web) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-04-16]
CHR Extension: (Poppit!) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-24]
CHR Extension: (Norton Safe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-04-30]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-05]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-04]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-10-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-07-30] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [393216 2009-04-09] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-02-05] (Macrovision Europe Ltd.) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
S2 gupdate1caccabb97c9540; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2010-02-04] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2010-02-04] ( )
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe [289080 2016-02-26] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-06-04] (Electronic Arts)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [93848 2009-08-17] (SiSoftware) [File not signed]
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492720 2007-10-30] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVerFx2hbtv64; C:\Windows\System32\drivers\AVerFx2hbtv64.sys [508672 2009-05-05] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151552 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctac32k; C:\Windows\System32\drivers\ctac32k.sys [573952 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctaud2k; C:\Windows\System32\drivers\ctaud2k.sys [738560 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [695808 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [208896 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [316928 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [169472 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [356864 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctprxy2k; C:\Windows\System32\drivers\ctprxy2k.sys [9728 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [676864 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctsfm2k; C:\Windows\System32\drivers\ctsfm2k.sys [284160 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
S3 emupia; C:\Windows\System32\drivers\emupia2k.sys [130048 2005-08-03] (Creative Technology Ltd) [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [1300480 2005-08-03] (Creative Technology Ltd) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160606.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
S2 MCSTRM; no ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160606.024\ENG64.SYS [138456 2016-05-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160606.024\EX64.SYS [2148056 2016-05-16] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-15] (NVIDIA Corporation)
S3 ossrv; C:\Windows\System32\drivers\ctoss2k.sys [205824 2005-08-03] (Creative Technology Ltd.) [File not signed]
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [103936 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 SUSTUCAM; C:\Windows\System32\DRIVERS\sustucam.sys [56832 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAP; C:\Windows\System32\DRIVERS\sustucap.sys [56832 2009-11-25] (Susteen, Inc.)
S3 SUSTUCAU; C:\Windows\System32\DRIVERS\sustucau.sys [33792 2009-11-25] (Susteen, Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 kxwdmdrv; system32\drivers\kx.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-09-01 08:00 - 2099-09-01 08:00 - 01162664 _____ C:\Users\Chris\Downloads\XPS630i-010013a.EXE
2099-09-01 06:19 - 2099-09-01 06:29 - 00000000 ____D C:\email maessages 060113
2099-09-01 03:13 - 2099-09-01 03:13 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2099-09-01 03:13 - 2013-06-22 09:23 - 00000000 ____D C:\ProgramData\iolo
2099-09-01 01:37 - 2099-09-01 01:39 - 00000000 ____D C:\Users\Chris\Downloads\geforce 9800GT driver 060113
2016-06-07 06:25 - 2016-06-07 06:26 - 00036241 _____ C:\Users\Chris\Downloads\FRST.txt
2016-06-07 06:25 - 2016-06-07 06:25 - 02385408 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2016-06-07 06:25 - 2016-06-07 06:25 - 00000000 ____D C:\FRST
2016-06-06 13:12 - 2016-06-06 13:12 - 01012284 _____ C:\Users\Chris\Documents\preparation-guide.pdf
2016-06-06 07:17 - 2016-06-06 07:25 - 00147754 _____ C:\TDSSKiller.2.7.31.0_06.06.2016_07.17.20_log.txt
2016-06-05 17:57 - 2016-06-05 17:57 - 00000256 _____ C:\Users\Chris\Desktop\test.url
2016-06-04 19:13 - 2016-06-04 19:13 - 00000259 _____ C:\Users\Chris\Desktop\The National Hearing Test.url
2016-06-04 07:25 - 2016-06-04 07:25 - 00000219 _____ C:\Users\Chris\Desktop\Why it’s crucial for you to update to Windows 10 by July 29 - Yahoo Finance.url
2016-05-29 23:09 - 2016-05-29 23:09 - 00000000 ____D C:\Users\Chris\AppData\Local\Downloaded Installations
2016-05-27 07:25 - 2016-05-27 07:25 - 00540807 _____ C:\Users\Chris\Documents\MF.starter.pdf
2016-05-27 07:20 - 2016-05-27 07:20 - 00325523 _____ C:\Users\Chris\Documents\MF.BRK-B.pdf
2016-05-27 07:19 - 2016-05-27 07:19 - 00307346 _____ C:\Users\Chris\Documents\MF.stmp.pdf
2016-05-23 07:57 - 2016-05-23 07:57 - 00000000 ____D C:\Users\Chris\AppData\Roaming\com.devexperts.tos.ui.user.login.ThinkOrSwimApplication
2016-05-23 07:54 - 2016-06-04 18:20 - 00000000 ____D C:\Users\Chris\.thinkorswim
2016-05-23 07:54 - 2016-06-04 18:20 - 00000000 ____D C:\Program Files\thinkorswim
2016-05-23 07:54 - 2016-05-23 07:54 - 00001897 _____ C:\Users\Public\Desktop\thinkorswim.lnk
2016-05-23 07:52 - 2016-05-23 07:55 - 00000000 ____D C:\Users\Chris\.oracle_jre_usage
2016-05-22 16:54 - 2016-05-22 16:54 - 00000213 _____ C:\Users\Chris\Desktop\Morningstar's Risk Management Boot Camp 2016.url
2016-05-19 08:09 - 2016-05-19 08:09 - 00011755 _____ C:\Users\Chris\Documents\Elks Steak Fund 2016.xlsx
2016-05-19 08:08 - 2016-05-19 08:08 - 00011144 _____ C:\Users\Chris\Documents\Elks Skins 2016.xlsx
2016-05-14 09:13 - 2016-05-14 09:13 - 00081477 _____ C:\Users\Chris\Documents\dart frog dash 2016.pdf
2016-05-10 07:35 - 2016-05-10 07:35 - 00000400 _____ C:\Users\Chris\Desktop\The best Android camera apps.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-09-01 13:44 - 2012-12-19 11:23 - 00000000 ____D C:\NBRT
2016-06-07 06:20 - 2010-03-26 02:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-07 06:06 - 2015-02-22 11:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-07 06:01 - 2012-11-19 17:39 - 00000270 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2016-06-07 05:39 - 2015-11-12 20:39 - 00000911 _____ C:\Windows\Tasks\EPSON XP-420 Series Update {A827AA4D-B871-4FF3-9EC5-4147B3AEE146}.job
2016-06-07 03:38 - 2010-01-23 14:03 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A6FB57EC-4DF3-4850-8878-7975C2CC2651}
2016-06-06 22:10 - 2009-07-14 00:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-06 22:10 - 2009-07-14 00:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-06 20:20 - 2010-03-26 02:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-06 19:24 - 2016-02-06 15:10 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Adblock Plus for IE
2016-06-06 13:12 - 2009-12-04 07:42 - 00000000 ____D C:\Users\Chris\AppData\Local\CutePDF Writer
2016-06-06 08:53 - 2009-11-29 09:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-06 08:33 - 2010-09-03 12:16 - 00002322 ____H C:\Users\Chris\Documents\Default.rdp
2016-06-06 08:19 - 2009-12-23 14:13 - 00007613 _____ C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2016-06-05 18:31 - 2009-12-05 08:31 - 00059392 _____ C:\Users\Chris\Documents\userlist2.xls
2016-06-05 18:18 - 2015-02-08 11:36 - 00000000 ____D C:\Users\Chris\Desktop\va tx ss
2016-06-05 18:18 - 2013-01-24 08:40 - 00000000 ____D C:\Users\Chris\Desktop\Tools
2016-06-05 18:05 - 2009-07-14 01:13 - 00795858 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-05 18:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-05 17:59 - 2013-06-02 16:20 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-05 17:59 - 2012-07-13 13:38 - 00000000 ____D C:\Temp
2016-06-05 17:59 - 2012-04-27 19:52 - 00000414 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2016-06-05 17:59 - 2011-06-13 07:02 - 00000324 _____ C:\Windows\Tasks\GlaryInitialize.job
2016-06-05 17:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-05 17:58 - 2011-08-21 19:08 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-06-05 16:04 - 2014-12-25 11:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-05 15:22 - 2015-02-12 08:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-05 07:09 - 2014-08-03 16:35 - 00000000 ____D C:\Users\Chris\Desktop\deacon
2016-06-04 18:36 - 2012-09-03 08:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-04 18:36 - 2009-11-29 09:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-04 18:13 - 2010-08-21 16:44 - 00000000 ____D C:\Windows\Minidump
2016-06-04 16:09 - 2015-11-27 13:19 - 00000000 ____D C:\ProgramData\Origin
2016-06-04 16:04 - 2015-11-27 13:19 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-06-04 16:04 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-04 16:03 - 2015-11-27 13:17 - 00000000 ____D C:\Program Files (x86)\Origin
2016-06-04 15:58 - 2013-03-15 07:10 - 00000000 ____D C:\Users\Chris\Desktop\kitchen
2016-06-03 08:06 - 2012-09-03 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-05-31 14:48 - 2009-05-20 07:18 - 00000000 ____D C:\Golf Management
2016-05-31 11:22 - 2012-05-03 07:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-30 07:37 - 2013-03-28 12:40 - 00000000 ____D C:\Users\Chris\.VirtualBox
2016-05-29 23:10 - 2010-12-18 18:48 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-05-29 23:10 - 2009-12-01 21:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-26 06:22 - 2011-04-27 10:24 - 00000000 ____D C:\Users\Chris\AppData\Local\Deployment
2016-05-25 20:22 - 2015-01-12 19:29 - 00002223 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-05-23 07:54 - 2009-11-28 14:12 - 00000000 ____D C:\Users\Chris
2016-05-16 20:12 - 2015-05-11 17:08 - 00022528 _____ C:\Users\Chris\Documents\chip in pot2016.xls
2016-05-13 15:54 - 2016-04-03 16:37 - 00000287 _____ C:\Users\Chris\Desktop\3 Attractive Income Stocks Whose Dividends Could Double -- The Motley Fool.url
2016-05-13 09:06 - 2015-02-22 11:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 09:06 - 2012-12-06 07:41 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 09:06 - 2012-12-06 07:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 19:23 - 2010-03-26 02:16 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 19:23 - 2010-03-26 02:16 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-10 20:15 - 2010-03-26 02:24 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:15 - 2010-03-26 02:24 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 08:15 - 2011-11-15 07:52 - 00000000 ____D C:\Users\Chris\Desktop\health links

