Jump to content

Internet redirecting - computer hanging up - logs embedded

wallysurfr
 Share

Recommended Posts

wallysurfr

wallysurfr

Posted
Posted

Internet is hanging up and when it finally opens it redirects to other websites.  Computer running extremely slow and automatically opens Skype which cannot be closed.

 

I tried to run chameleon and I got as far as the command prompt coming up and getting all the way to scanning for malicious process' but after 4-5 hours of hanging there I gave up and gave it a hard reboot.  Right now I'm working on the comp in safemode w networking.  I also have access to another laptop in case theres something that I need to do from there.

 

see logs below and let me know if there's anything I can do to clean this up!  Thanks in advance!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/22/2011 7:48:38 PM
System Uptime: 8/16/2013 7:20:55 PM (0 hours ago)
.
Motherboard: Intel Corp. |  | Base Board Product Name
Processor: Intel® Pentium® CPU B940 @ 2.00GHz | CPU1 | 1995/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 527.265 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP175: 6/28/2013 5:49:57 PM - Restore Operation
RP176: 6/28/2013 5:57:56 PM - Windows Update
RP177: 7/2/2013 1:49:36 PM - Windows Update
RP178: 7/4/2013 3:52:01 PM - Restore Operation
RP179: 7/4/2013 3:59:46 PM - Windows Update
RP180: 7/10/2013 9:56:05 PM - Windows Update
RP181: 7/11/2013 6:30:13 PM - Restore Operation
RP182: 7/11/2013 6:37:02 PM - Windows Update
RP183: 7/13/2013 1:19:58 PM - Windows Update
RP184: 7/18/2013 6:22:06 PM - Windows Update
RP185: 7/25/2013 2:45:14 PM - Windows Update
RP186: 7/31/2013 6:52:35 PM - Windows Update
RP187: 8/6/2013 4:27:46 AM - Windows Update
RP188: 8/9/2013 2:30:43 PM - Windows Update
RP189: 8/12/2013 3:37:38 PM - Restore Operation
RP190: 8/12/2013 3:38:03 PM - Restore Operation
RP191: 8/12/2013 3:45:10 PM - Windows Update
RP192: 8/14/2013 3:40:04 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Amazon Links
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 3
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
D3DX10
DriverTuner 3.1.0.0
Elevated Installer
Facebook Video Calling 1.2.0.287
FATE - The Traitor Soul
Garmin Express
Garmin Express Tray
Garmin Update Service
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 7 (64-bit)
Java 7 Update 9
Java Auto Updater
Java SE Development Kit 7 Update 7 (64-bit)
Java 6 Update 20
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Norton Internet Security
Norton PC Checkup
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
QuickTime
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skype Click to Call
Skype™ 6.5
Synaptics Pointing Device Driver
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/16/2013 9:58:10 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
8/16/2013 9:51:02 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
8/16/2013 9:51:02 AM, Error: Service Control Manager [7000]  - The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/16/2013 9:28:46 AM, Error: Service Control Manager [7022]  - The Intel® Management and Security Application User Notification Service service hung on starting.
8/16/2013 9:26:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
8/16/2013 9:21:00 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
8/16/2013 9:20:40 AM, Error: Service Control Manager [7022]  - The Function Discovery Provider Host service hung on starting.
8/16/2013 9:19:20 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
8/16/2013 9:19:20 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/16/2013 9:18:47 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
8/16/2013 9:18:43 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
8/16/2013 9:17:39 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
8/16/2013 9:14:01 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
8/16/2013 7:23:50 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 7:23:20 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 7:22:43 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 7:22:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/16/2013 7:22:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2013 7:22:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/16/2013 7:22:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/16/2013 7:21:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
8/16/2013 7:21:20 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
8/16/2013 7:21:15 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 7:19:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/16/2013 7:19:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/16/2013 6:45:46 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 6:43:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/16/2013 6:38:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
8/16/2013 6:26:21 AM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/16/2013 5:34:32 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/16/2013 5:33:51 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/16/2013 5:33:51 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/16/2013 5:32:49 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/16/2013 5:32:43 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/16/2013 5:00:45 AM, Error: Service Control Manager [7023]  -
8/16/2013 5:00:33 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/16/2013 4:25:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/16/2013 4:24:59 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/16/2013 4:24:59 AM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/16/2013 10:47:01 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
8/15/2013 6:29:06 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/15/2013 5:57:20 PM, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
8/15/2013 2:47:51 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
8/15/2013 2:43:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/15/2013 2:43:21 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
8/15/2013 2:42:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
8/15/2013 2:40:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
8/15/2013 2:40:17 PM, Error: Service Control Manager [7000]  - The Client Virtualization Handler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/14/2013 6:21:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}
8/14/2013 6:20:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect.
8/14/2013 6:20:31 PM, Error: Service Control Manager [7000]  - The TPCH Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/14/2013 6:04:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
8/14/2013 5:23:37 PM, Error: Service Control Manager [7022]  - The Windows Defender service hung on starting.
8/14/2013 5:21:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
8/14/2013 4:23:09 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/14/2013 4:20:52 PM, Error: Service Control Manager [7022]  - The Security Center service hung on starting.
8/14/2013 4:18:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/14/2013 4:18:46 PM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.9.2
Run by lucy's at 19:25:36 on 2013-08-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.3023 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uProxyOverride = <local>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\lucy's\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GarminExpressTrayApp] "C:\Users\lucy's\Desktop\Garmin\Express Tray\ExpressTray.exe"
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll




