wallysurfr

August 20, 2013

alright, I'm on it. Thanks Man!

August 20, 2013

it works great in safe mode but with regular windows it is still really sluggish, hanging up take minutes to do simple tasks, etc. Is there anything I can do to fix that problem?

August 19, 2013

Malwarebytes Anti-Rootkit BETA 1.06.1.1005

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_20

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 4240293888, free: 3513856000

Could not load protection driver

Downloaded database version: v2013.08.19.05

Initializing...

------------ Kernel report ------------

08/19/2013 17:34:06

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\NISx64\1207020.003\SYMDS64.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\system32\DRIVERS\tos_sps64.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\QIOMem.sys

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\SysWOW64\ntdll.dll

\Windows\System32\wow64.dll

\Windows\System32\wow64win.dll

\Windows\System32\wow64cpu.dll

\Windows\System32\kernel32.dll

\Windows\SysWOW64\kernel32.dll

\Windows\System32\kernel32.dll

\Windows\System32\user32.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800573d410

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80049a1050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800573d410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800573e040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800573d410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80049a1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 4E59E2AF

Partition information:

Partition 0 type is Other (0x27)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 3072000

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 3074048 Numsec = 1218398208

Partition 2 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 1221472256 Numsec = 28790784

Partition is not bootable

Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Done!

Scan finished

August 18, 2013

alright went into regular windows and still running slow. Tried to go into control alt delete menu to see what processes were running and when I clicked to performance it went to CPU 99% and everything hung up. Things were running really sluggish. I manually powered down and came through safe mode w networking. How are the logs looking?

Did TDS Killer work even though I couldn't get it to work perfectly? Should I try running it again?

Thanks again! This forum is the best. Thanks!

August 18, 2013

Roguekiller went smoothly:

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : lucy's [Admin rights]

Mode : Remove -- Date : 08/18/2013 16:55:54

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : GarminExpressTrayApp ("C:\Users\lucy's\Desktop\Garmin\Express Tray\ExpressTray.exe" [7]) -> DELETED

[RUN][sUSP PATH] HKUS\S-1-5-21-1889665631-2126717968-3753671527-1000\[...]\Run : GarminExpressTrayApp ("C:\Users\lucy's\Desktop\Garmin\Express Tray\ExpressTray.exe" [7]) -> [0x2] The system cannot find the file specified.

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : DE4EB219-C26F-41C4-9A5E-681C0D8532EE (cmd.exe /C start /D "C:\Users\lucy's\AppData\Local\Temp" /B DE4EB219-C26F-41C4-9A5E-681C0D8532EE.exe -activeimages -postboot [x][-][x]) -> DELETED

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : 8FF45D5D-3CF0-446C-A829-9B77FE2568A4 (cmd.exe /C start /D "C:\Users\lucy's\AppData\Local\Temp" /B 8FF45D5D-3CF0-446C-A829-9B77FE2568A4.exe -activeimages -postboot [x][-][x]) -> DELETED

[sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 07357328 (C:\windows\system32\drivers\91459253.sys [x]) -> DELETED

[sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 52299872 (C:\windows\system32\drivers\87827551.sys [x]) -> DELETED

[sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 07357328 (C:\windows\system32\drivers\91459253.sys [x]) -> [0x3] The system cannot find the path specified.

[sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 52299872 (C:\windows\system32\drivers\87827551.sys [x]) -> [0x3] The system cannot find the path specified.

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++

--- User ---

[MBR] 442aaa6927b31297461e6f5031d50495

[bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594921 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221472256 | Size: 14058 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_D_08182013_165554.txt >>

RKreport[0]_S_08182013_165546.txt

August 18, 2013

TDS Killer

I couldnt get it to reboot into normal windows after the program ran and did the auto shut down. It went BSOD physical dump of memory so I booted to safe w networking and ran it without checking the one box. So not sure if it downloaded the driver it needed. 2 suspicious files found. Here is the log:

16:47:16.0306 2148 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

16:47:16.0665 2148 ============================================================

16:47:16.0665 2148 Current date / time: 2013/08/18 16:47:16.0665

16:47:16.0665 2148 SystemInfo:

16:47:16.0665 2148

16:47:16.0665 2148 OS Version: 6.1.7601 ServicePack: 1.0

16:47:16.0665 2148 Product type: Workstation

16:47:16.0665 2148 ComputerName: LUCYS-PC

16:47:16.0665 2148 UserName: lucy's

16:47:16.0665 2148 Windows directory: C:\windows

16:47:16.0665 2148 System windows directory: C:\windows

16:47:16.0665 2148 Running under WOW64

16:47:16.0665 2148 Processor architecture: Intel x64

16:47:16.0665 2148 Number of processors: 2

16:47:16.0665 2148 Page size: 0x1000

16:47:16.0665 2148 Boot type: Safe boot with network

16:47:16.0665 2148 ============================================================

16:47:18.0631 2148 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:47:18.0631 2148 ============================================================

16:47:18.0631 2148 \Device\Harddisk0\DR0:

16:47:18.0631 2148 MBR partitions:

16:47:18.0631 2148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800

16:47:18.0631 2148 ============================================================

16:47:18.0693 2148 C: <-> \Device\Harddisk0\DR0\Partition1

16:47:18.0693 2148 ============================================================

16:47:18.0693 2148 Initialize success

16:47:18.0693 2148 ============================================================

16:48:08.0551 2516 ============================================================

16:48:08.0551 2516 Scan started

16:48:08.0551 2516 Mode: Manual; SigCheck; TDLFS;

16:48:08.0551 2516 ============================================================

16:48:08.0676 2516 ================ Scan system memory ========================

16:48:08.0676 2516 System memory - ok

16:48:08.0676 2516 ================ Scan services =============================

16:48:08.0941 2516 07357328 - ok

16:48:09.0003 2516 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

16:48:09.0113 2516 1394ohci - ok

16:48:09.0175 2516 52299872 - ok

16:48:09.0222 2516 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

16:48:09.0237 2516 ACPI - ok

16:48:09.0269 2516 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

16:48:09.0347 2516 AcpiPmi - ok

16:48:09.0534 2516 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:48:09.0549 2516 AdobeARMservice - ok

16:48:09.0737 2516 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:48:09.0737 2516 AdobeFlashPlayerUpdateSvc - ok

16:48:09.0830 2516 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

16:48:09.0846 2516 adp94xx - ok

16:48:09.0893 2516 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

16:48:09.0908 2516 adpahci - ok

16:48:09.0939 2516 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

16:48:09.0939 2516 adpu320 - ok

16:48:09.0986 2516 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

16:48:10.0236 2516 AeLookupSvc - ok

16:48:10.0298 2516 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

16:48:10.0361 2516 AFD - ok

16:48:10.0423 2516 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

16:48:10.0439 2516 agp440 - ok

16:48:10.0501 2516 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

16:48:10.0532 2516 ALG - ok

16:48:10.0579 2516 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

16:48:10.0595 2516 aliide - ok

16:48:10.0626 2516 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

16:48:10.0626 2516 amdide - ok

16:48:10.0688 2516 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

16:48:10.0719 2516 AmdK8 - ok

16:48:10.0751 2516 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

16:48:10.0797 2516 AmdPPM - ok

16:48:10.0844 2516 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

16:48:10.0860 2516 amdsata - ok

16:48:10.0907 2516 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

16:48:10.0922 2516 amdsbs - ok

16:48:10.0953 2516 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

16:48:10.0969 2516 amdxata - ok

16:48:11.0016 2516 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

16:48:11.0141 2516 AppID - ok

16:48:11.0172 2516 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

16:48:11.0219 2516 AppIDSvc - ok

16:48:11.0281 2516 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll

16:48:11.0328 2516 Appinfo - ok

16:48:11.0390 2516 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

16:48:11.0390 2516 arc - ok

16:48:11.0421 2516 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

16:48:11.0421 2516 arcsas - ok

16:48:11.0453 2516 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

16:48:11.0499 2516 AsyncMac - ok

16:48:11.0531 2516 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

16:48:11.0531 2516 atapi - ok

16:48:11.0609 2516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

16:48:11.0671 2516 AudioEndpointBuilder - ok

16:48:11.0671 2516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

16:48:11.0718 2516 AudioSrv - ok

16:48:11.0765 2516 [ 0B2520AA90C20971BDB45AE6F3047E0F ] avgtp C:\windows\system32\drivers\avgtpx64.sys