==================== Files in the root of some directories =======

2009-12-23 13:45 - 2016-01-01 18:55 - 0000004 _____ () C:\Users\Chris\AppData\Roaming\55FA05
2014-12-25 11:08 - 2014-12-25 11:08 - 0000051 _____ () C:\Users\Chris\AppData\Roaming\mbam.context.scan
2012-06-08 07:07 - 2016-01-01 18:55 - 0870128 _____ () C:\Users\Chris\AppData\Roaming\mcs.rma
2010-01-17 12:59 - 2010-01-17 12:59 - 0003584 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-05-09 08:36 - 2010-05-09 08:36 - 0000093 _____ () C:\Users\Chris\AppData\Local\fusioncache.dat
2009-12-23 14:13 - 2016-06-06 08:19 - 0007613 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2011-02-27 14:53 - 2015-02-26 18:25 - 0054591 _____ () C:\ProgramData\lxdu.log
2010-09-18 15:08 - 2014-07-13 15:27 - 0001979 _____ () C:\ProgramData\lxduDiagnostics.log
2010-12-17 10:12 - 2014-07-25 06:58 - 0214140 _____ () C:\ProgramData\lxduJSW.log
2015-01-12 19:29 - 2016-05-25 20:22 - 0002223 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-03-03 19:31 - 2016-02-04 09:03 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-06-13 07:15 - 2011-07-03 15:38 - 15003648 _____ () C:\ProgramData\sandra.mda
2014-10-05 19:47 - 2014-10-05 19:47 - 0755068 _____ () C:\ProgramData\SPL12D4.tmp
2015-03-16 07:45 - 2015-03-16 07:45 - 1160360 _____ () C:\ProgramData\SPL1DFB.tmp
2015-02-12 18:18 - 2015-02-12 18:18 - 1615049 _____ () C:\ProgramData\SPL2041.tmp
2014-12-30 15:47 - 2014-12-30 15:47 - 0711211 _____ () C:\ProgramData\SPL2556.tmp
2014-12-30 16:53 - 2014-12-30 16:53 - 0584321 _____ () C:\ProgramData\SPL2599.tmp
2014-12-30 16:48 - 2014-12-30 16:48 - 0584321 _____ () C:\ProgramData\SPL2B34.tmp
2014-12-07 16:02 - 2014-12-07 16:02 - 1706505 _____ () C:\ProgramData\SPL32E3.tmp
2012-10-17 18:34 - 2012-10-17 18:34 - 0967402 _____ () C:\ProgramData\SPL3BC9.tmp
2012-08-07 15:54 - 2012-08-07 15:54 - 1081176 _____ () C:\ProgramData\SPL3BD2.tmp
2015-03-16 06:44 - 2015-03-16 06:44 - 1160360 _____ () C:\ProgramData\SPL4B63.tmp
2015-04-14 08:42 - 2015-04-14 08:42 - 0809763 _____ () C:\ProgramData\SPL5385.tmp
2012-06-09 09:20 - 2012-06-09 09:20 - 0815536 _____ () C:\ProgramData\SPL6374.tmp
2012-09-15 08:20 - 2012-09-15 08:20 - 1194326 _____ () C:\ProgramData\SPL715F.tmp
2015-03-05 19:39 - 2015-03-05 19:39 - 1609795 _____ () C:\ProgramData\SPL71CD.tmp
2013-09-07 10:53 - 2013-09-07 10:53 - 0516982 _____ () C:\ProgramData\SPL78CF.tmp
2012-06-11 20:20 - 2012-06-11 20:20 - 0780098 _____ () C:\ProgramData\SPL7963.tmp
2014-08-03 16:47 - 2014-08-03 16:47 - 0830405 _____ () C:\ProgramData\SPL8807.tmp
2012-06-11 20:28 - 2012-06-11 20:28 - 0780098 _____ () C:\ProgramData\SPL8BF9.tmp
2012-12-10 22:50 - 2012-12-10 22:50 - 0062044 _____ () C:\ProgramData\SPL902D.tmp
2012-04-16 19:53 - 2012-04-16 19:53 - 5115041 _____ () C:\ProgramData\SPL91E5.tmp
2015-04-05 20:51 - 2015-04-05 20:51 - 1440673 _____ () C:\ProgramData\SPL9506.tmp
2014-08-30 11:17 - 2014-08-30 11:17 - 2327566 _____ () C:\ProgramData\SPL96A3.tmp
2015-04-20 22:28 - 2015-04-20 22:28 - 0641202 _____ () C:\ProgramData\SPL9F11.tmp
2012-02-10 14:06 - 2012-02-10 14:06 - 40830263 _____ () C:\ProgramData\SPL9FB0.tmp
2012-08-19 15:48 - 2012-08-19 15:48 - 0996229 _____ () C:\ProgramData\SPLA4A7.tmp
2014-07-08 16:28 - 2014-07-08 16:28 - 1069621 _____ () C:\ProgramData\SPLA7A5.tmp
2015-01-04 16:06 - 2015-01-04 16:06 - 3180961 _____ () C:\ProgramData\SPLACA7.tmp
2012-07-03 19:42 - 2012-07-03 19:42 - 0455878 _____ () C:\ProgramData\SPLACC2.tmp
2012-05-15 15:45 - 2012-05-15 15:45 - 1079522 _____ () C:\ProgramData\SPLB69D.tmp
2015-04-14 19:40 - 2015-04-14 19:40 - 4144050 _____ () C:\ProgramData\SPLBBDB.tmp
2013-11-27 17:11 - 2013-11-27 17:11 - 1217058 _____ () C:\ProgramData\SPLBC39.tmp
2014-07-08 16:04 - 2014-07-08 16:04 - 0239665 _____ () C:\ProgramData\SPLC412.tmp
2012-06-11 20:17 - 2012-06-11 20:17 - 0145012 _____ () C:\ProgramData\SPLC64B.tmp
2014-07-20 15:35 - 2014-07-20 15:35 - 1038281 _____ () C:\ProgramData\SPLC830.tmp
2012-07-12 17:51 - 2012-07-12 17:51 - 0332918 _____ () C:\ProgramData\SPLC8A7.tmp
2014-07-08 16:19 - 2014-07-08 16:19 - 0753180 _____ () C:\ProgramData\SPLC937.tmp
2015-01-04 16:12 - 2015-01-04 16:12 - 3180961 _____ () C:\ProgramData\SPLCBC6.tmp
2014-08-30 11:47 - 2014-08-30 11:47 - 1836889 _____ () C:\ProgramData\SPLCF5F.tmp
2012-06-05 16:37 - 2012-06-05 16:37 - 0308592 _____ () C:\ProgramData\SPLD1FD.tmp
2013-01-08 08:27 - 2013-01-08 08:27 - 0878784 _____ () C:\ProgramData\SPLD2E5.tmp
2011-11-03 21:31 - 2011-11-03 21:31 - 0032694 _____ () C:\ProgramData\SPLD3A9.tmp
2012-07-04 09:33 - 2012-07-04 09:33 - 0455878 _____ () C:\ProgramData\SPLDEC9.tmp
2010-11-12 22:48 - 2010-11-12 22:48 - 1887124 _____ () C:\ProgramData\SPLF0DF.tmp
2014-08-19 16:25 - 2014-08-19 16:25 - 1070339 _____ () C:\ProgramData\SPLF651.tmp
2012-06-05 16:36 - 2012-06-05 16:36 - 0282426 _____ () C:\ProgramData\SPLFCC4.tmp
2012-08-14 22:29 - 2012-08-14 22:29 - 3252867 _____ () C:\ProgramData\SPLFED6.tmp
2010-09-18 14:41 - 2010-09-18 14:41 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2011-06-13 07:18 - 2015-08-22 11:39 - 0008750 _____ () C:\ProgramData\xml5034.tmp
2011-06-13 07:18 - 2015-08-22 11:39 - 0000000 _____ () C:\ProgramData\xml5469.tmp
2011-06-13 07:18 - 2011-10-04 07:27 - 0002263 _____ () C:\ProgramData\xml5583.tmp
2015-08-22 16:54 - 2015-08-22 16:54 - 0000000 _____ () C:\ProgramData\xml75B4.tmp
2015-08-22 16:54 - 2015-08-22 16:54 - 0000000 _____ () C:\ProgramData\xml7853.tmp
2015-08-22 11:39 - 2015-08-22 11:39 - 0000000 _____ () C:\ProgramData\xmlB1D3.tmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-28 08:38

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 07 June 2016 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-09-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-09-14] [not signed]
FF HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Firefox\Extensions: [{13F6DC07-FCF7-466A-BFB4-07AD0191E271}] - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}
FF Extension: XULRunner - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} [2010-08-20] [not signed]
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File
CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2012-12-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-04-16]
CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2012-12-06]
CHR Extension: (Poppit!) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-04-30]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-10-23]
S2 MCSTRM; no ImagePath
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 kxwdmdrv; system32\drivers\kx.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys
Task: {6804F880-111A-4969-A45E-569907891583} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
HKLM\...\.scr:  =>  <===== ATTENTION
C:\Program Files\PC Optimizer Pro
C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know if the problem persists.

#3 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 08 June 2016 - 08:17 AM

Hi, Here is my fixlog.tx and AswCleaner[C1}.txt files

Still have svchost.exe (netsvcs) taking up 45% to 50% of my CPU usage.

Thanks!

Chris

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2016
Ran by Chris (2016-06-08 08:08:04) Run:1
Running from C:\Users\Chris\Downloads\FRST64stuff
Loaded Profiles: Chris (Available Profiles: Chris)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
URLSearchHook: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80210&lng=en
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-3097217664-1659511971-2978430448-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-09-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-09-14] [not signed]
FF HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\...\Firefox\Extensions: [{13F6DC07-FCF7-466A-BFB4-07AD0191E271}] - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}
FF Extension: XULRunner - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} [2010-08-20] [not signed]
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File
CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2012-12-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-04-16]
CHR Extension: (Freemake Video Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2012-12-06]
CHR Extension: (Poppit!) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-04-30]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-10-23]
S2 MCSTRM; no ImagePath
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 kxwdmdrv; system32\drivers\kx.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys
Task: {6804F880-111A-4969-A45E-569907891583} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
HKLM\...\.scr:  =>  <===== ATTENTION
C:\Program Files\PC Optimizer Pro
C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
"HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}" => key removed successfully
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => value removed successfully
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => key not found.
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fmdownloader@gmail.com => value removed successfully
C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com => moved successfully
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-09-14] [not signed] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com => value removed successfully
C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com => moved successfully
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-09-14] [not signed] => not found
HKU\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Mozilla\Firefox\Extensions\\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} => value removed successfully
C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} => moved successfully
FF Extension: XULRunner - C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271} [2010-08-20] [not signed] => not found
Chrome HomePage => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll => not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll => not found.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf => moved successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh => moved successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => moved successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => key removed successfully
C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh" => key removed successfully
C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx => moved successfully
MCSTRM => service removed successfully
BTCFilterService => service removed successfully
cpuz135 => service removed successfully
EagleX64 => service removed successfully
kxwdmdrv => service removed successfully
motccgpfl => service removed successfully
Motousbnet => service removed successfully
motusbdevice => service removed successfully
NPF => service removed successfully
VBoxNetFlt => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6804F880-111A-4969-A45E-569907891583}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6804F880-111A-4969-A45E-569907891583}" => key removed successfully
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => key removed successfully
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => moved successfully
HKLM\Software\Classes\.scr\\Default => value restored successfully
"C:\Program Files\PC Optimizer Pro" => not found.
"C:\Users\Chris\AppData\Local\{13F6DC07-FCF7-466A-BFB4-07AD0191E271}" => not found.
EmptyTemp: => 743.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 08:10:22 ====

 

 

# AdwCleaner v5.119 - Logfile created 08/06/2016 at 08:56:46
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\Desktop\adwcleaner_5.119.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Ask.com
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Chris\AppData\Local\DriverTuner
[-] Folder Deleted : C:\Users\Chris\AppData\Local\Downloaded Installers
[-] Folder Deleted : C:\Users\Chris\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\Chris\AppData\LocalLow\Yahoo!\Companion
[#] Folder Deleted : C:\Users\Chris\AppData\LocalLow\IAC
[-] Folder Deleted : C:\Users\Chris\AppData\Roaming\download Manager

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup_B-r394-t-bi.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup_D-r394-t-bi.exe
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmbmildjdmppofnohldicmnkojfhggmb
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\Cr_Installer
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\AskToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\flask.com

***** [ Web browsers ] *****

[-] [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.yahoo.com
[-] [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : yahoo.com search
[-] [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxps://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=903578&p={searchTerms}
[-] [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jmbmildjdmppofnohldicmnkojfhggmb

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [8694 bytes] - [08/06/2016 08:56:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [9079 bytes] - [08/06/2016 08:49:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8840 bytes] ##########

 

 

 

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 08 June 2016 - 08:58 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

#5 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 08 June 2016 - 11:51 AM

Hi,

I ran TDSSKiller and no threats found.

LOG attached below,

Thanks,

Chris

 