TCP: NameServer = 192.168.1.1
TCP: Interfaces\{77B944AF-33C2-46CC-B3E5-7BC26DB0B6B0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{77B944AF-33C2-46CC-B3E5-7BC26DB0B6B0}\876696E696479777966696 : DHCPNameServer = 10.250.255.72 10.250.255.73
TCP: Interfaces\{77B944AF-33C2-46CC-B3E5-7BC26DB0B6B0}\B49445B41445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{77B944AF-33C2-46CC-B3E5-7BC26DB0B6B0}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-7-27 1109096]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111026.030\IDSviA64.sys [2011-10-27 488568]
S1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]
S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Users\lucy's\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-15 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-15 701512]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-25 132056]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-7-27 126392]
S2 rpcnetp;rpcnetp;C:\windows\System32\rpcnetp.exe [2011-12-30 17920]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-27 2656280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-16 138912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-8-16 36680]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-15 25928]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-7-27 38096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-7-27 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-7-27 307304]
S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-27 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\windows\System32\WScript.exe "%1" %* [userChoice]
.
=============== Created Last 30 ================
.
2013-08-16 16:53:26 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-08-16 13:57:13 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-16 13:46:45 -------- d-s---w- C:\ComboFix
2013-08-16 02:06:02 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-08-16 02:05:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 22:49:01 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-14 22:49:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-14 22:49:00 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-08-14 22:49:00 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-08-14 22:49:00 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-08-14 22:49:00 236032 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-08-14 22:49:00 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-08-13 21:24:32 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-13 21:24:32 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-13 21:24:32 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-13 21:24:32 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-13 21:24:32 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-13 21:24:32 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-13 21:24:32 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-13 21:24:32 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-13 21:24:17 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-13 21:24:17 2048 ----a-w- C:\windows\System32\tzres.dll
2013-08-13 21:19:33 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C1381C4-FAE3-4F36-BCD6-C40043E93E51}\offreg.dll
2013-08-13 21:17:40 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C1381C4-FAE3-4F36-BCD6-C40043E93E51}\mpengine.dll
2013-08-12 21:52:41 -------- d-----w- C:\Netgear
2013-08-02 17:11:20 -------- d-----w- C:\Users\lucy's\AppData\Local\Apple Computer
2013-07-29 00:42:43 -------- d-----w- C:\Users\lucy's\AppData\Local\{3A27E276-34D7-4911-97B9-BE83DECE36F9}
2013-07-27 17:53:34 -------- d-----w- C:\Users\lucy's\AppData\Local\{388C4F68-BFA4-4D6A-89C0-43731D1D882B}
2013-07-25 21:50:45 -------- d-----w- C:\Users\lucy's\AppData\Local\{F732CAC4-1E12-4B7E-8445-979F04B1320A}
.
==================== Find3M  ====================
.
2013-08-17 02:21:05 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe
2013-08-17 02:21:05 17920 ----a-w- C:\windows\System32\rpcnetp.exe
2013-08-16 16:51:18 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll
2013-08-16 16:51:18 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 22:15:30 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-25 22:15:29 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
.
============= FINISH: 19:26:35.40 ===============

 


 

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello wallysurfr

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted

Alright, still working in safe mode with networking.  After I post this I will reboot and see how it does in regular mode.