16:48:11.0780 2516 avgtp - ok

16:48:11.0843 2516 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

16:48:11.0936 2516 AxInstSV - ok

16:48:11.0999 2516 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

16:48:12.0045 2516 b06bdrv - ok

16:48:12.0061 2516 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

16:48:12.0108 2516 b57nd60a - ok

16:48:12.0155 2516 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

16:48:12.0186 2516 BDESVC - ok

16:48:12.0217 2516 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

16:48:12.0279 2516 Beep - ok

16:48:12.0326 2516 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

16:48:12.0389 2516 BFE - ok

16:48:12.0545 2516 [ CD0ECB395666FC9AE23D7381E9E3370D ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys

16:48:12.0576 2516 BHDrvx64 - ok

16:48:12.0607 2516 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll

16:48:12.0685 2516 BITS - ok

16:48:12.0716 2516 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

16:48:12.0747 2516 blbdrive - ok

16:48:12.0779 2516 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

16:48:12.0825 2516 bowser - ok

16:48:12.0888 2516 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

16:48:12.0919 2516 BrFiltLo - ok

16:48:12.0935 2516 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

16:48:12.0935 2516 BrFiltUp - ok

16:48:12.0981 2516 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

16:48:13.0028 2516 BridgeMP - ok

16:48:13.0059 2516 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

16:48:13.0091 2516 Browser - ok

16:48:13.0137 2516 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

16:48:13.0184 2516 Brserid - ok

16:48:13.0200 2516 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

16:48:13.0231 2516 BrSerWdm - ok

16:48:13.0262 2516 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

16:48:13.0293 2516 BrUsbMdm - ok

16:48:13.0309 2516 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

16:48:13.0340 2516 BrUsbSer - ok

16:48:13.0371 2516 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

16:48:13.0403 2516 BTHMODEM - ok

16:48:13.0465 2516 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

16:48:13.0512 2516 bthserv - ok

16:48:13.0559 2516 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

16:48:13.0621 2516 cdfs - ok

16:48:13.0652 2516 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

16:48:13.0683 2516 cdrom - ok

16:48:13.0730 2516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

16:48:13.0777 2516 CertPropSvc - ok

16:48:13.0824 2516 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

16:48:13.0855 2516 circlass - ok

16:48:13.0886 2516 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

16:48:13.0902 2516 CLFS - ok

16:48:13.0964 2516 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:48:13.0964 2516 clr_optimization_v2.0.50727_32 - ok

16:48:14.0011 2516 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:48:14.0027 2516 clr_optimization_v2.0.50727_64 - ok

16:48:14.0120 2516 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:48:14.0151 2516 clr_optimization_v4.0.30319_32 - ok

16:48:14.0276 2516 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:48:14.0292 2516 clr_optimization_v4.0.30319_64 - ok

16:48:14.0339 2516 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

16:48:14.0370 2516 CmBatt - ok

16:48:14.0401 2516 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

16:48:14.0417 2516 cmdide - ok

16:48:14.0448 2516 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

16:48:14.0495 2516 CNG - ok

16:48:14.0573 2516 [ 66847C979893A11CFCC2280E772D7EA1 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys

16:48:14.0604 2516 CnxtHdAudService - ok

16:48:14.0666 2516 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

16:48:14.0666 2516 Compbatt - ok

16:48:14.0697 2516 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

16:48:14.0729 2516 CompositeBus - ok

16:48:14.0760 2516 COMSysApp - ok

16:48:14.0775 2516 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

16:48:14.0791 2516 crcdisk - ok

16:48:14.0853 2516 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\windows\system32\cryptsvc.dll

16:48:14.0885 2516 CryptSvc - ok

16:48:14.0994 2516 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

16:48:15.0025 2516 cvhsvc - ok

16:48:15.0072 2516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

16:48:15.0134 2516 DcomLaunch - ok

16:48:15.0181 2516 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

16:48:15.0243 2516 defragsvc - ok

16:48:15.0290 2516 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

16:48:15.0337 2516 DfsC - ok

16:48:15.0399 2516 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

16:48:15.0446 2516 Dhcp - ok

16:48:15.0493 2516 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

16:48:15.0555 2516 discache - ok

16:48:15.0587 2516 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

16:48:15.0602 2516 Disk - ok

16:48:15.0665 2516 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

16:48:15.0696 2516 Dnscache - ok

16:48:15.0743 2516 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

16:48:15.0805 2516 dot3svc - ok

16:48:15.0821 2516 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

16:48:15.0867 2516 DPS - ok

16:48:15.0930 2516 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

16:48:15.0961 2516 drmkaud - ok

16:48:16.0008 2516 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

16:48:16.0039 2516 DXGKrnl - ok

16:48:16.0086 2516 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

16:48:16.0148 2516 EapHost - ok

16:48:16.0242 2516 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

16:48:16.0304 2516 ebdrv - ok

16:48:16.0367 2516 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

16:48:16.0382 2516 eeCtrl - ok

16:48:16.0398 2516 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

16:48:16.0445 2516 EFS - ok

16:48:16.0491 2516 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

16:48:16.0538 2516 ehRecvr - ok

16:48:16.0569 2516 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

16:48:16.0569 2516 ehSched - ok

16:48:16.0601 2516 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

16:48:16.0632 2516 elxstor - ok

16:48:16.0632 2516 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

16:48:16.0647 2516 ErrDev - ok

16:48:16.0694 2516 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

16:48:16.0757 2516 EventSystem - ok

16:48:16.0788 2516 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

16:48:16.0819 2516 exfat - ok

16:48:16.0850 2516 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

16:48:16.0897 2516 fastfat - ok

16:48:16.0944 2516 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

16:48:16.0991 2516 Fax - ok

16:48:17.0006 2516 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

16:48:17.0037 2516 fdc - ok

16:48:17.0069 2516 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

16:48:17.0115 2516 fdPHost - ok

16:48:17.0162 2516 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

16:48:17.0193 2516 FDResPub - ok

16:48:17.0209 2516 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

16:48:17.0225 2516 FileInfo - ok

16:48:17.0240 2516 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

16:48:17.0303 2516 Filetrace - ok

16:48:17.0334 2516 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

16:48:17.0349 2516 flpydisk - ok

16:48:17.0381 2516 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

16:48:17.0396 2516 FltMgr - ok

16:48:17.0537 2516 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll

16:48:17.0568 2516 FontCache - ok

16:48:17.0615 2516 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:48:17.0615 2516 FontCache3.0.0.0 - ok

16:48:17.0630 2516 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

16:48:17.0646 2516 FsDepends - ok

16:48:17.0661 2516 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

16:48:17.0661 2516 Fs_Rec - ok

16:48:17.0724 2516 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

16:48:17.0739 2516 fvevol - ok

16:48:17.0771 2516 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

16:48:17.0771 2516 gagp30kx - ok

16:48:17.0833 2516 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

16:48:17.0833 2516 GamesAppService - ok

16:48:17.0973 2516 [ 2973B4EB7BE10A0D491B2037DCAAE88F ] Garmin Core Update Service C:\Users\lucy's\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

16:48:17.0989 2516 Garmin Core Update Service - ok

16:48:18.0020 2516 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

16:48:18.0051 2516 gpsvc - ok

16:48:18.0145 2516 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:48:18.0145 2516 gupdate - ok

16:48:18.0192 2516 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:48:18.0192 2516 gupdatem - ok

16:48:18.0239 2516 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

16:48:18.0270 2516 hcw85cir - ok

16:48:18.0301 2516 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

16:48:18.0332 2516 HdAudAddService - ok

16:48:18.0348 2516 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

16:48:18.0379 2516 HDAudBus - ok

16:48:18.0379 2516 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

16:48:18.0410 2516 HidBatt - ok

16:48:18.0441 2516 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

16:48:18.0473 2516 HidBth - ok

16:48:18.0504 2516 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

16:48:18.0519 2516 HidIr - ok

16:48:18.0535 2516 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll

16:48:18.0597 2516 hidserv - ok

16:48:18.0660 2516 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys

16:48:18.0660 2516 HidUsb - ok

16:48:18.0691 2516 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

16:48:18.0753 2516 hkmsvc - ok

16:48:18.0785 2516 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

16:48:18.0800 2516 HomeGroupListener - ok

16:48:18.0847 2516 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

16:48:18.0878 2516 HomeGroupProvider - ok

16:48:18.0909 2516 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

16:48:18.0909 2516 HpSAMD - ok

16:48:18.0941 2516 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

16:48:19.0003 2516 HTTP - ok

16:48:19.0034 2516 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

16:48:19.0050 2516 hwpolicy - ok

16:48:19.0097 2516 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

16:48:19.0097 2516 i8042prt - ok

16:48:19.0190 2516 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

16:48:19.0206 2516 iaStor - ok

16:48:19.0284 2516 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

16:48:19.0299 2516 iaStorV - ok

16:48:19.0393 2516 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

16:48:19.0424 2516 IDriverT ( UnsignedFile.Multi.Generic ) - warning

16:48:19.0424 2516 IDriverT - detected UnsignedFile.Multi.Generic (1)