12:41:24.0628 0x1a48  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
12:45:34.0330 0x1a48  ============================================================
12:45:34.0330 0x1a48  Current date / time: 2016/06/08 12:45:34.0330
12:45:34.0330 0x1a48  SystemInfo:
12:45:34.0330 0x1a48 
12:45:34.0330 0x1a48  OS Version: 6.1.7601 ServicePack: 1.0
12:45:34.0330 0x1a48  Product type: Workstation
12:45:34.0330 0x1a48  ComputerName: CHRIS-PC
12:45:34.0330 0x1a48  UserName: Chris
12:45:34.0330 0x1a48  Windows directory: C:\Windows
12:45:34.0330 0x1a48  System windows directory: C:\Windows
12:45:34.0330 0x1a48  Running under WOW64
12:45:34.0330 0x1a48  Processor architecture: Intel x64
12:45:34.0330 0x1a48  Number of processors: 2
12:45:34.0330 0x1a48  Page size: 0x1000
12:45:34.0330 0x1a48  Boot type: Normal boot
12:45:34.0330 0x1a48  ============================================================
12:45:36.0683 0x1a48  KLMD registered as C:\Windows\system32\drivers\25017853.sys
12:45:39.0054 0x1a48  System UUID: {D3F8F669-7AD0-9EED-FFDE-DB5AE3C93DBF}
12:45:43.0763 0x1a48  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:43.0770 0x1a48  ============================================================
12:45:43.0770 0x1a48  \Device\Harddisk0\DR0:
12:45:43.0770 0x1a48  MBR partitions:
12:45:43.0770 0x1a48  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x400000
12:45:43.0770 0x1a48  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x41F800, BlocksNum 0x39F66000
12:45:43.0770 0x1a48  ============================================================
12:45:43.0811 0x1a48  C: <-> \Device\Harddisk0\DR0\Partition2
12:45:43.0838 0x1a48  D: <-> \Device\Harddisk0\DR0\Partition1
12:45:43.0838 0x1a48  ============================================================
12:45:43.0838 0x1a48  Initialize success
12:45:43.0838 0x1a48  ============================================================
12:45:48.0184 0x0ff8  ============================================================
12:45:48.0184 0x0ff8  Scan started
12:45:48.0184 0x0ff8  Mode: Manual;
12:45:48.0184 0x0ff8  ============================================================
12:45:48.0184 0x0ff8  KSN ping started
12:46:01.0808 0x0ff8  KSN ping finished: true
12:46:03.0385 0x0ff8  ================ Scan system memory ========================
12:46:03.0385 0x0ff8  System memory - ok
12:46:03.0387 0x0ff8  ================ Scan services =============================
12:46:03.0621 0x0ff8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:46:03.0626 0x0ff8  1394ohci - ok
12:46:03.0671 0x0ff8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:46:03.0677 0x0ff8  ACPI - ok
12:46:03.0691 0x0ff8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:46:03.0692 0x0ff8  AcpiPmi - ok
12:46:03.0884 0x0ff8  [ 285D3AC0364EDDCF2926C4C7A163D1C9, F63509C6AC262BB14C8983BDE2283D0A9ACD4AE91307B4FBB5681BD9E5355F05 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
12:46:03.0897 0x0ff8  AcrSch2Svc - ok
12:46:04.0004 0x0ff8  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:46:04.0008 0x0ff8  AdobeARMservice - ok
12:46:04.0231 0x0ff8  [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:46:04.0237 0x0ff8  AdobeFlashPlayerUpdateSvc - ok
12:46:04.0321 0x0ff8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:46:04.0337 0x0ff8  adp94xx - ok
12:46:04.0364 0x0ff8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:46:04.0370 0x0ff8  adpahci - ok
12:46:04.0391 0x0ff8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:46:04.0394 0x0ff8  adpu320 - ok
12:46:04.0446 0x0ff8  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:46:04.0448 0x0ff8  AeLookupSvc - ok
12:46:04.0484 0x0ff8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:46:04.0500 0x0ff8  AFD - ok
12:46:04.0522 0x0ff8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:46:04.0524 0x0ff8  agp440 - ok
12:46:04.0569 0x0ff8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:46:04.0571 0x0ff8  ALG - ok
12:46:04.0585 0x0ff8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:46:04.0586 0x0ff8  aliide - ok
12:46:04.0867 0x0ff8  [ AAA1F9D4CF4C976C21BCA8AFA2BAE6A4, E8625FC2676A5E1C70E2F8AF40A4B1FF908748401B9B169285E2A7277B6E123E ] AllShare        C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
12:46:04.0966 0x0ff8  AllShare - ok
12:46:05.0013 0x0ff8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:46:05.0014 0x0ff8  amdide - ok
12:46:05.0035 0x0ff8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:46:05.0037 0x0ff8  AmdK8 - ok
12:46:05.0045 0x0ff8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:46:05.0047 0x0ff8  AmdPPM - ok
12:46:05.0073 0x0ff8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:46:05.0075 0x0ff8  amdsata - ok
12:46:05.0083 0x0ff8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:46:05.0086 0x0ff8  amdsbs - ok
12:46:05.0101 0x0ff8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:46:05.0102 0x0ff8  amdxata - ok
12:46:05.0143 0x0ff8  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
12:46:05.0144 0x0ff8  AppID - ok
12:46:05.0163 0x0ff8  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:46:05.0164 0x0ff8  AppIDSvc - ok
12:46:05.0194 0x0ff8  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
12:46:05.0196 0x0ff8  Appinfo - ok
12:46:05.0213 0x0ff8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:46:05.0214 0x0ff8  arc - ok
12:46:05.0226 0x0ff8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:46:05.0228 0x0ff8  arcsas - ok
12:46:05.0359 0x0ff8  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:46:05.0388 0x0ff8  aspnet_state - ok
12:46:05.0428 0x0ff8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:46:05.0430 0x0ff8  AsyncMac - ok
12:46:05.0509 0x0ff8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:46:05.0510 0x0ff8  atapi - ok
12:46:05.0582 0x0ff8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:46:05.0606 0x0ff8  AudioEndpointBuilder - ok
12:46:05.0638 0x0ff8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:46:05.0654 0x0ff8  AudioSrv - ok
12:46:05.0721 0x0ff8  [ 56340775CEB97A9CF2CAED7A9458C2B8, 854F6B432BAA7060038D85FE29506733C9BAB6560F430E4EC5B36CAFE8C0C3CB ] AVerFx2hbtv64   C:\Windows\system32\drivers\AVerFx2hbtv64.sys
12:46:05.0736 0x0ff8  AVerFx2hbtv64 - ok
12:46:05.0827 0x0ff8  [ 8D16B8D6F1A6C0EB592E82951FD9E844, 949516996137D49DD30B0701EBF8920E8A69D8BE8F2A4C5C939E1641FF241E00 ] AVerRemote      C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
12:46:05.0835 0x0ff8  AVerRemote - ok
12:46:05.0857 0x0ff8  [ C427355C34156357968EF578647A3E78, 1E47297637DD091811B5E7084F13FA4FF70B046C6DE2B1F4124542737BAEF337 ] AVerScheduleService C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
12:46:05.0866 0x0ff8  AVerScheduleService - ok
12:46:05.0928 0x0ff8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:46:05.0932 0x0ff8  AxInstSV - ok
12:46:06.0003 0x0ff8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:46:06.0020 0x0ff8  b06bdrv - ok
12:46:06.0074 0x0ff8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:46:06.0081 0x0ff8  b57nd60a - ok
12:46:06.0137 0x0ff8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:46:06.0140 0x0ff8  BDESVC - ok
12:46:06.0154 0x0ff8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:46:06.0155 0x0ff8  Beep - ok
12:46:06.0237 0x0ff8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:46:06.0261 0x0ff8  BFE - ok
12:46:06.0474 0x0ff8  [ 4E8EF55692BDCB8BA97888877CD034AC, 050C73032D77D57E3B79D1BFB3F2D7F2E9CED1188F53576223FE10149D86AB6C ] BHDrvx64        C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160601.001\BHDrvx64.sys
12:46:06.0501 0x0ff8  BHDrvx64 - ok
12:46:06.0567 0x0ff8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:46:06.0601 0x0ff8  BITS - ok
12:46:06.0625 0x0ff8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:46:06.0627 0x0ff8  blbdrive - ok
12:46:06.0676 0x0ff8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:46:06.0678 0x0ff8  bowser - ok
12:46:06.0688 0x0ff8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:46:06.0689 0x0ff8  BrFiltLo - ok
12:46:06.0700 0x0ff8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:46:06.0700 0x0ff8  BrFiltUp - ok
12:46:06.0752 0x0ff8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:46:06.0756 0x0ff8  Browser - ok
12:46:06.0779 0x0ff8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:46:06.0786 0x0ff8  Brserid - ok
12:46:06.0802 0x0ff8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:46:06.0804 0x0ff8  BrSerWdm - ok
12:46:06.0813 0x0ff8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:46:06.0814 0x0ff8  BrUsbMdm - ok
12:46:06.0823 0x0ff8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:46:06.0824 0x0ff8  BrUsbSer - ok
12:46:06.0838 0x0ff8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:46:06.0840 0x0ff8  BTHMODEM - ok
12:46:06.0887 0x0ff8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:46:06.0890 0x0ff8  bthserv - ok
12:46:07.0060 0x0ff8  [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys
12:46:07.0065 0x0ff8  ccSet_NIS - ok
12:46:07.0090 0x0ff8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:46:07.0092 0x0ff8  cdfs - ok
12:46:07.0123 0x0ff8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:46:07.0127 0x0ff8  cdrom - ok
12:46:07.0187 0x0ff8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:46:07.0190 0x0ff8  CertPropSvc - ok
12:46:07.0280 0x0ff8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:46:07.0281 0x0ff8  circlass - ok
12:46:07.0341 0x0ff8  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
12:46:07.0357 0x0ff8  CLFS - ok
12:46:07.0440 0x0ff8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:46:07.0443 0x0ff8  clr_optimization_v2.0.50727_32 - ok
12:46:07.0494 0x0ff8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:46:07.0497 0x0ff8  clr_optimization_v2.0.50727_64 - ok
12:46:07.0582 0x0ff8  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:46:07.0650 0x0ff8  clr_optimization_v4.0.30319_32 - ok
12:46:07.0668 0x0ff8  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:46:07.0673 0x0ff8  clr_optimization_v4.0.30319_64 - ok
12:46:07.0691 0x0ff8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:46:07.0692 0x0ff8  CmBatt - ok
12:46:07.0716 0x0ff8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:46:07.0717 0x0ff8  cmdide - ok
12:46:07.0782 0x0ff8  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
12:46:07.0798 0x0ff8  CNG - ok
12:46:07.0855 0x0ff8  [ 7D48C1A9532A1DA3B7CCBDB4727E4472, A32A5960A09BACC08D38C3EBB564AA3FCCD73B59692B6C4BD86A7E5F780D59F0 ] COMMONFX.DLL    C:\Windows\System32\COMMONFX.DLL
12:46:07.0860 0x0ff8  COMMONFX.DLL - ok
12:46:07.0865 0x0ff8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:46:07.0866 0x0ff8  Compbatt - ok
12:46:07.0898 0x0ff8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:46:07.0900 0x0ff8  CompositeBus - ok
12:46:07.0918 0x0ff8  COMSysApp - ok
12:46:07.0932 0x0ff8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:46:07.0933 0x0ff8  crcdisk - ok
12:46:07.0971 0x0ff8  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:46:07.0977 0x0ff8  CryptSvc - ok
12:46:08.0041 0x0ff8  [ D622EC6AAAE255C3143F200875DD0EBA, F032FE80CAC45627540F3A8EFF7F1DDA4AE2DDFA19D978816F67BCC706FB8EDF ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
12:46:08.0054 0x0ff8  ctac32k - ok
12:46:08.0082 0x0ff8  [ 15E573F0D8CE48417497DA161A85390C, 35719989747633DADBBE1ED54FD096E0FBC89320845D1E33D4D825A4BFAB8849 ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
12:46:08.0093 0x0ff8  ctaud2k - ok
12:46:08.0122 0x0ff8  [ 10BEFAA3A8D69FD8D8C3572776984784, 34E0CE8123EF3DFC180FCF086B90A9703AF1A0F6B0A27B2630C465ACDF732E69 ] CTAUDFX.DLL     C:\Windows\System32\CTAUDFX.DLL
12:46:08.0147 0x0ff8  CTAUDFX.DLL - ok
12:46:08.0172 0x0ff8  [ E07D540E71954FFF11FF2A0C23525693, 40817C299FD586CE125AD834913338AEF4ADA9BB194295A8833BBF1A0669DB23 ] CTEAPSFX.DLL    C:\Windows\System32\CTEAPSFX.DLL
12:46:08.0176 0x0ff8  CTEAPSFX.DLL - ok
12:46:08.0192 0x0ff8  [ 95EC8E61EA004244D5B717500ACF2CA5, 3BA1200D2024A094A0B4BF370A0B7012D34EE569A55E16DED8EC8B139032135A ] CTEDSPFX.DLL    C:\Windows\System32\CTEDSPFX.DLL
12:46:08.0197 0x0ff8  CTEDSPFX.DLL - ok
12:46:08.0219 0x0ff8  [ B6400F4BF7118EABAFFD3532708D0EA3, A50915D67E42D916918BA10B56D779CE8B28A7A6C99BD8908964EF879EDBF8FC ] CTEDSPIO.DLL    C:\Windows\System32\CTEDSPIO.DLL
12:46:08.0223 0x0ff8  CTEDSPIO.DLL - ok
12:46:08.0250 0x0ff8  [ 72FE0686C2E8590A557DDA0C5F019AD9, 25004570C485FEE5C210D3BD1B0165519E1A31DC4288C4D8D18B7489DC1165F0 ] CTEDSPSY.DLL    C:\Windows\System32\CTEDSPSY.DLL
12:46:08.0255 0x0ff8  CTEDSPSY.DLL - ok
12:46:08.0299 0x0ff8  [ 639062F4DB5CAE0B7848C5B443D86B8A, 967E0FFEE5509F0C0ED7B56B994AD286D50D6E2635D7D4A8F6E95B9679CE35C7 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
12:46:08.0299 0x0ff8  ctprxy2k - ok
12:46:08.0330 0x0ff8  [ 8DB75899FF3D3720F6F29D8F0D6D5923, BFF9AF31AD7003462548E2E8263D74A47C95C228722BAF22485BAF35B17EA2DB ] CTSBLFX.DLL     C:\Windows\System32\CTSBLFX.DLL
12:46:08.0341 0x0ff8  CTSBLFX.DLL - ok
12:46:08.0403 0x0ff8  [ 12E7E440C8B2C260A7754800A108BEE4, 0352FAB60BAD00447A652722604A52D8B89A0DC0729696818E5DCB3B345F1EE1 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
12:46:08.0410 0x0ff8  ctsfm2k - ok
12:46:08.0486 0x0ff8  [ 1CA90212A99DB6975C344826D11055C9, 8C430087C36A9E38B9A3D789990C1122E40CA847B395DF7D1537EE769E1FFEE7 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
12:46:08.0488 0x0ff8  dc3d - ok
12:46:08.0558 0x0ff8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:46:08.0574 0x0ff8  DcomLaunch - ok
12:46:08.0632 0x0ff8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:46:08.0640 0x0ff8  defragsvc - ok
12:46:08.0690 0x0ff8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:46:08.0693 0x0ff8  DfsC - ok