 

Will run malwarebytes to see if it picks anything up.

Will post back to let you know how regular windows is operating.

 

Here are the logs:

 

# AdwCleaner v2.306 - Logfile created 08/17/2013 at 12:26:40
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : lucy's - LUCYS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\lucy's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLLA5GXJ\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\lucy's\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\lucy's\AppData\Local\Conduit
Folder Deleted : C:\Users\lucy's\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\lucy's\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\lucy's\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\lucy's\AppData\Roaming\DSite

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Software

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\lucy's\AppData\Local\Google\Chrome\User Data\Default\Preferences

*************************

AdwCleaner[s1].txt - [3486 octets] - [17/08/2013 12:26:40]

########## EOF - C:\AdwCleaner[s1].txt - [3546 octets] ##########

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by lucy's on Sat 08/17/2013 at 13:03:04.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C7D3A193-315D-4B76-AB28-126A34B7C921}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\lucy's\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\lucy's\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{0194F7EE-13B1-4760-91EF-A56A9C7EE3CB}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{0E283168-B13F-4D10-AE55-17E1B18725BE}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{141B0554-EAC7-461B-A8DB-2C7EFB10FBB5}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{26D543E8-9223-4A1A-9A1E-E144625818F6}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{388C4F68-BFA4-4D6A-89C0-43731D1D882B}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{38C27648-4D1A-4E1E-8325-6DF473DA32E1}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{3A27E276-34D7-4911-97B9-BE83DECE36F9}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{472786EE-5A06-4922-8411-B943223FCF0B}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{54AED53F-1B84-4911-859B-2ADFBCC7DBB8}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{69A79ED6-36A0-418E-990A-76E4E90E32C4}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{6BD561CB-935B-482A-94BE-57A5188A4FC4}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{791FE7EA-BB6A-486E-BBB9-C7C6ABCFE53C}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{7EF5573E-D349-4F18-B59D-F835802CF4B8}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{83ED88BE-FA12-4C28-84D0-3F91DEC7C507}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{B5DBF216-07FE-49F7-AD17-D633B48F85CD}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{C0AB234B-876F-4310-8210-2D578CBC702D}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{C66C6290-9F8F-4772-9CC8-F694AC1797BC}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{CC6F2284-34D4-443B-B223-64F7905278BE}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{CD8FA225-E97E-48E8-83BA-CCE78ADAA3B0}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{D1D7404A-496F-45DC-9763-342E6A4BC5AA}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{D39FF5EE-2E9E-4A12-AE5A-1B823AF291F7}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{DC072F9F-3720-49C9-8E03-DF5940C375DA}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{EB950394-F712-4896-8548-E23A8F733255}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{F701ECA1-C457-4B08-AF28-9F7CC18AA526}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{F732CAC4-1E12-4B7E-8445-979F04B1320A}
Successfully deleted: [Empty Folder] C:\Users\lucy's\appdata\local\{FC899A8A-69DF-40DB-93DD-C876B93BD595}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 13:05:23.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted

By the way, I almost forgot, thank you for all you guys do!  I know you probably don't get a lot of thanks considering how many people you are helping.  So just want to let you know that there are people out here who are grateful and really do appreciate your time and effort. 

 

A genuine thank you.

Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted

Ran quick scan and 14 object detected.  I'm assuming I should select and remove them all right? 

 

Here is the log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.16.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16660
lucy's :: LUCYS-PC [administrator]

8/17/2013 1:15:47 PM
MBAM-log-2013-08-17 (13-22-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223971
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\Users\lucy's\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\SetupToparcadehits.exe (Adware.GameVance) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ct3289847\chlogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ct3289847\ielogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\AppData\Local\Temp\is357113909\Toparcadehits.exe (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\9UM9FPN8\AdKnowledg2SliderASPCAv4.1.22.1_20130506[1].msi (PUP.Optional.WeCare.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\9UM9FPN8\WhiteSmoke_New_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\JLLA5GXJ\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\OMC2CGS2\Setup.exe (PUP.Optional.IBryte.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\QI551W3O\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\lucy's\Local Settings\Temporary Internet Files\Content.IE5\QI551W3O\WhiteSmoke_New[1].exe (PUP.Optional.Conduit.A) -> No action taken.