16:48:19.0471 2516 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:48:19.0487 2516 idsvc - ok

16:48:19.0549 2516 [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111026.030\IDSvia64.sys

16:48:19.0565 2516 IDSVia64 - ok

16:48:19.0799 2516 [ 370C2A8629B30F910F740387795DDC6F ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

16:48:20.0126 2516 igfx - ok

16:48:20.0157 2516 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

16:48:20.0173 2516 iirsp - ok

16:48:20.0220 2516 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

16:48:20.0282 2516 IKEEXT - ok

16:48:20.0345 2516 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

16:48:20.0360 2516 IntcDAud - ok

16:48:20.0391 2516 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

16:48:20.0407 2516 intelide - ok

16:48:20.0438 2516 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

16:48:20.0469 2516 intelppm - ok

16:48:20.0516 2516 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

16:48:20.0579 2516 IPBusEnum - ok

16:48:20.0610 2516 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

16:48:20.0641 2516 IpFilterDriver - ok

16:48:20.0688 2516 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

16:48:20.0735 2516 iphlpsvc - ok

16:48:20.0750 2516 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

16:48:20.0766 2516 IPMIDRV - ok

16:48:20.0813 2516 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

16:48:20.0875 2516 IPNAT - ok

16:48:20.0922 2516 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

16:48:20.0937 2516 IRENUM - ok

16:48:20.0937 2516 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

16:48:20.0937 2516 isapnp - ok

16:48:20.0953 2516 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

16:48:20.0969 2516 iScsiPrt - ok

16:48:20.0984 2516 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

16:48:21.0000 2516 kbdclass - ok

16:48:21.0015 2516 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

16:48:21.0047 2516 kbdhid - ok

16:48:21.0062 2516 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

16:48:21.0078 2516 KeyIso - ok

16:48:21.0093 2516 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

16:48:21.0109 2516 KSecDD - ok

16:48:21.0140 2516 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

16:48:21.0156 2516 KSecPkg - ok

16:48:21.0203 2516 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

16:48:21.0265 2516 ksthunk - ok

16:48:21.0312 2516 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

16:48:21.0374 2516 KtmRm - ok

16:48:21.0437 2516 [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys

16:48:21.0437 2516 L1C - ok

16:48:21.0530 2516 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll

16:48:21.0593 2516 LanmanServer - ok

16:48:21.0624 2516 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

16:48:21.0686 2516 LanmanWorkstation - ok

16:48:21.0749 2516 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

16:48:21.0795 2516 lltdio - ok

16:48:21.0842 2516 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

16:48:21.0905 2516 lltdsvc - ok

16:48:21.0936 2516 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

16:48:21.0967 2516 lmhosts - ok

16:48:22.0045 2516 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

16:48:22.0045 2516 LMS - ok

16:48:22.0107 2516 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

16:48:22.0107 2516 LSI_FC - ok

16:48:22.0139 2516 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

16:48:22.0154 2516 LSI_SAS - ok

16:48:22.0170 2516 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

16:48:22.0170 2516 LSI_SAS2 - ok

16:48:22.0201 2516 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

16:48:22.0201 2516 LSI_SCSI - ok

16:48:22.0248 2516 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

16:48:22.0310 2516 luafv - ok

16:48:22.0373 2516 [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon C:\windows\system32\drivers\mbamchameleon.sys

16:48:22.0388 2516 mbamchameleon - ok

16:48:22.0435 2516 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

16:48:22.0435 2516 MBAMProtector - ok

16:48:22.0497 2516 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

16:48:22.0513 2516 MBAMScheduler - ok

16:48:22.0575 2516 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

16:48:22.0591 2516 MBAMService - ok

16:48:22.0638 2516 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

16:48:22.0638 2516 Mcx2Svc - ok

16:48:22.0685 2516 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

16:48:22.0685 2516 megasas - ok

16:48:22.0700 2516 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

16:48:22.0716 2516 MegaSR - ok

16:48:22.0778 2516 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

16:48:22.0778 2516 MEIx64 - ok

16:48:22.0809 2516 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

16:48:22.0872 2516 MMCSS - ok

16:48:22.0903 2516 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

16:48:22.0965 2516 Modem - ok

16:48:22.0981 2516 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

16:48:23.0012 2516 monitor - ok

16:48:23.0028 2516 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

16:48:23.0043 2516 mouclass - ok

16:48:23.0090 2516 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys

16:48:23.0121 2516 mouhid - ok

16:48:23.0153 2516 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

16:48:23.0168 2516 mountmgr - ok

16:48:23.0184 2516 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

16:48:23.0199 2516 mpio - ok

16:48:23.0199 2516 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

16:48:23.0246 2516 mpsdrv - ok

16:48:23.0277 2516 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

16:48:23.0340 2516 MpsSvc - ok

16:48:23.0355 2516 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

16:48:23.0402 2516 MRxDAV - ok

16:48:23.0433 2516 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

16:48:23.0480 2516 mrxsmb - ok

16:48:23.0496 2516 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

16:48:23.0511 2516 mrxsmb10 - ok

16:48:23.0527 2516 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

16:48:23.0527 2516 mrxsmb20 - ok

16:48:23.0558 2516 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys

16:48:23.0558 2516 msahci - ok

16:48:23.0589 2516 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

16:48:23.0589 2516 msdsm - ok

16:48:23.0605 2516 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

16:48:23.0652 2516 MSDTC - ok

16:48:23.0699 2516 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

16:48:23.0730 2516 Msfs - ok

16:48:23.0745 2516 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

16:48:23.0808 2516 mshidkmdf - ok

16:48:23.0823 2516 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

16:48:23.0823 2516 msisadrv - ok

16:48:23.0886 2516 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

16:48:23.0948 2516 MSiSCSI - ok

16:48:23.0948 2516 msiserver - ok

16:48:23.0995 2516 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

16:48:24.0042 2516 MSKSSRV - ok

16:48:24.0057 2516 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

16:48:24.0089 2516 MSPCLOCK - ok

16:48:24.0089 2516 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

16:48:24.0135 2516 MSPQM - ok

16:48:24.0151 2516 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

16:48:24.0167 2516 MsRPC - ok

16:48:24.0182 2516 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

16:48:24.0198 2516 mssmbios - ok

16:48:24.0229 2516 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

16:48:24.0291 2516 MSTEE - ok

16:48:24.0323 2516 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

16:48:24.0323 2516 MTConfig - ok

16:48:24.0338 2516 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

16:48:24.0354 2516 Mup - ok

16:48:24.0385 2516 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

16:48:24.0447 2516 napagent - ok

16:48:24.0525 2516 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

16:48:24.0572 2516 NativeWifiP - ok

16:48:24.0619 2516 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111028.002\ENG64.SYS

16:48:24.0619 2516 NAVENG - ok

16:48:24.0697 2516 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111028.002\EX64.SYS

16:48:24.0744 2516 NAVEX15 - ok

16:48:24.0791 2516 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

16:48:24.0806 2516 NDIS - ok

16:48:24.0853 2516 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

16:48:24.0915 2516 NdisCap - ok

16:48:24.0947 2516 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

16:48:24.0978 2516 NdisTapi - ok

16:48:24.0993 2516 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

16:48:25.0040 2516 Ndisuio - ok

16:48:25.0071 2516 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

16:48:25.0118 2516 NdisWan - ok

16:48:25.0165 2516 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

16:48:25.0196 2516 NDProxy - ok

16:48:25.0196 2516 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

16:48:25.0259 2516 NetBIOS - ok

16:48:25.0259 2516 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

16:48:25.0290 2516 NetBT - ok

16:48:25.0305 2516 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

16:48:25.0321 2516 Netlogon - ok

16:48:25.0368 2516 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

16:48:25.0446 2516 Netman - ok

16:48:25.0446 2516 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

16:48:25.0493 2516 netprofm - ok

16:48:25.0524 2516 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:48:25.0539 2516 NetTcpPortSharing - ok

16:48:25.0571 2516 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

16:48:25.0571 2516 nfrd960 - ok

16:48:25.0649 2516 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

16:48:25.0649 2516 NIS - ok

16:48:25.0695 2516 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

16:48:25.0742 2516 NlaSvc - ok

16:48:25.0758 2516 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

16:48:25.0789 2516 Npfs - ok

16:48:25.0820 2516 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

16:48:25.0867 2516 nsi - ok

16:48:25.0898 2516 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

16:48:25.0929 2516 nsiproxy - ok

16:48:25.0992 2516 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

16:48:26.0023 2516 Ntfs - ok

16:48:26.0039 2516 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

16:48:26.0070 2516 Null - ok

16:48:26.0132 2516 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

16:48:26.0148 2516 nvraid - ok

16:48:26.0195 2516 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

16:48:26.0210 2516 nvstor - ok

16:48:26.0226 2516 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

16:48:26.0241 2516 nv_agp - ok

16:48:26.0273 2516 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

16:48:26.0273 2516 ohci1394 - ok

16:48:26.0351 2516 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:48:26.0366 2516 ose - ok