12:46:08.0752 0x0ff8  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:46:08.0756 0x0ff8  dg_ssudbus - ok
12:46:08.0807 0x0ff8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:46:08.0816 0x0ff8  Dhcp - ok
12:46:08.0908 0x0ff8  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:46:08.0942 0x0ff8  DiagTrack - ok
12:46:08.0995 0x0ff8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:46:08.0997 0x0ff8  discache - ok
12:46:09.0062 0x0ff8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:46:09.0064 0x0ff8  Disk - ok
12:46:09.0115 0x0ff8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:46:09.0119 0x0ff8  Dnscache - ok
12:46:09.0176 0x0ff8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:46:09.0183 0x0ff8  dot3svc - ok
12:46:09.0240 0x0ff8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:46:09.0244 0x0ff8  DPS - ok
12:46:09.0275 0x0ff8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:46:09.0276 0x0ff8  drmkaud - ok
12:46:09.0324 0x0ff8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:46:09.0340 0x0ff8  DXGKrnl - ok
12:46:09.0399 0x0ff8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:46:09.0402 0x0ff8  EapHost - ok
12:46:09.0519 0x0ff8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:46:09.0619 0x0ff8  ebdrv - ok
12:46:09.0730 0x0ff8  [ E5C10FCFA331D2BA13B211D0454FEA38, 9363545317C655EED282BA1FE7C71B26E2C3599F35E42E7496F413961303A24D ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:46:09.0737 0x0ff8  eeCtrl - ok
12:46:09.0780 0x0ff8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] EFS             C:\Windows\System32\lsass.exe
12:46:09.0781 0x0ff8  EFS - ok
12:46:09.0892 0x0ff8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:46:09.0917 0x0ff8  ehRecvr - ok
12:46:09.0960 0x0ff8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:46:09.0962 0x0ff8  ehSched - ok
12:46:09.0991 0x0ff8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:46:10.0008 0x0ff8  elxstor - ok
12:46:10.0064 0x0ff8  [ C38AC2DCFC9246FBADB971B210631BA9, 9FEC706CC56BE3766DCEDEA86F6721D6B65480ACCF54D98A1E3162E296CB8404 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
12:46:10.0067 0x0ff8  emupia - ok
12:46:10.0197 0x0ff8  [ 4F7E75A08DBF89423C2EF9DC89BD923B, 79F849704225CE8F3FF501888BEE0FBC1308FF6F590B9CD67015C9CFA0A708E3 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
12:46:10.0213 0x0ff8  EpsonCustomerParticipation - ok
12:46:10.0279 0x0ff8  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
12:46:10.0283 0x0ff8  EpsonScanSvc - ok
12:46:10.0453 0x0ff8  [ B5581646636759D0DAFA8B008881C079, 0CADE029ABDCDE3A89C0786F1698C93D9A7CC981EFB3761CF243E19E178FF611 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
12:46:10.0458 0x0ff8  EPSON_EB_RPCV4_01 - ok
12:46:10.0492 0x0ff8  [ 1E345F2A2D95DA3190596E691CDE9342, 9D1D48F3B749ADA598D155E11E63CD52A4EEABF9BE92A1D997D25D07CF350084 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
12:46:10.0495 0x0ff8  EPSON_PM_RPCV4_01 - ok
12:46:10.0536 0x0ff8  [ 2BD3F1059975CE90F8D968DADD790DFF, 9FD4FA7DB54B0E1E4A48863435F728220978A271D2A28BB3E9E112C1A59B1D4C ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:46:10.0540 0x0ff8  EraserUtilRebootDrv - ok
12:46:10.0564 0x0ff8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:46:10.0565 0x0ff8  ErrDev - ok
12:46:10.0645 0x0ff8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:46:10.0660 0x0ff8  EventSystem - ok
12:46:10.0717 0x0ff8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:46:10.0722 0x0ff8  exfat - ok
12:46:10.0745 0x0ff8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:46:10.0751 0x0ff8  fastfat - ok
12:46:10.0833 0x0ff8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:46:10.0858 0x0ff8  Fax - ok
12:46:10.0873 0x0ff8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:46:10.0874 0x0ff8  fdc - ok
12:46:10.0887 0x0ff8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:46:10.0888 0x0ff8  fdPHost - ok
12:46:10.0895 0x0ff8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:46:10.0896 0x0ff8  FDResPub - ok
12:46:10.0909 0x0ff8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:46:10.0910 0x0ff8  FileInfo - ok
12:46:10.0923 0x0ff8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:46:10.0924 0x0ff8  Filetrace - ok
12:46:11.0037 0x0ff8  [ 31AC02203B716CBF8829343C91C8FD75, 6231A842733887C9A0CD513E9AFEF4A35152F4BCC9706EEAB38DC898B10AF9BD ] Fitbit Connect  C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
12:46:11.0078 0x0ff8  Fitbit Connect - ok
12:46:11.0167 0x0ff8  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:46:11.0189 0x0ff8  FLEXnet Licensing Service - ok
12:46:11.0204 0x0ff8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:46:11.0206 0x0ff8  flpydisk - ok
12:46:11.0261 0x0ff8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:46:11.0266 0x0ff8  FltMgr - ok
12:46:11.0313 0x0ff8  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
12:46:11.0346 0x0ff8  FontCache - ok
12:46:11.0434 0x0ff8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:46:11.0436 0x0ff8  FontCache3.0.0.0 - ok
12:46:11.0579 0x0ff8  [ 65C2D3C4BAE4C0EF1CD92BBC8BB57F2B, F5A95289AA93B3FCB5FA75F488330CA7DE07F4E99876F94321C7D8E02B87336C ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
12:46:11.0579 0x0ff8  FreemakeVideoCapture - ok
12:46:11.0585 0x0ff8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:46:11.0587 0x0ff8  FsDepends - ok
12:46:11.0642 0x0ff8  [ 53DAB1791917A72738539AD25C4EED7F, 3DE667E8B894EE1A1A814AF2153901AFE2A320BDB3B2A51330D987636B1BC6BE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
12:46:11.0645 0x0ff8  fssfltr - ok
12:46:11.0753 0x0ff8  [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:46:11.0773 0x0ff8  fsssvc - ok
12:46:11.0801 0x0ff8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:46:11.0802 0x0ff8  Fs_Rec - ok
12:46:11.0871 0x0ff8  [ 79B4CDE2B69ED8BA4011859780A66A4D, D2572B737232F8FDD46A811FF69D8DAE4AAD4D2FA47507D78C0C54BF01C4CC4A ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
12:46:11.0875 0x0ff8  Futuremark SystemInfo Service - ok
12:46:11.0921 0x0ff8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:46:11.0927 0x0ff8  fvevol - ok
12:46:11.0940 0x0ff8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:46:11.0943 0x0ff8  gagp30kx - ok
12:46:12.0063 0x0ff8  [ 5CEA11F0A0F8ECC5549A36219563B3A7, 2DF35C089BD78D6CBBFDE8E8554DD82F9591B1F549E8F0BF332804C6A19042AC ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
12:46:12.0097 0x0ff8  Garmin Device Interaction Service - ok
12:46:12.0167 0x0ff8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:46:12.0168 0x0ff8  GEARAspiWDM - ok
12:46:12.0298 0x0ff8  [ 97DC871A801DF42AD1008F0BBFD1ED8E, 7D90E1064863D0E976B9D1529A07808E3A38BA0FFEF5E7E920CC049DC05A15F1 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
12:46:12.0365 0x0ff8  GfExperienceService - ok
12:46:12.0436 0x0ff8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:46:12.0457 0x0ff8  gpsvc - ok
12:46:12.0583 0x0ff8  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate1caccabb97c9540 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:46:12.0587 0x0ff8  gupdate1caccabb97c9540 - ok
12:46:12.0617 0x0ff8  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:46:12.0620 0x0ff8  gupdatem - ok
12:46:12.0702 0x0ff8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:46:12.0708 0x0ff8  gusvc - ok
12:46:12.0797 0x0ff8  [ 7017241A99DD15C51CE94C1C1BA6F7A8, 64D70E04E1617435C1B0E00D153FBBCC2F9F8AD785A18CA84C7C3F8A6DFFBDE0 ] ha10kx2k        C:\Windows\system32\drivers\ha10kx2k.sys
12:46:12.0817 0x0ff8  ha10kx2k - ok
12:46:12.0860 0x0ff8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:46:12.0861 0x0ff8  hcw85cir - ok
12:46:12.0899 0x0ff8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:46:12.0905 0x0ff8  HdAudAddService - ok
12:46:12.0933 0x0ff8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:46:12.0935 0x0ff8  HDAudBus - ok
12:46:12.0955 0x0ff8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:46:12.0958 0x0ff8  HidBatt - ok
12:46:12.0975 0x0ff8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:46:12.0978 0x0ff8  HidBth - ok
12:46:12.0991 0x0ff8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:46:12.0992 0x0ff8  HidIr - ok
12:46:13.0049 0x0ff8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:46:13.0051 0x0ff8  hidserv - ok
12:46:13.0077 0x0ff8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:46:13.0078 0x0ff8  HidUsb - ok
12:46:13.0115 0x0ff8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:46:13.0118 0x0ff8  hkmsvc - ok
12:46:13.0178 0x0ff8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:46:13.0184 0x0ff8  HomeGroupListener - ok
12:46:13.0232 0x0ff8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:46:13.0239 0x0ff8  HomeGroupProvider - ok
12:46:13.0263 0x0ff8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:46:13.0264 0x0ff8  HpSAMD - ok
12:46:13.0341 0x0ff8  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:46:13.0361 0x0ff8  HTTP - ok
12:46:13.0417 0x0ff8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:46:13.0418 0x0ff8  hwpolicy - ok
12:46:13.0461 0x0ff8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:46:13.0464 0x0ff8  i8042prt - ok
12:46:13.0502 0x0ff8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:46:13.0519 0x0ff8  iaStorV - ok
12:46:13.0683 0x0ff8  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:46:13.0685 0x0ff8  IDriverT - ok
12:46:13.0735 0x0ff8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:46:13.0760 0x0ff8  idsvc - ok
12:46:13.0969 0x0ff8  [ BD14C02A9F388CB29620FF68AB6979AD, 1610C888002E1118DFEF86E27462FDBB1F625BD298FC4FCD033FBC76D54EC35E ] IDSVia64        C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160607.001\IDSvia64.sys
12:46:13.0985 0x0ff8  IDSVia64 - ok
12:46:14.0001 0x0ff8  IEEtwCollectorService - ok
12:46:14.0044 0x0ff8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:46:14.0045 0x0ff8  iirsp - ok
12:46:14.0089 0x0ff8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:46:14.0113 0x0ff8  IKEEXT - ok
12:46:14.0220 0x0ff8  [ BAA12AECED01041FFE309048CFDD573A, 7F2B976D4E062E8BE042CDD9D71FB68D68F80665559CF50C490582419E64B273 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:46:14.0244 0x0ff8  IntcAzAudAddService - ok
12:46:14.0318 0x0ff8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:46:14.0319 0x0ff8  intelide - ok
12:46:14.0344 0x0ff8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:46:14.0345 0x0ff8  intelppm - ok
12:46:14.0394 0x0ff8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:46:14.0397 0x0ff8  IPBusEnum - ok
12:46:14.0465 0x0ff8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:14.0468 0x0ff8  IpFilterDriver - ok
12:46:14.0504 0x0ff8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:46:14.0563 0x0ff8  iphlpsvc - ok
12:46:14.0600 0x0ff8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:46:14.0603 0x0ff8  IPMIDRV - ok
12:46:14.0622 0x0ff8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:46:14.0625 0x0ff8  IPNAT - ok
12:46:14.0652 0x0ff8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:46:14.0653 0x0ff8  IRENUM - ok
12:46:14.0687 0x0ff8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:46:14.0688 0x0ff8  isapnp - ok
12:46:14.0722 0x0ff8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:46:14.0728 0x0ff8  iScsiPrt - ok
12:46:14.0756 0x0ff8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:46:14.0758 0x0ff8  kbdclass - ok
12:46:14.0764 0x0ff8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:46:14.0765 0x0ff8  kbdhid - ok
12:46:14.0780 0x0ff8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] KeyIso          C:\Windows\system32\lsass.exe
12:46:14.0782 0x0ff8  KeyIso - ok
12:46:14.0791 0x0ff8  [ 67A1743377EBB5D9A370A8C2086CFDCC, 2F0FD6C1969B1EEEEFFC1A8F972E1E90F1AD9558FF00EC159BC19ED927FD4BF5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:46:14.0793 0x0ff8  KSecDD - ok
12:46:14.0820 0x0ff8  [ 522A1595D5701800DD41B2D472F5AAED, B62924AE94A5AC454AD6057BC133D717BB1C6445BE36D6BECAB76E1600F60C33 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:46:14.0823 0x0ff8  KSecPkg - ok
12:46:14.0845 0x0ff8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:46:14.0846 0x0ff8  ksthunk - ok
12:46:14.0905 0x0ff8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:46:14.0912 0x0ff8  KtmRm - ok
12:46:14.0961 0x0ff8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:46:14.0966 0x0ff8  LanmanServer - ok
12:46:15.0008 0x0ff8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:46:15.0011 0x0ff8  LanmanWorkstation - ok
12:46:15.0170 0x0ff8  [ 95EC0CB52692894E050CFC3573ABC3B2, C592D9534BD7F197FE736E3909F4328801642B3E3B403EFE0F309C466AC11310 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:46:15.0187 0x0ff8  LBTServ - ok
12:46:15.0243 0x0ff8  [ 4838EA42D5BBE1CA6BEE9BBA35E8D2E5, C488363A9416E47FED103C052DDA8CF6B3A82564E6A986BD3B945B40813AC7AA ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
12:46:15.0245 0x0ff8  LEqdUsb - ok
12:46:15.0300 0x0ff8  [ 6F63F8A7FF6D4671973619BCF821B2F5, 70387D45A76623710A03442BDF73BCC584F74BD67A0B7E76C1C848B55136ED60 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
12:46:15.0301 0x0ff8  LHidEqd - ok
12:46:15.0350 0x0ff8  [ E536A1D8502D0CA79B928CAB9EAEB807, B23B461FB1488DC9557946A1C08D1F1B9731F44D80DBC8270A94E21B3742CB06 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:46:15.0352 0x0ff8  LHidFilt - ok
12:46:15.0385 0x0ff8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:46:15.0387 0x0ff8  lltdio - ok
12:46:15.0444 0x0ff8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:46:15.0461 0x0ff8  lltdsvc - ok
12:46:15.0474 0x0ff8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:46:15.0476 0x0ff8  lmhosts - ok
12:46:15.0488 0x0ff8  [ 2E6D0110DACC769AE478ADE6C2572E37, 7135B25486EED41E17E25333E5CED03555F1D473640259E69570115B3BAF92C9 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:46:15.0490 0x0ff8  LMouFilt - ok