(end)

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello wallysurfr

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted

alright here it is, I tried to go into normal windows.  Still hanging up.  there was about 30 second delay for each task.  Really running slow.  I removed the 14 threats that malwarebytes reported.

 

Here's the log:

 

ComboFix 13-08-16.03 - lucy's 08/17/2013  20:49:47.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.3270 [GMT -4:00]
Running from: c:\users\lucy's\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-18 to 2013-08-18  )))))))))))))))))))))))))))))))
.
.
2013-08-18 00:55 . 2013-08-18 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-17 20:03 . 2013-08-17 20:03 -------- d-----w- c:\windows\ERUNT
2013-08-17 19:15 . 2013-08-17 19:15 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-08-16 16:53 . 2013-08-16 16:53 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-16 02:06 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-16 02:05 . 2013-08-16 02:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-14 22:49 . 2013-07-26 03:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-14 22:49 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-08-14 22:49 . 2013-07-26 05:13 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-08-14 22:49 . 2013-07-26 05:12 526336 ----a-w- c:\windows\system32\ieui.dll
2013-08-14 22:49 . 2013-07-26 05:12 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-08-14 22:49 . 2013-07-26 03:13 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-08-14 22:49 . 2013-07-26 03:12 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-08-14 22:49 . 2013-07-26 03:11 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-08-13 21:24 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-13 21:24 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-13 21:24 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-13 21:24 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-13 21:24 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-13 21:24 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-13 21:24 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-13 21:24 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-13 21:24 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-13 21:24 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-13 21:17 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C1381C4-FAE3-4F36-BCD6-C40043E93E51}\mpengine.dll
2013-08-12 21:52 . 2013-08-12 22:40 -------- d-----w- C:\Netgear
2013-08-02 17:11 . 2013-08-02 17:11 -------- d-----w- c:\users\lucy's\AppData\Local\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-17 23:21 . 2012-04-02 23:19 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-08-17 23:21 . 2011-12-30 19:47 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-08-17 22:55 . 2012-04-02 23:21 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-08-17 22:55 . 2012-04-02 23:19 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-08-14 22:41 . 2011-10-31 21:44 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-25 22:15 . 2012-04-19 00:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-25 22:15 . 2011-10-26 01:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-08-13 21:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-05 03:34 . 2013-07-11 04:56 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 04:57 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 04:57 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-20 23:55 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\lucy's\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096]
"GarminExpressTrayApp"="c:\users\lucy's\Desktop\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111026.030\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111026.030\IDSvia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\users\lucy's\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\users\lucy's\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
R2 rpcnetp;rpcnetp;c:\windows\System32\rpcnetp.exe;c:\windows\SYSNATIVE\rpcnetp.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 16:06 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 22:15]
.
2013-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1889665631-2126717968-3753671527-1000Core.job
- c:\users\lucy's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 20:23]
.
2013-08-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1889665631-2126717968-3753671527-1000UA.job
- c:\users\lucy's\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 20:23]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27 19:36]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-27 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49193;https=127.0.0.1:49193
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BrowserSafeguard - c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-17  20:56:40
ComboFix-quarantined-files.txt  2013-08-18 00:56
.
Pre-Run: 567,474,868,224 bytes free
Post-Run: 568,339,812,352 bytes free
.
- - End Of File - - 6E2116BF684440448A90B029ABBE5BE6
 
Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted

Combofix went smoothly didn't get the error and the comp didnt have to restart.  I shut it down after everything was finished and tried to open windows normal.  It was a long start up and was still running very poorly.  Let me know if there is anything else I can do to remedy this and thank you for your help!