16:48:26.0491 2516 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:48:26.0647 2516 osppsvc - ok

16:48:26.0678 2516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

16:48:26.0709 2516 p2pimsvc - ok

16:48:26.0741 2516 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

16:48:26.0756 2516 p2psvc - ok

16:48:26.0772 2516 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

16:48:26.0787 2516 Parport - ok

16:48:26.0819 2516 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

16:48:26.0819 2516 partmgr - ok

16:48:26.0850 2516 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

16:48:26.0881 2516 PcaSvc - ok

16:48:26.0912 2516 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

16:48:26.0928 2516 pci - ok

16:48:26.0928 2516 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys

16:48:26.0943 2516 pciide - ok

16:48:26.0959 2516 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

16:48:26.0975 2516 pcmcia - ok

16:48:26.0990 2516 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

16:48:27.0006 2516 pcw - ok

16:48:27.0021 2516 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

16:48:27.0084 2516 PEAUTH - ok

16:48:27.0146 2516 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

16:48:27.0177 2516 PerfHost - ok

16:48:27.0240 2516 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys

16:48:27.0240 2516 PGEffect - ok

16:48:27.0302 2516 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

16:48:27.0365 2516 pla - ok

16:48:27.0443 2516 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

16:48:27.0474 2516 PlugPlay - ok

16:48:27.0521 2516 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

16:48:27.0552 2516 PNRPAutoReg - ok

16:48:27.0567 2516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

16:48:27.0583 2516 PNRPsvc - ok

16:48:27.0614 2516 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

16:48:27.0677 2516 PolicyAgent - ok

16:48:27.0723 2516 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

16:48:27.0770 2516 Power - ok

16:48:27.0817 2516 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

16:48:27.0879 2516 PptpMiniport - ok

16:48:27.0895 2516 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

16:48:27.0926 2516 Processor - ok

16:48:27.0973 2516 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

16:48:28.0004 2516 ProfSvc - ok

16:48:28.0020 2516 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

16:48:28.0035 2516 ProtectedStorage - ok

16:48:28.0082 2516 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

16:48:28.0129 2516 Psched - ok

16:48:28.0191 2516 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys

16:48:28.0238 2516 QIOMem - ok

16:48:28.0316 2516 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

16:48:28.0363 2516 ql2300 - ok

16:48:28.0379 2516 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

16:48:28.0394 2516 ql40xx - ok

16:48:28.0425 2516 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

16:48:28.0441 2516 QWAVE - ok

16:48:28.0457 2516 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

16:48:28.0488 2516 QWAVEdrv - ok

16:48:28.0519 2516 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

16:48:28.0581 2516 RasAcd - ok

16:48:28.0628 2516 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

16:48:28.0659 2516 RasAgileVpn - ok

16:48:28.0675 2516 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

16:48:28.0737 2516 RasAuto - ok

16:48:28.0769 2516 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

16:48:28.0815 2516 Rasl2tp - ok

16:48:28.0831 2516 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

16:48:28.0878 2516 RasMan - ok

16:48:28.0893 2516 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

16:48:28.0956 2516 RasPppoe - ok

16:48:29.0003 2516 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

16:48:29.0065 2516 RasSstp - ok

16:48:29.0081 2516 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

16:48:29.0143 2516 rdbss - ok

16:48:29.0159 2516 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

16:48:29.0190 2516 rdpbus - ok

16:48:29.0221 2516 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

16:48:29.0268 2516 RDPCDD - ok

16:48:29.0299 2516 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

16:48:29.0361 2516 RDPENCDD - ok

16:48:29.0377 2516 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

16:48:29.0408 2516 RDPREFMP - ok

16:48:29.0439 2516 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

16:48:29.0455 2516 RDPWD - ok

16:48:29.0486 2516 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

16:48:29.0502 2516 rdyboost - ok

16:48:29.0549 2516 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

16:48:29.0627 2516 RemoteAccess - ok

16:48:29.0658 2516 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

16:48:29.0689 2516 RemoteRegistry - ok

16:48:29.0705 2516 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

16:48:29.0751 2516 RpcEptMapper - ok

16:48:29.0783 2516 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

16:48:29.0798 2516 RpcLocator - ok

16:48:29.0892 2516 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\windows\SysWOW64\rpcnet.exe

16:48:29.0892 2516 rpcnet - ok

16:48:29.0954 2516 [ F4402AFE7F512904D05D657FE16F8BE0 ] rpcnetp C:\windows\System32\rpcnetp.exe

16:48:29.0985 2516 rpcnetp ( UnsignedFile.Multi.Generic ) - warning

16:48:29.0985 2516 rpcnetp - detected UnsignedFile.Multi.Generic (1)

16:48:30.0032 2516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll

16:48:30.0079 2516 RpcSs - ok

16:48:30.0095 2516 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

16:48:30.0126 2516 rspndr - ok

16:48:30.0188 2516 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

16:48:30.0188 2516 RSUSBSTOR - ok

16:48:30.0235 2516 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RTSUVSTOR.sys

16:48:30.0251 2516 RSUSBVSTOR - ok

16:48:30.0329 2516 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys

16:48:30.0344 2516 RTL8192Ce - ok

16:48:30.0360 2516 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

16:48:30.0360 2516 SamSs - ok

16:48:30.0391 2516 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

16:48:30.0407 2516 sbp2port - ok

16:48:30.0438 2516 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

16:48:30.0469 2516 SCardSvr - ok

16:48:30.0485 2516 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

16:48:30.0547 2516 scfilter - ok

16:48:30.0594 2516 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

16:48:30.0656 2516 Schedule - ok

16:48:30.0687 2516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

16:48:30.0734 2516 SCPolicySvc - ok

16:48:30.0750 2516 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

16:48:30.0781 2516 SDRSVC - ok

16:48:30.0828 2516 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

16:48:30.0890 2516 secdrv - ok

16:48:30.0921 2516 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

16:48:30.0953 2516 seclogon - ok

16:48:30.0984 2516 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll

16:48:31.0031 2516 SENS - ok

16:48:31.0077 2516 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

16:48:31.0109 2516 SensrSvc - ok

16:48:31.0155 2516 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

16:48:31.0187 2516 Serenum - ok

16:48:31.0202 2516 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

16:48:31.0233 2516 Serial - ok

16:48:31.0249 2516 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

16:48:31.0265 2516 sermouse - ok

16:48:31.0296 2516 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

16:48:31.0358 2516 SessionEnv - ok

16:48:31.0374 2516 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

16:48:31.0389 2516 sffdisk - ok

16:48:31.0421 2516 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

16:48:31.0452 2516 sffp_mmc - ok

16:48:31.0467 2516 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

16:48:31.0514 2516 sffp_sd - ok

16:48:31.0530 2516 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

16:48:31.0561 2516 sfloppy - ok

16:48:31.0623 2516 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys

16:48:31.0639 2516 Sftfs - ok

16:48:31.0717 2516 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

16:48:31.0733 2516 sftlist - ok

16:48:31.0764 2516 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys

16:48:31.0764 2516 Sftplay - ok

16:48:31.0795 2516 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys

16:48:31.0795 2516 Sftredir - ok

16:48:31.0811 2516 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys

16:48:31.0811 2516 Sftvol - ok

16:48:31.0857 2516 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

16:48:31.0873 2516 sftvsa - ok

16:48:31.0935 2516 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

16:48:31.0982 2516 SharedAccess - ok

16:48:32.0013 2516 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

16:48:32.0060 2516 ShellHWDetection - ok

16:48:32.0091 2516 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

16:48:32.0107 2516 SiSRaid2 - ok

16:48:32.0138 2516 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

16:48:32.0154 2516 SiSRaid4 - ok

16:48:32.0247 2516 [ 7C70691D01181E3F441C6B9D429D24CC ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