12:46:15.0520 0x0ff8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:46:15.0523 0x0ff8  LSI_FC - ok
12:46:15.0539 0x0ff8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:46:15.0541 0x0ff8  LSI_SAS - ok
12:46:15.0556 0x0ff8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:46:15.0559 0x0ff8  LSI_SAS2 - ok
12:46:15.0566 0x0ff8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:46:15.0568 0x0ff8  LSI_SCSI - ok
12:46:15.0588 0x0ff8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:46:15.0590 0x0ff8  luafv - ok
12:46:15.0643 0x0ff8  [ E63D9C01BF354657CF77A8DF3109BEE4, 931556B81AA7E263FA7FE27C1F9676D0C717575B28BDB398C56F4CF156BDEB07 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
12:46:15.0645 0x0ff8  LUsbFilt - ok
12:46:15.0753 0x0ff8  [ 4208B958E35F0E596AA241EFB664636B, 16848BA9052A58D03B420E2E803605CDE59D99E01691CA0FEA92EFE43CB8F318 ] lxduCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe
12:46:15.0782 0x0ff8  lxduCATSCustConnectService - ok
12:46:15.0808 0x0ff8  lxdu_device - ok
12:46:15.0834 0x0ff8  [ 1239597BAB7EED2BB16D035AF87E65D9, 67A4F1C8BA77502404629C3411BA76729435012CFA6D7794C46F31BBC118064E ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
12:46:15.0838 0x0ff8  mbamchameleon - ok
12:46:15.0883 0x0ff8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:46:15.0887 0x0ff8  Mcx2Svc - ok
12:46:15.0904 0x0ff8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:46:15.0906 0x0ff8  megasas - ok
12:46:15.0918 0x0ff8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:46:15.0925 0x0ff8  MegaSR - ok
12:46:15.0973 0x0ff8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:46:15.0976 0x0ff8  MMCSS - ok
12:46:15.0993 0x0ff8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:46:15.0995 0x0ff8  Modem - ok
12:46:16.0039 0x0ff8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:46:16.0040 0x0ff8  monitor - ok
12:46:16.0075 0x0ff8  [ 12588483F1A69AB2970D36D96B07F71B, CDC044F2FDAD3B22B295528A117D93B7DF464DE63E421DAE9C19E7A1535E3743 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
12:46:16.0076 0x0ff8  motccgp - ok
12:46:16.0172 0x0ff8  [ 7ED3A9C3763725BD700946971215EE77, 6150D52945E10B69CFA5E3E637DCEBA67158092C6350B4AFE456EA846CA90C18 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
12:46:16.0175 0x0ff8  Motorola Device Manager - ok
12:46:16.0200 0x0ff8  [ 19BC2161C3FCCED802F1BCD9B78C3466, 2EA39F23C49191A4651CD785A742554801A4AC59AACE1993B3A30EA137B4A321 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
12:46:16.0201 0x0ff8  MotoSwitchService - ok
12:46:16.0225 0x0ff8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:46:16.0227 0x0ff8  mouclass - ok
12:46:16.0245 0x0ff8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:46:16.0246 0x0ff8  mouhid - ok
12:46:16.0285 0x0ff8  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:46:16.0288 0x0ff8  mountmgr - ok
12:46:16.0339 0x0ff8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:46:16.0343 0x0ff8  mpio - ok
12:46:16.0361 0x0ff8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:46:16.0363 0x0ff8  mpsdrv - ok
12:46:16.0441 0x0ff8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:46:16.0473 0x0ff8  MpsSvc - ok
12:46:16.0501 0x0ff8  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:46:16.0503 0x0ff8  MRxDAV - ok
12:46:16.0522 0x0ff8  [ B2081803D510DCE174992BA880EDCA70, 37DB53C9756EC03EB7165DEB58251615D70B7C86DF32A54DE25ADAF30A04D792 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:16.0525 0x0ff8  mrxsmb - ok
12:46:16.0583 0x0ff8  [ 552FA62B0EFECD22D8D52499324BCA4F, C3A02C9C30C36928AC7B1025496544967187A05BEF5D100B54F2C0155E47145C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:16.0588 0x0ff8  mrxsmb10 - ok
12:46:16.0599 0x0ff8  [ 97687971F9CB30E2633DE0F1296B9F61, 865DA87523E4C32D65D55D5475A5CDDFA10699780DA500E6D606384FB3BEB1BE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:16.0601 0x0ff8  mrxsmb20 - ok
12:46:16.0622 0x0ff8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:46:16.0624 0x0ff8  msahci - ok
12:46:16.0653 0x0ff8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:46:16.0655 0x0ff8  msdsm - ok
12:46:16.0675 0x0ff8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:46:16.0679 0x0ff8  MSDTC - ok
12:46:16.0738 0x0ff8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:46:16.0739 0x0ff8  Msfs - ok
12:46:16.0752 0x0ff8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:46:16.0753 0x0ff8  mshidkmdf - ok
12:46:16.0776 0x0ff8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:46:16.0777 0x0ff8  msisadrv - ok
12:46:16.0846 0x0ff8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:46:16.0851 0x0ff8  MSiSCSI - ok
12:46:16.0855 0x0ff8  msiserver - ok
12:46:16.0872 0x0ff8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:46:16.0873 0x0ff8  MSKSSRV - ok
12:46:16.0900 0x0ff8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:16.0900 0x0ff8  MSPCLOCK - ok
12:46:16.0910 0x0ff8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:46:16.0910 0x0ff8  MSPQM - ok
12:46:16.0965 0x0ff8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:46:16.0971 0x0ff8  MsRPC - ok
12:46:16.0986 0x0ff8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:46:16.0987 0x0ff8  mssmbios - ok
12:46:17.0006 0x0ff8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:46:17.0007 0x0ff8  MSTEE - ok
12:46:17.0017 0x0ff8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:46:17.0018 0x0ff8  MTConfig - ok
12:46:17.0036 0x0ff8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:46:17.0037 0x0ff8  Mup - ok
12:46:17.0088 0x0ff8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:46:17.0103 0x0ff8  napagent - ok
12:46:17.0139 0x0ff8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:46:17.0144 0x0ff8  NativeWifiP - ok
12:46:17.0273 0x0ff8  [ 2892939B5ED33D1D90B6DECBFE0DED19, 86E4BDD283351B6B700DF34D101C230ACABAF27866CDA19EAEBF215EA557B3A6 ] NAVENG          C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160608.001\ENG64.SYS
12:46:17.0275 0x0ff8  NAVENG - ok
12:46:17.0349 0x0ff8  [ 967CC229AB24D8576F8D4494E91400BC, 8EE751756668934DB2A63EFECDE0A355E28AC7C5820EC22FF750528FACF30E70 ] NAVEX15         C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160608.001\EX64.SYS
12:46:17.0382 0x0ff8  NAVEX15 - ok
12:46:17.0432 0x0ff8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:46:17.0457 0x0ff8  NDIS - ok
12:46:17.0475 0x0ff8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:46:17.0477 0x0ff8  NdisCap - ok
12:46:17.0489 0x0ff8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:46:17.0490 0x0ff8  NdisTapi - ok
12:46:17.0535 0x0ff8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:46:17.0537 0x0ff8  Ndisuio - ok
12:46:17.0593 0x0ff8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:46:17.0598 0x0ff8  NdisWan - ok
12:46:17.0642 0x0ff8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:46:17.0644 0x0ff8  NDProxy - ok
12:46:17.0657 0x0ff8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:46:17.0659 0x0ff8  NetBIOS - ok
12:46:17.0718 0x0ff8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:46:17.0722 0x0ff8  NetBT - ok
12:46:17.0730 0x0ff8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] Netlogon        C:\Windows\system32\lsass.exe
12:46:17.0731 0x0ff8  Netlogon - ok
12:46:17.0798 0x0ff8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:46:17.0813 0x0ff8  Netman - ok
12:46:17.0890 0x0ff8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:46:17.0910 0x0ff8  NetMsmqActivator - ok
12:46:17.0917 0x0ff8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:46:17.0920 0x0ff8  NetPipeActivator - ok
12:46:17.0966 0x0ff8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:46:17.0981 0x0ff8  netprofm - ok
12:46:17.0990 0x0ff8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:46:17.0994 0x0ff8  NetTcpActivator - ok
12:46:18.0000 0x0ff8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:46:18.0003 0x0ff8  NetTcpPortSharing - ok
12:46:18.0019 0x0ff8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:46:18.0020 0x0ff8  nfrd960 - ok
12:46:18.0137 0x0ff8  [ 5FC789D07179B1AA9BB70B1BA1C9B606, ACB3FDE814822A2B53F911490F6C34E2994B3FA46585043D33A2357213F38243 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe
12:46:18.0143 0x0ff8  NIS - ok
12:46:18.0173 0x0ff8  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:46:18.0181 0x0ff8  NlaSvc - ok
12:46:18.0214 0x0ff8  NPF - ok
12:46:18.0232 0x0ff8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:46:18.0233 0x0ff8  Npfs - ok
12:46:18.0271 0x0ff8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:46:18.0273 0x0ff8  nsi - ok
12:46:18.0288 0x0ff8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:46:18.0289 0x0ff8  nsiproxy - ok
12:46:18.0364 0x0ff8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:46:18.0416 0x0ff8  Ntfs - ok
12:46:18.0430 0x0ff8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:46:18.0431 0x0ff8  Null - ok
12:46:18.0508 0x0ff8  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
12:46:18.0524 0x0ff8  NVENETFD - ok
12:46:18.0560 0x0ff8  [ D812362E8AF615B521AD4DF19A93BD5A, B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
12:46:18.0564 0x0ff8  NVHDA - ok
12:46:18.0864 0x0ff8  [ 6DDB922F08C17C342F1FB868D7EB22CD, A62E476FD377EA9974122DC7C426735B6BE5CECCD0D3DA22502DF7CBB208B49E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:46:19.0032 0x0ff8  nvlddmkm - ok
12:46:19.0200 0x0ff8  [ FB9407F47E184208E4880FA1DC28B9D4, 7FCA90AF10F9C578B928B93301EF3FB85157BB71D9F6865D6CD5CB5C0ECF3A2F ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:46:19.0247 0x0ff8  NvNetworkService - ok
12:46:19.0279 0x0ff8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:46:19.0282 0x0ff8  nvraid - ok
12:46:19.0310 0x0ff8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:46:19.0312 0x0ff8  nvstor - ok
12:46:19.0349 0x0ff8  [ 9F0938D041D6203DA3B95AA3EBE4C34E, 4BBF1E49C9B521C42ABAAC1A4274E785F4E20611D091D5BE218408A2D5753B0E ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
12:46:19.0350 0x0ff8  NvStreamKms - ok
12:46:19.0581 0x0ff8  [ 2F6ABCFB6B992A4DF5EFD9E6B7BAFF2B, 17864F9BE08F76E6875167A2E9CA15A01C12872635399FF66CEBEA91FE43B541 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
12:46:19.0800 0x0ff8  NvStreamNetworkSvc - ok
12:46:20.0002 0x0ff8  [ A8FD46F7EA7410847C3EBE84C4B18BB1, 6F428B26035268131F4AFED141307642FB20042B998BDDF6C3E27306711A6067 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
12:46:20.0177 0x0ff8  NvStreamSvc - ok
12:46:20.0265 0x0ff8  [ 5A3DE85307FB54C09C0D1D52B97916FE, EAE8FF99337557F60078F94F952BAC48880CA279A763FD14E098E34B4EE8534F ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:46:20.0338 0x0ff8  nvsvc - ok
12:46:20.0361 0x0ff8  [ 35DFC12FD7E44B7CB8CCD7E5A2B3975A, 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:46:20.0364 0x0ff8  nvvad_WaveExtensible - ok
12:46:20.0379 0x0ff8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:46:20.0383 0x0ff8  nv_agp - ok
12:46:20.0503 0x0ff8  [ 1F0E05DFF4F5A833168E49BE1256F002, A858267572033C185293B0FD15B2BFDA679D0771A14C0ADF24461B529DBAD8DF ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:46:20.0520 0x0ff8  odserv - ok
12:46:20.0532 0x0ff8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:46:20.0534 0x0ff8  ohci1394 - ok
12:46:20.0668 0x0ff8  [ 7D006FC340B301A1DEAFB5878C078A12, 245A4647DEB2CD5D0C3FF07B45D50D6EE039733000C7F7FEC0A1B58162594B9D ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
12:46:20.0721 0x0ff8  Origin Client Service - ok
12:46:20.0768 0x0ff8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:46:20.0771 0x0ff8  ose - ok
12:46:20.0819 0x0ff8  [ FE020BA32ACCC3CB012B52643A5977AE, 1FCD71C8838B067AD7E151EDE0F1C374995A0B94CCE93FF7E5D14ADB82B14584 ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
12:46:20.0824 0x0ff8  ossrv - ok
12:46:20.0876 0x0ff8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:46:20.0893 0x0ff8  p2pimsvc - ok
12:46:20.0945 0x0ff8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:46:20.0962 0x0ff8  p2psvc - ok
12:46:21.0004 0x0ff8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:46:21.0007 0x0ff8  Parport - ok
12:46:21.0056 0x0ff8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:46:21.0058 0x0ff8  partmgr - ok
12:46:21.0080 0x0ff8  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:46:21.0086 0x0ff8  PcaSvc - ok
12:46:21.0106 0x0ff8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:46:21.0111 0x0ff8  pci - ok
12:46:21.0132 0x0ff8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:46:21.0133 0x0ff8  pciide - ok
12:46:21.0158 0x0ff8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:46:21.0164 0x0ff8  pcmcia - ok
12:46:21.0182 0x0ff8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:46:21.0184 0x0ff8  pcw - ok
12:46:21.0216 0x0ff8  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:46:21.0244 0x0ff8  PEAUTH - ok
12:46:21.0396 0x0ff8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:46:21.0398 0x0ff8  PerfHost - ok
12:46:21.0494 0x0ff8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:46:21.0534 0x0ff8  pla - ok
12:46:21.0581 0x0ff8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:46:21.0597 0x0ff8  PlugPlay - ok
12:46:21.0604 0x0ff8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:46:21.0607 0x0ff8  PNRPAutoReg - ok
12:46:21.0624 0x0ff8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:46:21.0630 0x0ff8  PNRPsvc - ok
12:46:21.0684 0x0ff8  [ 520D48ECB54A33821C95EE496A4235AF, 3C7984E480F134E303E6AD03A3837515F3E03A4727F1AD184BD1D8C71D68FFEF ] Point64         C:\Windows\system32\DRIVERS\point64.sys
12:46:21.0685 0x0ff8  Point64 - ok
12:46:21.0736 0x0ff8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:46:21.0753 0x0ff8  PolicyAgent - ok