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello wallysurfr

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================

    Scan finished

    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted

TDS Killer

 

I couldnt get it to reboot into normal windows after the program ran and did the auto shut down.  It went BSOD physical dump of memory so I booted to safe w networking and ran it without checking the one box.  So not sure if it downloaded the driver it needed.  2 suspicious files found.  Here is the log:

 

16:47:16.0306 2148  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:47:16.0665 2148  ============================================================
16:47:16.0665 2148  Current date / time: 2013/08/18 16:47:16.0665
16:47:16.0665 2148  SystemInfo:
16:47:16.0665 2148  
16:47:16.0665 2148  OS Version: 6.1.7601 ServicePack: 1.0
16:47:16.0665 2148  Product type: Workstation
16:47:16.0665 2148  ComputerName: LUCYS-PC
16:47:16.0665 2148  UserName: lucy's
16:47:16.0665 2148  Windows directory: C:\windows
16:47:16.0665 2148  System windows directory: C:\windows
16:47:16.0665 2148  Running under WOW64
16:47:16.0665 2148  Processor architecture: Intel x64
16:47:16.0665 2148  Number of processors: 2
16:47:16.0665 2148  Page size: 0x1000
16:47:16.0665 2148  Boot type: Safe boot with network
16:47:16.0665 2148  ============================================================
16:47:18.0631 2148  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:18.0631 2148  ============================================================
16:47:18.0631 2148  \Device\Harddisk0\DR0:
16:47:18.0631 2148  MBR partitions:
16:47:18.0631 2148  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800
16:47:18.0631 2148  ============================================================
16:47:18.0693 2148  C: <-> \Device\Harddisk0\DR0\Partition1
16:47:18.0693 2148  ============================================================
16:47:18.0693 2148  Initialize success
16:47:18.0693 2148  ============================================================
16:48:08.0551 2516  ============================================================
16:48:08.0551 2516  Scan started
16:48:08.0551 2516  Mode: Manual; SigCheck; TDLFS; 
16:48:08.0551 2516  ============================================================
16:48:08.0676 2516  ================ Scan system memory ========================
16:48:08.0676 2516  System memory - ok
16:48:08.0676 2516  ================ Scan services =============================
16:48:08.0941 2516  07357328 - ok
16:48:09.0003 2516  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:48:09.0113 2516  1394ohci - ok
16:48:09.0175 2516  52299872 - ok
16:48:09.0222 2516  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:48:09.0237 2516  ACPI - ok
16:48:09.0269 2516  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:48:09.0347 2516  AcpiPmi - ok
16:48:09.0534 2516  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:48:09.0549 2516  AdobeARMservice - ok
16:48:09.0737 2516  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:09.0737 2516  AdobeFlashPlayerUpdateSvc - ok
16:48:09.0830 2516  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
16:48:09.0846 2516  adp94xx - ok
16:48:09.0893 2516  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
16:48:09.0908 2516  adpahci - ok
16:48:09.0939 2516  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
16:48:09.0939 2516  adpu320 - ok
16:48:09.0986 2516  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:48:10.0236 2516  AeLookupSvc - ok
16:48:10.0298 2516  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
16:48:10.0361 2516  AFD - ok
16:48:10.0423 2516  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
16:48:10.0439 2516  agp440 - ok
16:48:10.0501 2516  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
16:48:10.0532 2516  ALG - ok
16:48:10.0579 2516  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
16:48:10.0595 2516  aliide - ok
16:48:10.0626 2516  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
16:48:10.0626 2516  amdide - ok
16:48:10.0688 2516  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
16:48:10.0719 2516  AmdK8 - ok
16:48:10.0751 2516  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
16:48:10.0797 2516  AmdPPM - ok
16:48:10.0844 2516  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:48:10.0860 2516  amdsata - ok
16:48:10.0907 2516  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
16:48:10.0922 2516  amdsbs - ok
16:48:10.0953 2516  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:48:10.0969 2516  amdxata - ok
16:48:11.0016 2516  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
16:48:11.0141 2516  AppID - ok
16:48:11.0172 2516  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:48:11.0219 2516  AppIDSvc - ok
16:48:11.0281 2516  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
16:48:11.0328 2516  Appinfo - ok
16:48:11.0390 2516  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
16:48:11.0390 2516  arc - ok
16:48:11.0421 2516  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