16:48:32.0263 2516 SkypeUpdate - ok

16:48:32.0279 2516 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

16:48:32.0325 2516 Smb - ok

16:48:32.0403 2516 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

16:48:32.0435 2516 SNMPTRAP - ok

16:48:32.0481 2516 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

16:48:32.0481 2516 spldr - ok

16:48:32.0528 2516 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

16:48:32.0544 2516 Spooler - ok

16:48:32.0606 2516 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

16:48:32.0715 2516 sppsvc - ok

16:48:32.0747 2516 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

16:48:32.0778 2516 sppuinotify - ok

16:48:32.0856 2516 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS

16:48:32.0871 2516 SRTSP - ok

16:48:32.0903 2516 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS

16:48:32.0903 2516 SRTSPX - ok

16:48:32.0934 2516 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

16:48:32.0996 2516 srv - ok

16:48:33.0012 2516 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

16:48:33.0059 2516 srv2 - ok

16:48:33.0105 2516 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS

16:48:33.0105 2516 SrvHsfHDA - ok

16:48:33.0152 2516 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS

16:48:33.0199 2516 SrvHsfV92 - ok

16:48:33.0246 2516 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS

16:48:33.0277 2516 SrvHsfWinac - ok

16:48:33.0308 2516 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

16:48:33.0324 2516 srvnet - ok

16:48:33.0386 2516 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

16:48:33.0449 2516 SSDPSRV - ok

16:48:33.0464 2516 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

16:48:33.0495 2516 SstpSvc - ok

16:48:33.0527 2516 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

16:48:33.0527 2516 stexstor - ok

16:48:33.0589 2516 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

16:48:33.0605 2516 stisvc - ok

16:48:33.0620 2516 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

16:48:33.0636 2516 swenum - ok

16:48:33.0698 2516 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

16:48:33.0761 2516 swprv - ok

16:48:33.0792 2516 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS

16:48:33.0807 2516 SymDS - ok

16:48:33.0839 2516 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS

16:48:33.0854 2516 SymEFA - ok

16:48:33.0885 2516 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS

16:48:33.0901 2516 SymEvent - ok

16:48:33.0932 2516 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS

16:48:33.0932 2516 SymIRON - ok

16:48:33.0963 2516 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS

16:48:33.0979 2516 SymNetS - ok

16:48:34.0057 2516 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

16:48:34.0088 2516 SynTP - ok

16:48:34.0135 2516 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

16:48:34.0197 2516 SysMain - ok

16:48:34.0213 2516 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

16:48:34.0244 2516 TabletInputService - ok

16:48:34.0291 2516 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

16:48:34.0338 2516 TapiSrv - ok

16:48:34.0369 2516 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

16:48:34.0400 2516 TBS - ok

16:48:34.0478 2516 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\windows\system32\drivers\tcpip.sys

16:48:34.0525 2516 Tcpip - ok

16:48:34.0541 2516 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

16:48:34.0572 2516 TCPIP6 - ok

16:48:34.0619 2516 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

16:48:34.0634 2516 tcpipreg - ok

16:48:34.0681 2516 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

16:48:34.0697 2516 tdcmdpst - ok

16:48:34.0712 2516 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

16:48:34.0743 2516 TDPIPE - ok

16:48:34.0790 2516 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

16:48:34.0806 2516 TDTCP - ok

16:48:34.0837 2516 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

16:48:34.0868 2516 tdx - ok

16:48:34.0884 2516 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

16:48:34.0884 2516 TermDD - ok

16:48:34.0931 2516 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

16:48:34.0993 2516 TermService - ok

16:48:35.0009 2516 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

16:48:35.0024 2516 Themes - ok

16:48:35.0055 2516 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

16:48:35.0087 2516 THREADORDER - ok

16:48:35.0133 2516 [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

16:48:35.0149 2516 TMachInfo - ok

16:48:35.0180 2516 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\Windows\system32\TODDSrv.exe

16:48:35.0180 2516 TODDSrv - ok

16:48:35.0274 2516 [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

16:48:35.0289 2516 TosCoSrv - ok

16:48:35.0336 2516 [ D0F868A67CB4D817A3F7ABEF8C42F49C ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe

16:48:35.0352 2516 TOSHIBA eco Utility Service - ok

16:48:35.0383 2516 [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

16:48:35.0399 2516 TOSHIBA HDD SSD Alert Service - ok

16:48:35.0461 2516 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys

16:48:35.0477 2516 tos_sps64 - ok

16:48:35.0523 2516 [ D65C6B0C070534336B72005391B6168A ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

16:48:35.0555 2516 TPCHSrv - ok

16:48:35.0570 2516 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

16:48:35.0617 2516 TrkWks - ok

16:48:35.0664 2516 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

16:48:35.0711 2516 TrustedInstaller - ok

16:48:35.0726 2516 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

16:48:35.0742 2516 tssecsrv - ok

16:48:35.0773 2516 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

16:48:35.0789 2516 TsUsbFlt - ok

16:48:35.0804 2516 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

16:48:35.0820 2516 TsUsbGD - ok

16:48:35.0867 2516 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

16:48:35.0913 2516 tunnel - ok

16:48:35.0960 2516 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

16:48:35.0960 2516 TVALZ - ok

16:48:36.0007 2516 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys

16:48:36.0007 2516 TVALZFL - ok

16:48:36.0023 2516 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

16:48:36.0038 2516 uagp35 - ok

16:48:36.0069 2516 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

16:48:36.0132 2516 udfs - ok

16:48:36.0163 2516 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

16:48:36.0179 2516 UI0Detect - ok

16:48:36.0194 2516 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

16:48:36.0210 2516 uliagpkx - ok

16:48:36.0225 2516 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

16:48:36.0257 2516 umbus - ok

16:48:36.0288 2516 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys

16:48:36.0303 2516 UmPass - ok

16:48:36.0444 2516 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

16:48:36.0506 2516 UNS - ok

16:48:36.0553 2516 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

16:48:36.0615 2516 upnphost - ok

16:48:36.0647 2516 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

16:48:36.0662 2516 usbccgp - ok

16:48:36.0709 2516 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

16:48:36.0725 2516 usbcir - ok

16:48:36.0740 2516 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys

16:48:36.0771 2516 usbehci - ok

16:48:36.0803 2516 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

16:48:36.0834 2516 usbhub - ok

16:48:36.0849 2516 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

16:48:36.0881 2516 usbohci - ok

16:48:36.0943 2516 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

16:48:36.0974 2516 usbprint - ok

16:48:37.0021 2516 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

16:48:37.0021 2516 usbscan - ok

16:48:37.0068 2516 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

16:48:37.0083 2516 USBSTOR - ok

16:48:37.0130 2516 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

16:48:37.0146 2516 usbuhci - ok

16:48:37.0208 2516 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

16:48:37.0208 2516 usbvideo - ok

16:48:37.0239 2516 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

16:48:37.0286 2516 UxSms - ok

16:48:37.0317 2516 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

16:48:37.0317 2516 VaultSvc - ok

16:48:37.0333 2516 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

16:48:37.0333 2516 vdrvroot - ok

16:48:37.0395 2516 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

16:48:37.0458 2516 vds - ok

16:48:37.0520 2516 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

16:48:37.0520 2516 vga - ok

16:48:37.0536 2516 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

16:48:37.0598 2516 VgaSave - ok

16:48:37.0614 2516 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

16:48:37.0629 2516 vhdmp - ok

16:48:37.0645 2516 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

16:48:37.0661 2516 viaide - ok

16:48:37.0676 2516 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

16:48:37.0692 2516 volmgr - ok

16:48:37.0723 2516 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

16:48:37.0739 2516 volmgrx - ok

16:48:37.0739 2516 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

16:48:37.0754 2516 volsnap - ok

16:48:37.0770 2516 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

16:48:37.0785 2516 vsmraid - ok

16:48:37.0832 2516 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

16:48:37.0910 2516 VSS - ok

16:48:37.0941 2516 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

16:48:37.0973 2516 vwifibus - ok

16:48:38.0004 2516 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

16:48:38.0035 2516 vwififlt - ok

16:48:38.0066 2516 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

16:48:38.0082 2516 vwifimp - ok

16:48:38.0129 2516 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

16:48:38.0160 2516 W32Time - ok

16:48:38.0191 2516 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

16:48:38.0222 2516 WacomPen - ok

16:48:38.0238 2516 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

16:48:38.0300 2516 WANARP - ok

16:48:38.0300 2516 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

16:48:38.0331 2516 Wanarpv6 - ok

16:48:38.0409 2516 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

16:48:38.0441 2516 WatAdminSvc - ok

16:48:38.0487 2516 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

16:48:38.0534 2516 wbengine - ok

16:48:38.0565 2516 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

16:48:38.0581 2516 WbioSrvc - ok

16:48:38.0597 2516 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

16:48:38.0643 2516 wcncsvc - ok

16:48:38.0690 2516 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

16:48:38.0690 2516 WcsPlugInService - ok

16:48:38.0721 2516 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

16:48:38.0737 2516 Wd - ok

16:48:38.0768 2516 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

16:48:38.0784 2516 Wdf01000 - ok

16:48:38.0815 2516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

16:48:38.0846 2516 WdiServiceHost - ok

16:48:38.0862 2516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

16:48:38.0877 2516 WdiSystemHost - ok

16:48:38.0893 2516 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

16:48:38.0940 2516 WebClient - ok

16:48:38.0971 2516 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

16:48:39.0018 2516 Wecsvc - ok

16:48:39.0049 2516 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

16:48:39.0080 2516 wercplsupport - ok

16:48:39.0127 2516 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

16:48:39.0158 2516 WerSvc - ok

16:48:39.0189 2516 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

16:48:39.0221 2516 WfpLwf - ok

16:48:39.0236 2516 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

16:48:39.0236 2516 WIMMount - ok

16:48:39.0267 2516 WinDefend - ok

16:48:39.0283 2516 WinHttpAutoProxySvc - ok

16:48:39.0330 2516 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

16:48:39.0377 2516 Winmgmt - ok

16:48:39.0423 2516 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

16:48:39.0486 2516 WinRM - ok

16:48:39.0548 2516 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

16:48:39.0564 2516 WinUsb - ok

16:48:39.0611 2516 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

16:48:39.0657 2516 Wlansvc - ok

16:48:39.0735 2516 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:48:39.0735 2516 wlcrasvc - ok