12:46:21.0803 0x0ff8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:46:21.0809 0x0ff8  Power - ok
12:46:21.0875 0x0ff8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:46:21.0878 0x0ff8  PptpMiniport - ok
12:46:21.0891 0x0ff8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:46:21.0893 0x0ff8  Processor - ok
12:46:21.0937 0x0ff8  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:46:21.0943 0x0ff8  ProfSvc - ok
12:46:21.0980 0x0ff8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:46:21.0982 0x0ff8  ProtectedStorage - ok
12:46:22.0039 0x0ff8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:46:22.0042 0x0ff8  Psched - ok
12:46:22.0123 0x0ff8  [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
12:46:22.0125 0x0ff8  PST Service - ok
12:46:22.0195 0x0ff8  [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:46:22.0197 0x0ff8  PxHlpa64 - ok
12:46:22.0261 0x0ff8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:46:22.0346 0x0ff8  ql2300 - ok
12:46:22.0363 0x0ff8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:46:22.0365 0x0ff8  ql40xx - ok
12:46:22.0429 0x0ff8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:46:22.0436 0x0ff8  QWAVE - ok
12:46:22.0452 0x0ff8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:46:22.0454 0x0ff8  QWAVEdrv - ok
12:46:22.0465 0x0ff8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:46:22.0466 0x0ff8  RasAcd - ok
12:46:22.0500 0x0ff8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:46:22.0501 0x0ff8  RasAgileVpn - ok
12:46:22.0514 0x0ff8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:46:22.0518 0x0ff8  RasAuto - ok
12:46:22.0557 0x0ff8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:46:22.0560 0x0ff8  Rasl2tp - ok
12:46:22.0633 0x0ff8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:46:22.0650 0x0ff8  RasMan - ok
12:46:22.0665 0x0ff8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:46:22.0668 0x0ff8  RasPppoe - ok
12:46:22.0680 0x0ff8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:46:22.0682 0x0ff8  RasSstp - ok
12:46:22.0722 0x0ff8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:46:22.0728 0x0ff8  rdbss - ok
12:46:22.0742 0x0ff8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:46:22.0743 0x0ff8  rdpbus - ok
12:46:22.0753 0x0ff8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:46:22.0753 0x0ff8  RDPCDD - ok
12:46:22.0784 0x0ff8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:46:22.0785 0x0ff8  RDPENCDD - ok
12:46:22.0795 0x0ff8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:46:22.0795 0x0ff8  RDPREFMP - ok
12:46:22.0872 0x0ff8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:46:22.0873 0x0ff8  RdpVideoMiniport - ok
12:46:22.0902 0x0ff8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:46:22.0908 0x0ff8  RDPWD - ok
12:46:22.0963 0x0ff8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:46:22.0968 0x0ff8  rdyboost - ok
12:46:23.0022 0x0ff8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:46:23.0026 0x0ff8  RemoteAccess - ok
12:46:23.0064 0x0ff8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:46:23.0070 0x0ff8  RemoteRegistry - ok
12:46:23.0096 0x0ff8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:46:23.0100 0x0ff8  RpcEptMapper - ok
12:46:23.0132 0x0ff8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:46:23.0133 0x0ff8  RpcLocator - ok
12:46:23.0200 0x0ff8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:46:23.0212 0x0ff8  RpcSs - ok
12:46:23.0225 0x0ff8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:46:23.0227 0x0ff8  rspndr - ok
12:46:23.0259 0x0ff8  [ 38CD6EF5B287E8B116D20570898A1C9E, 623DA29C254BB926CA5EE0F15E82A2A9EE4E5EBB9CE72790DFBCAC4579D9C1CE ] rusb3hub        C:\Windows\system32\DRIVERS\rusb3hub.sys
12:46:23.0261 0x0ff8  rusb3hub - ok
12:46:23.0274 0x0ff8  [ 2564ADA4BF5AAC60AE417CD8067401A3, BF0E757F4C2D0065265F39D88815A3C71ECF64C665A8A615671CDBF36096F017 ] rusb3xhc        C:\Windows\system32\DRIVERS\rusb3xhc.sys
12:46:23.0277 0x0ff8  rusb3xhc - ok
12:46:23.0288 0x0ff8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] SamSs           C:\Windows\system32\lsass.exe
12:46:23.0289 0x0ff8  SamSs - ok
12:46:23.0451 0x0ff8  [ 5EFBBFCC6ADAC121C8E2FE76641ED329, 0EAB16C7F54B61620277977F8C332737081A46BC6BBDE50742B6904BDD54F502 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\Sandra.sys
12:46:23.0452 0x0ff8  SANDRA - ok
12:46:23.0495 0x0ff8  [ 46DDC984860A694D1CA838A773FF1974, 07FC5404007936BDF77513313FF3D05F4348630EEA7817DDCF1996E5B1DEC6D0 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe
12:46:23.0498 0x0ff8  SandraAgentSrv - ok
12:46:23.0528 0x0ff8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:46:23.0531 0x0ff8  sbp2port - ok
12:46:23.0587 0x0ff8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:46:23.0593 0x0ff8  SCardSvr - ok
12:46:23.0641 0x0ff8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:46:23.0642 0x0ff8  scfilter - ok
12:46:23.0722 0x0ff8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:46:23.0758 0x0ff8  Schedule - ok
12:46:23.0812 0x0ff8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:46:23.0813 0x0ff8  SCPolicySvc - ok
12:46:23.0854 0x0ff8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:46:23.0860 0x0ff8  SDRSVC - ok
12:46:23.0958 0x0ff8  [ 271077B91D7AD1B616F8AFDFE8E3F981, 1007314A72040A113AF2D7FE09139FD0E7E605CBFEC2287C0829FBE052A30882 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:46:23.0972 0x0ff8  SeaPort - ok
12:46:23.0998 0x0ff8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:46:23.0999 0x0ff8  secdrv - ok
12:46:24.0048 0x0ff8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:46:24.0050 0x0ff8  seclogon - ok
12:46:24.0075 0x0ff8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:46:24.0079 0x0ff8  SENS - ok
12:46:24.0101 0x0ff8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:46:24.0103 0x0ff8  SensrSvc - ok
12:46:24.0116 0x0ff8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:46:24.0117 0x0ff8  Serenum - ok
12:46:24.0172 0x0ff8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:46:24.0175 0x0ff8  Serial - ok
12:46:24.0199 0x0ff8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:46:24.0200 0x0ff8  sermouse - ok
12:46:24.0230 0x0ff8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:46:24.0233 0x0ff8  SessionEnv - ok
12:46:24.0262 0x0ff8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:46:24.0263 0x0ff8  sffdisk - ok
12:46:24.0276 0x0ff8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:46:24.0277 0x0ff8  sffp_mmc - ok
12:46:24.0283 0x0ff8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:46:24.0284 0x0ff8  sffp_sd - ok
12:46:24.0297 0x0ff8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:46:24.0298 0x0ff8  sfloppy - ok
12:46:24.0432 0x0ff8  [ 43ADBE70270DFD40EBDA4DD0E492B5FB, AE5B8B8E7926E32EBED56A1296241E0CB50EEA14B1F766C6DF504BCCADB3CE42 ] SgtSch2Svc      C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
12:46:24.0445 0x0ff8  SgtSch2Svc - ok
12:46:24.0517 0x0ff8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:46:24.0534 0x0ff8  SharedAccess - ok
12:46:24.0590 0x0ff8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:46:24.0599 0x0ff8  ShellHWDetection - ok
12:46:24.0616 0x0ff8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:46:24.0618 0x0ff8  SiSRaid2 - ok
12:46:24.0632 0x0ff8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:46:24.0635 0x0ff8  SiSRaid4 - ok
12:46:24.0652 0x0ff8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:46:24.0655 0x0ff8  Smb - ok
12:46:24.0736 0x0ff8  [ 8AC15211EB4BF019AAB0022781CC8AD0, 56EBD1F50E22615D3C4FB98C2FD7D241E114AE83C0B225906FC81A7F1AF87AE5 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
12:46:24.0742 0x0ff8  snapman - ok
12:46:24.0776 0x0ff8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:46:24.0778 0x0ff8  SNMPTRAP - ok
12:46:24.0787 0x0ff8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:46:24.0788 0x0ff8  spldr - ok
12:46:24.0843 0x0ff8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:46:24.0875 0x0ff8  Spooler - ok
12:46:25.0018 0x0ff8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:46:25.0125 0x0ff8  sppsvc - ok
12:46:25.0150 0x0ff8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:46:25.0152 0x0ff8  sppuinotify - ok
12:46:25.0338 0x0ff8  [ D6786650A26543FFF83806057458B96E, 1002A5E6338255ACF9E7DD901378CB8BCE0FC6A7503C6D78EEBF8BAD619ECBC4 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1606000.08E\SRTSP64.SYS
12:46:25.0360 0x0ff8  SRTSP - ok
12:46:25.0414 0x0ff8  [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX          C:\Windows\system32\drivers\NISx64\1606000.08E\SRTSPX64.SYS
12:46:25.0417 0x0ff8  SRTSPX - ok
12:46:25.0476 0x0ff8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:46:25.0531 0x0ff8  srv - ok
12:46:25.0589 0x0ff8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:46:25.0620 0x0ff8  srv2 - ok
12:46:25.0647 0x0ff8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:46:25.0652 0x0ff8  srvnet - ok
12:46:25.0711 0x0ff8  [ F4F1E1FF6986FE8914525AF751EA3EAC, 2A3E5C630E8B9F0977F137D5D87D864055F46FCB66C7C13AF16CC26828C2A3C6 ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
12:46:25.0715 0x0ff8  sscdbus - ok
12:46:25.0779 0x0ff8  [ 5447690D2CFE1BDE1BE3A5A5A3E2F796, 0250FFC417DD146F3A15FE6304DC23DFF815E6620FA36F0319B53D65E36900D3 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
12:46:25.0780 0x0ff8  sscdmdfl - ok
12:46:25.0816 0x0ff8  [ BFDA292053AEB76A0C1D63B2279D5138, 0FDA13220C63D7D2639FB8CB39721076CD585673E6812D5A916E6C24AE395CE1 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
12:46:25.0820 0x0ff8  sscdmdm - ok
12:46:25.0878 0x0ff8  [ 05FFA552F578E27AB2D41B6828DB477F, F3292A431D656C039F4300AA584FA13F26A69B351C2F903B3E47CEF464A6233A ] sscdserd        C:\Windows\system32\DRIVERS\sscdserd.sys
12:46:25.0882 0x0ff8  sscdserd - ok
12:46:25.0944 0x0ff8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:46:25.0951 0x0ff8  SSDPSRV - ok
12:46:25.0967 0x0ff8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:46:25.0971 0x0ff8  SstpSvc - ok
12:46:26.0037 0x0ff8  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:46:26.0042 0x0ff8  ssudmdm - ok
12:46:26.0138 0x0ff8  [ BE826A247D22F2FDF24B92AD40049F89, 06996ECCE5A694DEFDC99DB56F45DD0ABD9A2150581F1FD132FBBD863C474DE3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:46:26.0157 0x0ff8  Steam Client Service - ok
12:46:26.0267 0x0ff8  [ 937821881026EBE17DA25285CD5461A8, 79C503798BD6CE218598229AAB417EBD43E151A2E821BE99E138BFA9F841103A ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:46:26.0277 0x0ff8  Stereo Service - ok
12:46:26.0330 0x0ff8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:46:26.0332 0x0ff8  stexstor - ok
12:46:26.0407 0x0ff8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:46:26.0432 0x0ff8  stisvc - ok
12:46:26.0479 0x0ff8  [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:46:26.0481 0x0ff8  stllssvr - ok
12:46:26.0548 0x0ff8  [ 745E8BDD1AD92BCE97DBCF1BA60D4045, 990D27C9D8CDBF3826102B79E28312181337E43792F1F8F8550241D219848C77 ] SUSTUCAM        C:\Windows\system32\DRIVERS\sustucam.sys
12:46:26.0550 0x0ff8  SUSTUCAM - ok
12:46:26.0569 0x0ff8  [ C7C1C5CA51447B273A6C8BC972397BA5, 107689755D4275742B4C8111FD8A875A19627AE3BD9DA7885D47F1F8931264DA ] SUSTUCAP        C:\Windows\system32\DRIVERS\sustucap.sys
12:46:26.0571 0x0ff8  SUSTUCAP - ok
12:46:26.0625 0x0ff8  [ A69A9A9FE119907E85BB30CDFBFB2A38, C05ACDD3B03DB39F037AF1E639E1D41782B2DB63CC72422BACCDCFC3393FD20F ] SUSTUCAU        C:\Windows\system32\DRIVERS\sustucau.sys
12:46:26.0627 0x0ff8  SUSTUCAU - ok
12:46:26.0649 0x0ff8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:46:26.0650 0x0ff8  swenum - ok
12:46:26.0675 0x0ff8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:46:26.0692 0x0ff8  swprv - ok
12:46:26.0770 0x0ff8  [ 267C914667C94E5F47D342311C1C577F, E4FE7A8E41680E6845AD4D0FEEF4EDA6DACAE7728D2401520175AAD8ED16ABAD ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
12:46:26.0785 0x0ff8  Symantec RemoteAssist - ok
12:46:26.0904 0x0ff8  [ 6F227CF9E64364578E2DABD1EF6E51A4, D5223B441A319D4C57FDBEA9BFBB8E5C95CA6F7B6AE6F4029BCE84A5CCE51B33 ] SymEFASI        C:\Windows\system32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS
12:46:26.0952 0x0ff8  SymEFASI - ok
12:46:26.0991 0x0ff8  [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:46:26.0994 0x0ff8  SymEvent - ok
12:46:27.0048 0x0ff8  [ EC8538693C84E5B85014CB0F4174A8B7, 570D4193A5616A65962D086048D51C37BE166B77ED7293DF3E8871A502831261 ] SymIRON         C:\Windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS
12:46:27.0056 0x0ff8  SymIRON - ok
12:46:27.0096 0x0ff8  [ 751C968945EFD42469FE52D6CE384196, 3386681036909F60A249951009822190EFB1C390D2F46E7EFE44893F28D0F31C ] SymNetS         C:\Windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS
12:46:27.0110 0x0ff8  SymNetS - ok
12:46:27.0205 0x0ff8  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
12:46:27.0253 0x0ff8  SysMain - ok
12:46:27.0295 0x0ff8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:46:27.0299 0x0ff8  TabletInputService - ok
12:46:27.0350 0x0ff8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:46:27.0367 0x0ff8  TapiSrv - ok
12:46:27.0405 0x0ff8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:46:27.0409 0x0ff8  TBS - ok
12:46:27.0505 0x0ff8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:46:27.0560 0x0ff8  Tcpip - ok
12:46:27.0630 0x0ff8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:46:27.0658 0x0ff8  TCPIP6 - ok
12:46:27.0680 0x0ff8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:46:27.0681 0x0ff8  tcpipreg - ok
12:46:27.0733 0x0ff8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:46:27.0734 0x0ff8  TDPIPE - ok
12:46:27.0827 0x0ff8  [ 247C09D7F34CB47CE0AA7C67B25DD78A, F8E89AFE7345CBB87D63A936440CD5F86EFB76198A83226AF58F036573ACFD58 ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
12:46:27.0839 0x0ff8  tdrpman - ok
12:46:27.0894 0x0ff8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:46:27.0895 0x0ff8  TDTCP - ok
12:46:27.0932 0x0ff8  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:46:27.0935 0x0ff8  tdx - ok
12:46:27.0968 0x0ff8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:46:27.0970 0x0ff8  TermDD - ok
12:46:28.0018 0x0ff8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:46:28.0043 0x0ff8  TermService - ok
12:46:28.0060 0x0ff8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:46:28.0062 0x0ff8  Themes - ok
12:46:28.0114 0x0ff8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:46:28.0116 0x0ff8  THREADORDER - ok
12:46:28.0124 0x0ff8  [ 3E24B7FE52BC455DA8D6E2CC2B4CA23F, 0AC9C626F0ED7F27CCE0236897D44836789331953AA0A73B2A88E4A91CF996B6 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
12:46:28.0126 0x0ff8  tifsfilter - ok
12:46:28.0151 0x0ff8  [ EC4FD4D147985A97E881729E808E6F34, 6C1B15AE8E1F4E3B50856EF2CBFEE28D5FAC9C7276D0922E286A7BD6514DA74A ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
12:46:28.0163 0x0ff8  timounter - ok
12:46:28.0185 0x0ff8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:46:28.0189 0x0ff8  TrkWks - ok
12:46:28.0273 0x0ff8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:46:28.0276 0x0ff8  TrustedInstaller - ok
12:46:28.0386 0x0ff8  [ 02C16294D7903FC0C7F2DE953126B28A, 994EEB3BBBA4A041A7E150EA62C5883672484B1B149B8F157811D96F63E1FFB4 ] TryAndDecideService C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
12:46:28.0393 0x0ff8  TryAndDecideService - ok
12:46:28.0415 0x0ff8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:46:28.0417 0x0ff8  tssecsrv - ok
12:46:28.0445 0x0ff8  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:46:28.0447 0x0ff8  TsUsbFlt - ok
12:46:28.0527 0x0ff8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:46:28.0530 0x0ff8  tunnel - ok
12:46:28.0599 0x0ff8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:46:28.0602 0x0ff8  uagp35 - ok
12:46:28.0670 0x0ff8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:46:28.0676 0x0ff8  udfs - ok
12:46:28.0745 0x0ff8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:46:28.0748 0x0ff8  UI0Detect - ok
12:46:28.0759 0x0ff8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:46:28.0760 0x0ff8  uliagpkx - ok
12:46:28.0789 0x0ff8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
12:46:28.0790 0x0ff8  umbus - ok
12:46:28.0799 0x0ff8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:46:28.0800 0x0ff8  UmPass - ok
12:46:28.0821 0x0ff8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:46:28.0829 0x0ff8  upnphost - ok
12:46:28.0887 0x0ff8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:46:28.0889 0x0ff8  USBAAPL64 - ok
12:46:28.0944 0x0ff8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:46:28.0950 0x0ff8  usbaudio - ok
12:46:28.0965 0x0ff8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:46:28.0968 0x0ff8  usbccgp - ok
12:46:28.0993 0x0ff8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:46:28.0996 0x0ff8  usbcir - ok
12:46:29.0012 0x0ff8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:46:29.0013 0x0ff8  usbehci - ok
12:46:29.0034 0x0ff8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:46:29.0041 0x0ff8  usbhub - ok
12:46:29.0071 0x0ff8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:46:29.0072 0x0ff8  usbohci - ok
12:46:29.0100 0x0ff8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:46:29.0101 0x0ff8  usbprint - ok
12:46:29.0120 0x0ff8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
12:46:29.0121 0x0ff8  usbscan - ok
12:46:29.0137 0x0ff8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:46:29.0139 0x0ff8  USBSTOR - ok
12:46:29.0149 0x0ff8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:46:29.0151 0x0ff8  usbuhci - ok
12:46:29.0205 0x0ff8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:46:29.0208 0x0ff8  UxSms - ok
12:46:29.0213 0x0ff8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:46:29.0215 0x0ff8  VaultSvc - ok
12:46:29.0311 0x0ff8  [ C2BAA23FB733FCD81A1153A9725F783F, 038968EAA60D731361786DAA6A97E8372E174536A37F8356F70DBC12605C67C1 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:46:29.0314 0x0ff8  VBoxNetAdp - ok
12:46:29.0341 0x0ff8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:46:29.0342 0x0ff8  vdrvroot - ok
12:46:29.0413 0x0ff8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:46:29.0480 0x0ff8  vds - ok
12:46:29.0501 0x0ff8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:46:29.0503 0x0ff8  vga - ok
12:46:29.0514 0x0ff8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:46:29.0516 0x0ff8  VgaSave - ok
12:46:29.0537 0x0ff8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:46:29.0542 0x0ff8  vhdmp - ok
12:46:29.0553 0x0ff8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:46:29.0554 0x0ff8  viaide - ok
12:46:29.0573 0x0ff8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:46:29.0575 0x0ff8  volmgr - ok
12:46:29.0630 0x0ff8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:46:29.0638 0x0ff8  volmgrx - ok
12:46:29.0652 0x0ff8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:46:29.0658 0x0ff8  volsnap - ok
12:46:29.0676 0x0ff8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:46:29.0679 0x0ff8  vsmraid - ok
12:46:29.0767 0x0ff8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:46:29.0809 0x0ff8  VSS - ok
12:46:29.0823 0x0ff8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:46:29.0824 0x0ff8  vwifibus - ok
12:46:29.0837 0x0ff8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:46:29.0844 0x0ff8  W32Time - ok
12:46:29.0865 0x0ff8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:46:29.0866 0x0ff8  WacomPen - ok
12:46:29.0885 0x0ff8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:46:29.0887 0x0ff8  WANARP - ok
12:46:29.0892 0x0ff8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:46:29.0894 0x0ff8  Wanarpv6 - ok
12:46:29.0994 0x0ff8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:46:30.0046 0x0ff8  WatAdminSvc - ok
12:46:30.0146 0x0ff8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:46:30.0212 0x0ff8  wbengine - ok
12:46:30.0272 0x0ff8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:46:30.0277 0x0ff8  WbioSrvc - ok
12:46:30.0327 0x0ff8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:46:30.0343 0x0ff8  wcncsvc - ok
12:46:30.0402 0x0ff8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:46:30.0406 0x0ff8  WcsPlugInService - ok
12:46:30.0449 0x0ff8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:46:30.0450 0x0ff8  Wd - ok
12:46:30.0504 0x0ff8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:46:30.0529 0x0ff8  Wdf01000 - ok
12:46:30.0555 0x0ff8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:46:30.0558 0x0ff8  WdiServiceHost - ok
12:46:30.0562 0x0ff8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:46:30.0565 0x0ff8  WdiSystemHost - ok
12:46:30.0613 0x0ff8  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
12:46:30.0618 0x0ff8  WebClient - ok
12:46:30.0642 0x0ff8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:46:30.0647 0x0ff8  Wecsvc - ok
12:46:30.0708 0x0ff8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:46:30.0711 0x0ff8  wercplsupport - ok
12:46:30.0735 0x0ff8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:46:30.0739 0x0ff8  WerSvc - ok
12:46:30.0761 0x0ff8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:46:30.0761 0x0ff8  WfpLwf - ok
12:46:30.0777 0x0ff8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:46:30.0778 0x0ff8  WIMMount - ok
12:46:30.0825 0x0ff8  WinDefend - ok
12:46:30.0845 0x0ff8  WinHttpAutoProxySvc - ok
12:46:30.0933 0x0ff8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:46:30.0940 0x0ff8  Winmgmt - ok
12:46:31.0020 0x0ff8  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:46:31.0078 0x0ff8  WinRM - ok
12:46:31.0139 0x0ff8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:46:31.0141 0x0ff8  WinUsb - ok
12:46:31.0204 0x0ff8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:46:31.0229 0x0ff8  Wlansvc - ok
12:46:31.0411 0x0ff8  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:46:31.0472 0x0ff8  wlidsvc - ok
12:46:31.0503 0x0ff8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:46:31.0504 0x0ff8  WmiAcpi - ok
12:46:31.0561 0x0ff8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:46:31.0565 0x0ff8  wmiApSrv - ok
12:46:31.0626 0x0ff8  WMPNetworkSvc - ok
12:46:31.0638 0x0ff8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:46:31.0640 0x0ff8  WPCSvc - ok
12:46:31.0691 0x0ff8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:46:31.0695 0x0ff8  WPDBusEnum - ok
12:46:31.0739 0x0ff8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:46:31.0740 0x0ff8  ws2ifsl - ok
12:46:31.0755 0x0ff8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:46:31.0758 0x0ff8  wscsvc - ok
12:46:31.0761 0x0ff8  WSearch - ok
12:46:31.0852 0x0ff8  [ 499034D7F1F6AF49F9EE12F8822793CB, 55D591C4861AF66C6B9201BF78808B2ECE7B79D95C6BB07FF0ED87EFE63DD99E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:46:31.0935 0x0ff8  wuauserv - ok
12:46:31.0988 0x0ff8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:46:31.0990 0x0ff8  WudfPf - ok
12:46:32.0055 0x0ff8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:46:32.0059 0x0ff8  WUDFRd - ok
12:46:32.0104 0x0ff8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:46:32.0107 0x0ff8  wudfsvc - ok
12:46:32.0134 0x0ff8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:46:32.0139 0x0ff8  WwanSvc - ok
12:46:32.0143 0x0ff8  ================ Scan global ===============================
12:46:32.0178 0x0ff8  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
12:46:32.0233 0x0ff8  [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
12:46:32.0275 0x0ff8  [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
12:46:32.0328 0x0ff8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:46:32.0373 0x0ff8  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
12:46:32.0379 0x0ff8  [ Global ] - ok
12:46:32.0380 0x0ff8  ================ Scan MBR ==================================
12:46:32.0388 0x0ff8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:46:32.0678 0x0ff8  \Device\Harddisk0\DR0 - ok
12:46:32.0678 0x0ff8  ================ Scan VBR ==================================
12:46:32.0681 0x0ff8  [ 8B71422424A60DC4562F9C24A953E1CE ] \Device\Harddisk0\DR0\Partition1
12:46:32.0712 0x0ff8  \Device\Harddisk0\DR0\Partition1 - ok
12:46:32.0713 0x0ff8  [ B3DC4532F5C448CDBFFD9184E4766DD3 ] \Device\Harddisk0\DR0\Partition2
12:46:32.0716 0x0ff8  \Device\Harddisk0\DR0\Partition2 - ok
12:46:32.0717 0x0ff8  ================ Scan generic autorun ======================
12:46:32.0719 0x0ff8  AsioReg - ok
12:46:32.0867 0x0ff8  [ 432BE6CF7311062633459EEF6B242FB5, 890C1734ED1EF6B2422A9B21D6205CF91E014ADD8A7F41AA5A294FCF60631A7B ] C:\Windows\SYSWOW64\REGSVR32.EXE
12:46:32.0868 0x0ff8  AsioThk32Reg - ok
12:46:32.0870 0x0ff8  kX Mixer - ok
12:46:32.0874 0x0ff8  AsioReg - ok
12:46:32.0898 0x0ff8  [ 5A77E2A4DD76B0733CF30AAD21AB3587, 345C43F209CD29C7A1E8BD88C725D154C29F47B767CD3749EE61601EB4DDDC03 ] C:\Program Files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
12:46:32.0900 0x0ff8  RUSB3MON - ok
12:46:33.0022 0x0ff8  [ F17FFAF69E1AF3D0A010FD4749148981, 7486A1EFE378BFCEE30D169BD0189CABD6935EBEE556BF0328330B120975EA03 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
12:46:33.0047 0x0ff8  EEventManager - ok
12:46:33.0178 0x0ff8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:46:33.0213 0x0ff8  Sidebar - ok
12:46:33.0265 0x0ff8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:46:33.0267 0x0ff8  mctadmin - ok
12:46:33.0308 0x0ff8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:46:33.0324 0x0ff8  Sidebar - ok
12:46:33.0332 0x0ff8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:46:33.0334 0x0ff8  mctadmin - ok
12:46:33.0361 0x0ff8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:46:33.0377 0x0ff8  Sidebar - ok
12:46:33.0749 0x0ff8  [ 7A75780AF331526FCA6C0BDB503EFD3F, 1C94B57557F629B8692D0544C3A61860FD932DAA803E8F03BE8BF7319286BB37 ] C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe
12:46:33.0961 0x0ff8  Spotify - ok
12:46:33.0996 0x0ff8  Spotify Web Helper - ok
12:46:34.0001 0x0ff8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:46:34.0003 0x0ff8  mctadmin - ok
12:46:34.0030 0x0ff8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:46:34.0046 0x0ff8  Sidebar - ok
12:46:34.0292 0x0ff8  [ 7A75780AF331526FCA6C0BDB503EFD3F, 1C94B57557F629B8692D0544C3A61860FD932DAA803E8F03BE8BF7319286BB37 ] C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe
12:46:34.0411 0x0ff8  Spotify - ok
12:46:34.0427 0x0ff8  Spotify Web Helper - ok
12:46:34.0432 0x0ff8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:46:34.0435 0x0ff8  mctadmin - ok
12:46:34.0435 0x0ff8  Waiting for KSN requests completion. In queue: 126
12:46:35.0435 0x0ff8  Waiting for KSN requests completion. In queue: 126
12:46:36.0435 0x0ff8  Waiting for KSN requests completion. In queue: 126
12:46:37.0451 0x0ff8  AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\WSCStub.exe ( 22.6.0.0 ), 0x51000 ( enabled : updated )
12:46:37.0456 0x0ff8  FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\WSCStub.exe ( 22.6.0.0 ), 0x51010 ( enabled )
12:46:40.0210 0x0ff8  ============================================================
12:46:40.0210 0x0ff8  Scan finished
12:46:40.0210 0x0ff8  ============================================================
12:46:40.0217 0x1b90  Detected object count: 0
12:46:40.0217 0x1b90  Actual detected object count: 0
12:49:15.0798 0x00e4  Deinitialize success