16:48:39.0860 2516 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:48:39.0923 2516 wlidsvc - ok

16:48:39.0985 2516 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

16:48:40.0016 2516 WmiAcpi - ok

16:48:40.0047 2516 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

16:48:40.0079 2516 wmiApSrv - ok

16:48:40.0125 2516 WMPNetworkSvc - ok

16:48:40.0141 2516 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

16:48:40.0157 2516 WPCSvc - ok

16:48:40.0172 2516 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

16:48:40.0203 2516 WPDBusEnum - ok

16:48:40.0235 2516 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

16:48:40.0266 2516 ws2ifsl - ok

16:48:40.0281 2516 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll

16:48:40.0328 2516 wscsvc - ok

16:48:40.0328 2516 WSearch - ok

16:48:40.0406 2516 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

16:48:40.0453 2516 wuauserv - ok

16:48:40.0484 2516 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

16:48:40.0515 2516 WudfPf - ok

16:48:40.0547 2516 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

16:48:40.0578 2516 WUDFRd - ok

16:48:40.0609 2516 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

16:48:40.0640 2516 wudfsvc - ok

16:48:40.0687 2516 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll

16:48:40.0718 2516 WwanSvc - ok

16:48:40.0749 2516 ================ Scan global ===============================

16:48:40.0781 2516 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

16:48:40.0796 2516 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

16:48:40.0812 2516 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

16:48:40.0843 2516 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

16:48:40.0859 2516 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

16:48:40.0874 2516 [Global] - ok

16:48:40.0874 2516 ================ Scan MBR ==================================

16:48:40.0874 2516 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

16:48:41.0810 2516 \Device\Harddisk0\DR0 - ok

16:48:41.0810 2516 ================ Scan VBR ==================================

16:48:41.0841 2516 [ 4EB1E2B90BED742042FAA8A67B61B3EC ] \Device\Harddisk0\DR0\Partition1

16:48:41.0841 2516 \Device\Harddisk0\DR0\Partition1 - ok

16:48:41.0841 2516 ============================================================

16:48:41.0841 2516 Scan finished

16:48:41.0841 2516 ============================================================

16:48:41.0857 2508 Detected object count: 2

16:48:41.0857 2508 Actual detected object count: 2

16:49:11.0840 2508 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

16:49:11.0840 2508 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:49:11.0840 2508 rpcnetp ( UnsignedFile.Multi.Generic ) - skipped by user

16:49:11.0840 2508 rpcnetp ( UnsignedFile.Multi.Generic ) - User select action: Skip

August 18, 2013

Combofix went smoothly didn't get the error and the comp didnt have to restart. I shut it down after everything was finished and tried to open windows normal. It was a long start up and was still running very poorly. Let me know if there is anything else I can do to remedy this and thank you for your help!

August 18, 2013

alright here it is, I tried to go into normal windows. Still hanging up. there was about 30 second delay for each task. Really running slow. I removed the 14 threats that malwarebytes reported.

Here's the log:

ComboFix 13-08-16.03 - lucy's 08/17/2013 20:49:47.1.2 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.3270 [GMT -4:00]

Running from: c:\users\lucy's\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2013-07-18 to 2013-08-18 )))))))))))))))))))))))))))))))

.

2013-08-18 00:55 . 2013-08-18 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-17 20:03 . 2013-08-17 20:03 -------- d-----w- c:\windows\ERUNT

2013-08-17 19:15 . 2013-08-17 19:15 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-08-16 16:53 . 2013-08-16 16:53 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-08-16 02:06 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-16 02:05 . 2013-08-16 02:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-14 22:49 . 2013-07-26 03:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-08-14 22:49 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-08-14 22:49 . 2013-07-26 05:13 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-08-14 22:49 . 2013-07-26 05:12 526336 ----a-w- c:\windows\system32\ieui.dll

2013-08-14 22:49 . 2013-07-26 05:12 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2013-08-14 22:49 . 2013-07-26 03:13 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2013-08-14 22:49 . 2013-07-26 03:12 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll

2013-08-14 22:49 . 2013-07-26 03:11 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2013-08-13 21:24 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-08-13 21:24 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-13 21:24 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-08-13 21:24 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-13 21:24 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-08-13 21:24 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-08-13 21:24 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-08-13 21:24 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-08-13 21:24 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-13 21:24 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-08-13 21:17 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C1381C4-FAE3-4F36-BCD6-C40043E93E51}\mpengine.dll

2013-08-12 21:52 . 2013-08-12 22:40 -------- d-----w- C:\Netgear

2013-08-02 17:11 . 2013-08-02 17:11 -------- d-----w- c:\users\lucy's\AppData\Local\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-17 23:21 . 2012-04-02 23:19 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe

2013-08-17 23:21 . 2011-12-30 19:47 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2013-08-17 22:55 . 2012-04-02 23:21 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2013-08-17 22:55 . 2012-04-02 23:19 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll

2013-08-14 22:41 . 2011-10-31 21:44 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-25 22:15 . 2012-04-19 00:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-25 22:15 . 2011-10-26 01:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-09 04:45 . 2013-08-13 21:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-06-05 03:34 . 2013-07-11 04:56 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-11 04:57 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-11 04:57 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-05-20 23:55 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\lucy's\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096]

"GarminExpressTrayApp"="c:\users\lucy's\Desktop\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [x]

R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111026.030\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111026.030\IDSvia64.sys [x]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

R2 Garmin Core Update Service;Garmin Core Update Service;c:\users\lucy's\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\users\lucy's\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]

R2 rpcnetp;rpcnetp;c:\windows\System32\rpcnetp.exe;c:\windows\SYSNATIVE\rpcnetp.exe [x]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-01 16:06 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 22:15]

.

2013-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1889665631-2126717968-3753671527-1000Core.job

- c:\users\lucy's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 20:23]

.

2013-08-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1889665631-2126717968-3753671527-1000UA.job

- c:\users\lucy's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 20:23]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27 19:36]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27 19:36]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>

uInternet Settings,ProxyServer = http=127.0.0.1:49193;https=127.0.0.1:49193

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-BrowserSafeguard - c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-17 20:56:40

ComboFix-quarantined-files.txt 2013-08-18 00:56

.

Pre-Run: 567,474,868,224 bytes free

Post-Run: 568,339,812,352 bytes free

.

- - End Of File - - 6E2116BF684440448A90B029ABBE5BE6

August 17, 2013

Ran quick scan and 14 object detected. I'm assuming I should select and remove them all right?

Here is the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.16.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16660
lucy's :: LUCYS-PC [administrator]

8/17/2013 1:15:47 PM
MBAM-log-2013-08-17 (13-22-51).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\Users\lucy's\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\SetupToparcadehits.exe (Adware.GameVance) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ct3289847\chlogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ct3289847\ielogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\is357113909\Toparcadehits.exe (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\9UM9FPN8\AdKnowledg2SliderASPCAv4.1.22.1_20130506[1].msi (PUP.Optional.WeCare.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\9UM9FPN8\WhiteSmoke_New_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\JLLA5GXJ\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\OMC2CGS2\Setup.exe (PUP.Optional.IBryte.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\QI551W3O\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\QI551W3O\WhiteSmoke_New[1].exe (PUP.Optional.Conduit.A) -> No action taken.

(end)

August 17, 2013

By the way, I almost forgot, thank you for all you guys do! I know you probably don't get a lot of thanks considering how many people you are helping. So just want to let you know that there are people out here who are grateful and really do appreciate your time and effort.

A genuine thank you.