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 09 June 2016 - 06:35 AM

The log is clean.

---

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#7 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 09 June 2016 - 08:22 AM

Hi,

Here is my lo file:

 

ComboFix 16-06-01.01 - Chris 06/09/2016   8:48.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8189.4852 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Internet Security *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Internet Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL12D4.tmp
c:\programdata\SPL1DFB.tmp
c:\programdata\SPL2041.tmp
c:\programdata\SPL2556.tmp
c:\programdata\SPL2599.tmp
c:\programdata\SPL2B34.tmp
c:\programdata\SPL32E3.tmp
c:\programdata\SPL3BC9.tmp
c:\programdata\SPL3BD2.tmp
c:\programdata\SPL4B63.tmp
c:\programdata\SPL5385.tmp
c:\programdata\SPL6374.tmp
c:\programdata\SPL715F.tmp
c:\programdata\SPL71CD.tmp
c:\programdata\SPL78CF.tmp
c:\programdata\SPL7963.tmp
c:\programdata\SPL8807.tmp
c:\programdata\SPL8BF9.tmp
c:\programdata\SPL902D.tmp
c:\programdata\SPL91E5.tmp
c:\programdata\SPL9506.tmp
c:\programdata\SPL96A3.tmp
c:\programdata\SPL9F11.tmp
c:\programdata\SPL9FB0.tmp
c:\programdata\SPLA4A7.tmp
c:\programdata\SPLA7A5.tmp
c:\programdata\SPLACA7.tmp
c:\programdata\SPLACC2.tmp
c:\programdata\SPLB69D.tmp
c:\programdata\SPLBBDB.tmp
c:\programdata\SPLBC39.tmp
c:\programdata\SPLC412.tmp
c:\programdata\SPLC64B.tmp
c:\programdata\SPLC830.tmp
c:\programdata\SPLC8A7.tmp
c:\programdata\SPLC937.tmp
c:\programdata\SPLCBC6.tmp
c:\programdata\SPLCF5F.tmp
c:\programdata\SPLD1FD.tmp
c:\programdata\SPLD2E5.tmp
c:\programdata\SPLD3A9.tmp
c:\programdata\SPLDEC9.tmp
c:\programdata\SPLF0DF.tmp
c:\programdata\SPLF651.tmp
c:\programdata\SPLFCC4.tmp
c:\programdata\SPLFED6.tmp
c:\programdata\xml5034.tmp
c:\programdata\xml5469.tmp
c:\programdata\xml5583.tmp
c:\programdata\xml75B4.tmp
c:\programdata\xml7853.tmp
c:\programdata\xmlB1D3.tmp
c:\users\Chris\AppData\Local\Windows Server
c:\users\Chris\AppData\Local\Windows Server\server.dat
c:\users\Chris\AppData\Roaming\55FA05
c:\users\Chris\GoToAssistDownloadHelper.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2016-05-09 to 2016-06-09  )))))))))))))))))))))))))))))))
.
.
2099-09-01 10:19 . 2099-09-01 10:29 -------- d-----w- C:\email maessages 060113
2099-09-01 07:13 . 2099-09-01 07:13 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2099-09-01 07:13 . 2013-06-22 13:23 -------- d-----w- c:\programdata\iolo
2016-06-09 12:57 . 2016-06-09 12:57 -------- d-----w- c:\users\hedev\AppData\Local\temp
2016-06-08 12:48 . 2016-06-08 12:56 -------- d-----w- C:\AdwCleaner
2016-06-07 10:25 . 2016-06-08 12:28 -------- d-----w- C:\FRST
2016-05-30 03:09 . 2016-05-30 03:09 -------- d-----w- c:\users\Chris\AppData\Local\Downloaded Installations
2016-05-23 11:57 . 2016-05-23 11:57 -------- d-----w- c:\users\Chris\AppData\Roaming\com.devexperts.tos.ui.user.login.ThinkOrSwimApplication
2016-05-23 11:54 . 2016-06-04 22:20 -------- d-----w- c:\users\Chris\.thinkorswim
2016-05-23 11:54 . 2016-06-04 22:20 -------- d-----w- c:\program files\thinkorswim
2016-05-23 11:52 . 2016-05-23 11:55 -------- d-----w- c:\users\Chris\.oracle_jre_usage
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-05 20:04 . 2014-12-25 15:37 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-13 13:06 . 2012-12-06 11:41 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-13 13:06 . 2012-12-06 11:41 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [2005-08-03 73728]
"RUSB3MON"="c:\program files (x86)\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2016-01-20 1087184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-04-08 1399208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate1caccabb97c9540;Google Update Service (gupdate1caccabb97c9540);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [x]
R3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys;c:\windows\SYSNATIVE\drivers\AVerFx2hbtv64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\DRIVERS\sustucam.sys;c:\windows\SYSNATIVE\DRIVERS\sustucam.sys [x]
R3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys;c:\windows\SYSNATIVE\DRIVERS\sustucap.sys [x]
R3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\DRIVERS\sustucau.sys;c:\windows\SYSNATIVE\DRIVERS\sustucau.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1606000.08E\SYMEFASI64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160601.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1606000.08E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160608.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160608.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1606000.08E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1606000.08E\SYMNETS.SYS [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe;c:\windows\SYSNATIVE\lxducoms.exe [x]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxduserv.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-09 02:20 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.84\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 13:06]
.
2016-06-09 c:\windows\Tasks\EPSON XP-420 Series Update {A827AA4D-B871-4FF3-9EC5-4147B3AEE146}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSNAE.EXE [2015-11-13 06:30]
.
2016-06-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-06-13 04:31]
.
2016-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 20:51]
.
2016-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-26 20:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-05-17 17:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-05-17 17:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-05-17 17:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [2005-08-03 99328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-AsioThk32Reg - %SYSTEMROOT%\SYSWOW64\CTASIO.DLL
HKLM-Run-kX Mixer - c:\windows\system32\kxmixer.exe
AddRemove-7-Zip 9.20 - c:\program files (x86)\7-Zip\Uninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DivX Setup.divx.com - c:\programdata\DivX\Setup\DivXSetup.exe
AddRemove-IrfanView - c:\program files (x86)\IrfanView\iv_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\22.6.0.142\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\22.6.0.142;c:\program files (x86)\Norton Internet Security\Engine64\22.6.0.142"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*|*,%V%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*|*,%V%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%b%*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3097217664-1659511971-2978430448-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%b%*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2016-06-09  09:09:12 - machine was rebooted
ComboFix-quarantined-files.txt  2016-06-09 13:09
.
Pre-Run: 235,134,820,352 bytes free
Post-Run: 234,382,204,928 bytes free
.
- - End Of File - - 400DC1159C75AE32FF430E8870662FEF
A36C5E4F47E84449FF07ED3517B43A31



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 09 June 2016 - 09:03 AM


If the problem persists please run these tools.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#9 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 09 June 2016 - 11:47 AM

Hi,

Here are my scan logs:

 

Farbar Service Scanner Version: 27-01-2016
Ran by Chris (administrator) on 09-06-2016 at 12:34:35
Running from "C:\Users\Chris\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Chris (administrator) on 09-06-2016 at 12:39:48
Running from "C:\Users\Chris\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: XPS 630i Manufacturer: Dell Inc
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Chris-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-22-19-14-02-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d0b3:76de:4e5e:9ab6%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, June 09, 2016 8:59:51 AM
   Lease Expires . . . . . . . . . . : Thursday, June 23, 2016 9:07:44 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234889753
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A3-6D-15-00-22-19-14-02-B8
   DNS Servers . . . . . . . . . . . : 72.240.13.7
                                       72.240.13.5
                                       156.154.70.43
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6F27C8D7-91C0-4084-8C6C-0A7479057FF9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  72.240.13.7

Name:    google.com
Addresses:  2607:f8b0:4009:80f::200e
   72.240.108.34
   72.240.108.57
   72.240.108.44
   72.240.108.27
   72.240.108.23
   72.240.108.30
   72.240.108.53
   72.240.108.45
   72.240.108.29
   72.240.108.19
   72.240.108.38
   72.240.108.59
   72.240.108.15
   72.240.108.49
   72.240.108.42

Pinging google.com [72.240.108.57] with 32 bytes of data:
Reply from 72.240.108.57: bytes=32 time=10ms TTL=61
Reply from 72.240.108.57: bytes=32 time=9ms TTL=61

Ping statistics for 72.240.108.57:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 10ms, Average = 9ms
Server:  nsextcache3.buckeyecom.net
Address:  72.240.13.7

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=53ms TTL=48
Reply from 98.139.183.24: bytes=32 time=43ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 43ms, Maximum = 53ms, Average = 48ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 22 19 14 02 b8 ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     11
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    266
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    266
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 10    266 fe80::d0b3:76de:4e5e:9ab6/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2016 11:56:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/08/2016 04:51:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/08/2016 08:08:06 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0354005d-279c-4f77-b87c-685381277145}

Error: (06/07/2016 07:28:39 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8ec

Start Time: 01d1c049b95d4c60

Termination Time: 30

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/06/2016 10:20:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/05/2016 01:01:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/03/2016 11:43:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/03/2016 02:55:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/01/2016 12:07:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (05/31/2016 04:16:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17937, time stamp: 0x55a7f8da
Faulting module name: ole32.dll, version: 6.1.7601.18915, time stamp: 0x55981b9e
Exception code: 0xc0000005
Fault offset: 0x0001e642
Faulting process id: 0x2428
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (06/09/2016 08:58:06 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/09/2016 08:57:54 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/09/2016 08:57:11 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/09/2016 08:54:10 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/08/2016 08:59:50 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (06/08/2016 08:59:50 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (06/08/2016 08:59:50 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (06/08/2016 08:59:50 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (06/08/2016 08:59:50 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (06/08/2016 08:59:50 AM) (Source: Service Control Manager) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (08/10/2015 07:14:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/18/2015 02:13:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/03/2012 06:58:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/03/2012 06:57:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/03/2012 06:57:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/03/2011 10:21:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/17/2011 08:25:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/12/2011 08:34:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/12/2011 08:33:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/14/2011 07:15:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2016-06-09 08:57:11.505
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-09 08:57:11.475
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-14 10:53:23.750
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-14 10:53:23.625
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-13 18:15:10.956
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-13 18:15:10.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 19:16:37.662
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 19:16:37.600
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 18:59:44.062
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-22 18:59:43.999
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

**** End of log ****



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 10 June 2016 - 07:36 AM

Lets find out if you have the latest drivers for the programs you are running.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.

http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

Keep me posted.

#11 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 11 June 2016 - 08:45 AM

Hi,

I ran the updates and still have high CPU usage from svchost.exe (netsvcs).

Thanks,

Chris



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 12 June 2016 - 07:04 AM

If you Google this string CPU usage from svchost.exe (netsvcs) you will find out that this can be caused by may things.
Try the suggestions on this page.
http://appuals.com/high-cpu-usage-by-svchost-exe-netsvcs/

Look around for other solutions.

If at any time you need advice on some recommendations ask before proceeding.

Keep me posted.

Edited by nasdaq, 14 June 2016 - 09:01 AM.


#13 cbeau37

cbeau37
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 14 June 2016 - 06:16 AM

Hi nasdaq,

I finally got my used resources down.

I used the last fix noted in the website, I disabled windows updater and it slowly went down to where it should be.

I'll need to figure out how to get my windows update to work again but for now this should do it!

I appreciate all of your help!

Thank you,

Chris



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 14 June 2016 - 09:03 AM

You should look for the new updates manually.

If any need to be installed do it but follow the directives.
If and when asked to restart the computer do it. It's important.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 20 June 2016 - 08:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users