August 17, 2013

Alright, still working in safe mode with networking. After I post this I will reboot and see how it does in regular mode.

Will run malwarebytes to see if it picks anything up.

Will post back to let you know how regular windows is operating.

Here are the logs:

# AdwCleaner v2.306 - Logfile created 08/17/2013 at 12:26:40
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : lucy's - LUCYS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\lucy's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLLA5GXJ\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\lucy's\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\lucy's\AppData\Local\Conduit
Folder Deleted : C:\Users\lucy's\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\lucy's\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\lucy's\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\lucy's\AppData\Roaming\DSite

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Software

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\lucy's\AppData\Local\Google\Chrome\User Data\Default\Preferences

*************************

AdwCleaner[s1].txt - [3486 octets] - [17/08/2013 12:26:40]

########## EOF - C:\AdwCleaner[s1].txt - [3546 octets] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by lucy's on Sat 08/17/2013 at 13:03:04.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C7D3A193-315D-4B76-AB28-126A34B7C921}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\lucy's\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\lucy's\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{0194F7EE-13B1-4760-91EF-A56A9C7EE3CB}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{0E283168-B13F-4D10-AE55-17E1B18725BE}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{141B0554-EAC7-461B-A8DB-2C7EFB10FBB5}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{26D543E8-9223-4A1A-9A1E-E144625818F6}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{388C4F68-BFA4-4D6A-89C0-43731D1D882B}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{38C27648-4D1A-4E1E-8325-6DF473DA32E1}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{3A27E276-34D7-4911-97B9-BE83DECE36F9}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{472786EE-5A06-4922-8411-B943223FCF0B}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{54AED53F-1B84-4911-859B-2ADFBCC7DBB8}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{69A79ED6-36A0-418E-990A-76E4E90E32C4}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{6BD561CB-935B-482A-94BE-57A5188A4FC4}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{791FE7EA-BB6A-486E-BBB9-C7C6ABCFE53C}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{7EF5573E-D349-4F18-B59D-F835802CF4B8}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{83ED88BE-FA12-4C28-84D0-3F91DEC7C507}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{B5DBF216-07FE-49F7-AD17-D633B48F85CD}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{C0AB234B-876F-4310-8210-2D578CBC702D}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{C66C6290-9F8F-4772-9CC8-F694AC1797BC}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{CC6F2284-34D4-443B-B223-64F7905278BE}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{CD8FA225-E97E-48E8-83BA-CCE78ADAA3B0}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{D1D7404A-496F-45DC-9763-342E6A4BC5AA}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{D39FF5EE-2E9E-4A12-AE5A-1B823AF291F7}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{DC072F9F-3720-49C9-8E03-DF5940C375DA}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{EB950394-F712-4896-8548-E23A8F733255}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{F701ECA1-C457-4B08-AF28-9F7CC18AA526}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{F732CAC4-1E12-4B7E-8445-979F04B1320A}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{FC899A8A-69DF-40DB-93DD-C876B93BD595}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 13:05:23.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

August 17, 2013

Internet is hanging up and when it finally opens it redirects to other websites. Computer running extremely slow and automatically opens Skype which cannot be closed.

I tried to run chameleon and I got as far as the command prompt coming up and getting all the way to scanning for malicious process' but after 4-5 hours of hanging there I gave up and gave it a hard reboot. Right now I'm working on the comp in safemode w networking. I also have access to another laptop in case theres something that I need to do from there.

see logs below and let me know if there's anything I can do to clean this up! Thanks in advance!

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/22/2011 7:48:38 PM
System Uptime: 8/16/2013 7:20:55 PM (0 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel® Pentium® CPU B940 @ 2.00GHz | CPU1 | 1995/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 527.265 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP175: 6/28/2013 5:49:57 PM - Restore Operation
RP176: 6/28/2013 5:57:56 PM - Windows Update
RP177: 7/2/2013 1:49:36 PM - Windows Update
RP178: 7/4/2013 3:52:01 PM - Restore Operation
RP179: 7/4/2013 3:59:46 PM - Windows Update
RP180: 7/10/2013 9:56:05 PM - Windows Update
RP181: 7/11/2013 6:30:13 PM - Restore Operation
RP182: 7/11/2013 6:37:02 PM - Windows Update
RP183: 7/13/2013 1:19:58 PM - Windows Update
RP184: 7/18/2013 6:22:06 PM - Windows Update
RP185: 7/25/2013 2:45:14 PM - Windows Update
RP186: 7/31/2013 6:52:35 PM - Windows Update
RP187: 8/6/2013 4:27:46 AM - Windows Update
RP188: 8/9/2013 2:30:43 PM - Windows Update
RP189: 8/12/2013 3:37:38 PM - Restore Operation
RP190: 8/12/2013 3:38:03 PM - Restore Operation
RP191: 8/12/2013 3:45:10 PM - Windows Update
RP192: 8/14/2013 3:40:04 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Amazon Links
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 3
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
D3DX10
DriverTuner 3.1.0.0
Elevated Installer
Facebook Video Calling 1.2.0.287
FATE - The Traitor Soul
Garmin Express
Garmin Express Tray
Garmin Update Service
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 7 (64-bit)
Java 7 Update 9
Java Auto Updater
Java SE Development Kit 7 Update 7 (64-bit)
Java 6 Update 20
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Norton Internet Security
Norton PC Checkup
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
QuickTime
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skype Click to Call
Skype™ 6.5
Synaptics Pointing Device Driver
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/16/2013 9:58:10 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/16/2013 9:51:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
8/16/2013 9:51:02 AM, Error: Service Control Manager [7000] - The Garmin Core Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2013 9:28:46 AM, Error: Service Control Manager [7022] - The Intel® Management and Security Application User Notification Service service hung on starting.
8/16/2013 9:26:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
8/16/2013 9:21:00 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
8/16/2013 9:20:40 AM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
8/16/2013 9:19:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
8/16/2013 9:19:20 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2013 9:18:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
8/16/2013 9:18:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
8/16/2013 9:17:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
8/16/2013 9:14:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
8/16/2013 7:23:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 7:23:20 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 7:22:43 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 7:22:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/16/2013 7:22:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2013 7:22:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/16/2013 7:22:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/16/2013 7:21:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
8/16/2013 7:21:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
8/16/2013 7:21:15 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 7:19:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/16/2013 7:19:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/16/2013 6:45:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 6:43:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/16/2013 6:38:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
8/16/2013 6:26:21 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/16/2013 5:34:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/16/2013 5:33:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/16/2013 5:33:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/16/2013 5:32:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2013 5:00:45 AM, Error: Service Control Manager [7023] -
8/16/2013 5:00:33 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/16/2013 4:25:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/16/2013 4:24:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/16/2013 4:24:59 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2013 10:47:01 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
8/15/2013 6:29:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/15/2013 5:57:20 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
8/15/2013 2:47:51 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
8/15/2013 2:43:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/15/2013 2:43:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
8/15/2013 2:42:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
8/15/2013 2:40:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
8/15/2013 2:40:17 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2013 6:21:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}
8/14/2013 6:20:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect.
8/14/2013 6:20:31 PM, Error: Service Control Manager [7000] - The TPCH Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2013 6:04:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
8/14/2013 5:23:37 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
8/14/2013 5:21:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
8/14/2013 4:23:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/14/2013 4:20:52 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
8/14/2013 4:18:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/14/2013 4:18:46 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.9.2
Run by lucy's at 19:25:36 on 2013-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.3023 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\lucy's\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GarminExpressTrayApp] "C:\Users\lucy's\Desktop\Garmin\Express Tray\ExpressTray.exe"
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{77B944AF-33C2-46CC-B3E5-7BC26DB0B6B0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{77B944AF-33C2-46CC-B3E5-7BC26DB0B6B0}\876696E696479777966696 : DHCPNameServer = 10.250.255.72 10.250.255.73
TCP: Interfaces\{77B944AF-33C2-46CC-B3E5-7BC26DB0B6B0}\B49445B41445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{77B944AF-33C2-46CC-B3E5-7BC26DB0B6B0}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-7-27 1109096]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111026.030\IDSviA64.sys [2011-10-27 488568]
S1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]
S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Users\lucy's\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-15 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-15 701512]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-25 132056]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-7-27 126392]
S2 rpcnetp;rpcnetp;C:\windows\System32\rpcnetp.exe [2011-12-30 17920]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-27 2656280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-16 138912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-8-16 36680]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-15 25928]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-7-27 38096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-7-27 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-7-27 307304]
S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-27 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\windows\System32\WScript.exe "%1" %* [userChoice]
.
=============== Created Last 30 ================
.
2013-08-16 16:53:26 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-08-16 13:57:13 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-16 13:46:45 -------- d-s---w- C:\ComboFix
2013-08-16 02:06:02 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-08-16 02:05:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 22:49:01 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-14 22:49:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-14 22:49:00 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-08-14 22:49:00 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-08-14 22:49:00 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-08-14 22:49:00 236032 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-08-14 22:49:00 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-08-13 21:24:32 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-13 21:24:32 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-13 21:24:32 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-13 21:24:32 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-13 21:24:32 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-13 21:24:32 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-13 21:24:32 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-13 21:24:32 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-13 21:24:17 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-13 21:24:17 2048 ----a-w- C:\windows\System32\tzres.dll
2013-08-13 21:19:33 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C1381C4-FAE3-4F36-BCD6-C40043E93E51}\offreg.dll
2013-08-13 21:17:40 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C1381C4-FAE3-4F36-BCD6-C40043E93E51}\mpengine.dll
2013-08-12 21:52:41 -------- d-----w- C:\Netgear
2013-08-02 17:11:20 -------- d-----w- C:\Users\lucy's\AppData\Local\Apple Computer
2013-07-29 00:42:43 -------- d-----w- C:\Users\lucy's\AppData\Local\{3A27E276-34D7-4911-97B9-BE83DECE36F9}
2013-07-27 17:53:34 -------- d-----w- C:\Users\lucy's\AppData\Local\{388C4F68-BFA4-4D6A-89C0-43731D1D882B}
2013-07-25 21:50:45 -------- d-----w- C:\Users\lucy's\AppData\Local\{F732CAC4-1E12-4B7E-8445-979F04B1320A}
.
==================== Find3M ====================
.
2013-08-17 02:21:05 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe
2013-08-17 02:21:05 17920 ----a-w- C:\windows\System32\rpcnetp.exe
2013-08-16 16:51:18 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll
2013-08-16 16:51:18 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 22:15:30 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-25 22:15:29 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
.
============= FINISH: 19:26:35.40 ===============

November 17, 2012

Thanks for the quick reply! I have already run through the malware removal and believe JeffCE indicated that all malware had been removed. After that process, I began seeing the issues described in my first post (Disc check for consistency, blue screen of death etc.). JeffCE sent me here to deal with the potential hardware/software problems that are going on now. Is there any advice you can give me to get it cleared up? Thank you!

November 17, 2012

Ok, thanks for the response! Attached are the logs that were created after running those two tools.

Thanks again!

Result.txt

dds.txt

attach.txt

November 16, 2012

Anyone have any insight into this? Is there a standard procedure I can follow to check on things and post the logs up?

November 15, 2012

I was redirected here by JeffCE from HiJack this Malware forum. Below is a link to the thread I had there and below that are my two most recent post with the problem I am currently facing with hard disk check for consistency, BSOD and my windows defender, firewall, auto updates being shut down on me.

http://forums.malwarebytes.org/index.php?showtopic=117766&st=20

____________________________________________________________________

So I thought everything was cleared up BUT the other day, I went to shut down and log back in and got a disc crash (not enough memory?) black screen with white writing then the BSOD. STOP errors below:

0x0000007e (0xc0000005, 0x861e9418, 0x8cdb688c, 0x8cdb6588)

So, I thought I was cool since I did so well while following your directions and did some research. I learned that I will have to update Vista OS with SP1 and 2. I tried that but it seems the Malware has (as it's apparently known to do) disabled my windows update, defender, malware protection and pretty much everything else that should protect my comp.

So again, thinking I'm good and stuff, I tried to go into services to turn these things back on and they are not even listed as disabled in services, not even in the list of services that I could find and turn back on. That's where my rabbit trail ends.

When I try to update windows through windows update (also tried to download stand alone to no avail) I got this error: 0x8007000b

Not sure if this is something that you guys handle. Since technically the malware is gone, but the destruction that it has left behind isn't cleaned up and I have no clue which direction to go in.

_______________________________________________________________

While rebooting I still had the same issue. I got the black screen with white writing saying my disk had to be checked for consistency. This leads to the blue screen of death with with the 0x0000007e stop error with mention of BIOS memory settings.

There are a few ways that I get around it:

1. at black screen if gives a 10 second countdown. If I press a key and cancel the check 1 out of 3 times I get to windows.

2. If I let it check the disk=BSOD.

3. If after blue screen I do a hard power down and get back to "system restore" screen and select system restore I get blank screen with nothing for 15-20 minutes (haven't waited longer).

If I go to security center I still can't update or turn on firewall or change any settings. Get the error stating "service is not running" etc.

Any guidance on that is appreciated.

Thanks!

Travis

November 15, 2012

ok will do. Thanks!

November 15, 2012

Below is the Farbar log that I ran after the system reboot. While rebooting I still had the same issue. I got the black screen with white writing saying my disk had to be checked for consistency. This leads to the blue screen of death with with the 0x0000007e stop error with mention of BIOS memory settings.

There are a few ways that I get around it:

1. at black screen if gives a 10 second countdown. If I press a key and cancel the check 1 out of 3 times I get to windows.

2. If I let it check the disk=BSOD.

3. If after blue screen I do a hard power down and get back to "system restore" screen and select system restore I get blank screen with nothing for 15-20 minutes (haven't waited longer).

If I go to security center I still can't update or turn on firewall or change any settings. Get the error stating "service is not running" etc.

Any guidance on that is appreciated.

Farbar Service Scanner Version: 09-11-2012

Ran by Trav (administrator) on 14-11-2012 at 21:08:32

Running from "C:\Users\Trav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQXU2RBP"

Windows Vista Home Premium (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll

[2006-11-02 03:56] - [2006-11-02 04:46] - 0204800 ____A (Microsoft Corporation) 17210D8064EC116A3FC6B5E45E577D43

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

November 14, 2012

Farbar Service Scanner Version: 09-11-2012

Ran by Trav (administrator) on 14-11-2012 at 17:35:09

Running from "C:\Users\Trav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQXU2RBP"

Windows Vista Home Premium (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll

[2006-11-02 03:56] - [2006-11-02 04:46] - 0204800 ____A (Microsoft Corporation) 17210D8064EC116A3FC6B5E45E577D43

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

November 14, 2012

YES! I was hoping there was some really cool tool that someone made for this issue. I had a basketball game last night so couldn't run it and at work today but will get this done this afternoon and post the log around 5:30 or 6.

Thanks Jeff!

November 13, 2012

Unfortunately, I'm back...

So I thought everything was cleared up BUT the other day, I went to shut down and log back in and got a disc crash (not enough memory?) black screen with white writing then the BSOD. STOP errors below:

0x0000007e (0xc0000005, 0x861e9418, 0x8cdb688c, 0x8cdb6588)

So, I thought I was cool since I did so well while following your directions and did some research. I learned that I will have to update Vista OS with SP1 and 2. I tried that but it seems the Malware has (as it's apparently known to do) disabled my windows update, defender, malware protection and pretty much everything else that should protect my comp.

So again, thinking I'm good and stuff, I tried to go into services to turn these things back on and they are not even listed as disabled in services, not even in the list of services that I could find and turn back on. That's where my rabbit trail ends.

When I try to update windows through windows update (also tried to download stand alone to no avail) I got this error: 0x8007000b

Not sure if this is something that you guys handle. Since technically the malware is gone, but the destruction that it has left behind isn't cleaned up and I have no clue which direction to go in.

Any advice is greatly appreciated!

Thanks!

November 8, 2012

I don't think so. If it's quarantined does that mean I'm good to go? How about a preventative plan to keep this from happening again? Does Malwarebytes premium offer the full range of protection or would I have to use it in conjunction with an anti virus program?

November 8, 2012

ESET log

C:\Qoobox\Quarantine\C\Windows\System32\drivers\_cfa9ec882a0a98d6_.sys.zip a variant of Win32/Rootkit.Kryptik.PG trojan

November 8, 2012

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.07.10

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.17037

Travis :: TRAVIS-PC [administrator]

Protection: Disabled

11/7/2012 7:23:22 PM

mbam-log-2012-11-07 (19-29-02).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 225400

Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> No action taken.

Files Detected: 1

C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> No action taken.

(end)

November 7, 2012

I was just looking up deleting profiles in Vista. I'm not sure but this may lead to problems as my profile is the main profile or administrator, I believe. One post I found indicated maybe I should password protect it? Anyway, I'm going to do what you mentioned above before I try to delete the profile.

A new computer is looking better and better at this point! Not that ours is completely obsolete but I know there's new tech out that is better/faster. If we end up going that route, do you have any suggestions in the $300-$400 range for a laptop? We pretty much only use it for internet access, music and maybe a DVD here and there. No gaming or anything crazy. Thanks!

Events

Profiles

Forums

Posts posted by wallysurfr

Important Information