16:48:11.0421 2516  arcsas - ok
16:48:11.0453 2516  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:48:11.0499 2516  AsyncMac - ok
16:48:11.0531 2516  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
16:48:11.0531 2516  atapi - ok
16:48:11.0609 2516  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:48:11.0671 2516  AudioEndpointBuilder - ok
16:48:11.0671 2516  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:48:11.0718 2516  AudioSrv - ok
16:48:11.0765 2516  [ 0B2520AA90C20971BDB45AE6F3047E0F ] avgtp           C:\windows\system32\drivers\avgtpx64.sys
16:48:11.0780 2516  avgtp - ok
16:48:11.0843 2516  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:48:11.0936 2516  AxInstSV - ok
16:48:11.0999 2516  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
16:48:12.0045 2516  b06bdrv - ok
16:48:12.0061 2516  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:48:12.0108 2516  b57nd60a - ok
16:48:12.0155 2516  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
16:48:12.0186 2516  BDESVC - ok
16:48:12.0217 2516  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
16:48:12.0279 2516  Beep - ok
16:48:12.0326 2516  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
16:48:12.0389 2516  BFE - ok
16:48:12.0545 2516  [ CD0ECB395666FC9AE23D7381E9E3370D ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys
16:48:12.0576 2516  BHDrvx64 - ok
16:48:12.0607 2516  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
16:48:12.0685 2516  BITS - ok
16:48:12.0716 2516  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:48:12.0747 2516  blbdrive - ok
16:48:12.0779 2516  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:48:12.0825 2516  bowser - ok
16:48:12.0888 2516  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
16:48:12.0919 2516  BrFiltLo - ok
16:48:12.0935 2516  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
16:48:12.0935 2516  BrFiltUp - ok
16:48:12.0981 2516  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
16:48:13.0028 2516  BridgeMP - ok
16:48:13.0059 2516  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
16:48:13.0091 2516  Browser - ok
16:48:13.0137 2516  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:48:13.0184 2516  Brserid - ok
16:48:13.0200 2516  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:48:13.0231 2516  BrSerWdm - ok
16:48:13.0262 2516  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:48:13.0293 2516  BrUsbMdm - ok
16:48:13.0309 2516  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:48:13.0340 2516  BrUsbSer - ok
16:48:13.0371 2516  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
16:48:13.0403 2516  BTHMODEM - ok
16:48:13.0465 2516  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
16:48:13.0512 2516  bthserv - ok
16:48:13.0559 2516  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:48:13.0621 2516  cdfs - ok
16:48:13.0652 2516  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:48:13.0683 2516  cdrom - ok
16:48:13.0730 2516  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
16:48:13.0777 2516  CertPropSvc - ok
16:48:13.0824 2516  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
16:48:13.0855 2516  circlass - ok
16:48:13.0886 2516  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
16:48:13.0902 2516  CLFS - ok
16:48:13.0964 2516  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:13.0964 2516  clr_optimization_v2.0.50727_32 - ok
16:48:14.0011 2516  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:48:14.0027 2516  clr_optimization_v2.0.50727_64 - ok
16:48:14.0120 2516  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:14.0151 2516  clr_optimization_v4.0.30319_32 - ok
16:48:14.0276 2516  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:48:14.0292 2516  clr_optimization_v4.0.30319_64 - ok
16:48:14.0339 2516  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:48:14.0370 2516  CmBatt - ok
16:48:14.0401 2516  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:48:14.0417 2516  cmdide - ok
16:48:14.0448 2516  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
16:48:14.0495 2516  CNG - ok
16:48:14.0573 2516  [ 66847C979893A11CFCC2280E772D7EA1 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
16:48:14.0604 2516  CnxtHdAudService - ok
16:48:14.0666 2516  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
16:48:14.0666 2516  Compbatt - ok
16:48:14.0697 2516  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
16:48:14.0729 2516  CompositeBus - ok
16:48:14.0760 2516  COMSysApp - ok
16:48:14.0775 2516  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
16:48:14.0791 2516  crcdisk - ok
16:48:14.0853 2516  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:48:14.0885 2516  CryptSvc - ok
16:48:14.0994 2516  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:48:15.0025 2516  cvhsvc - ok
16:48:15.0072 2516  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:48:15.0134 2516  DcomLaunch - ok
16:48:15.0181 2516  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
16:48:15.0243 2516  defragsvc - ok
16:48:15.0290 2516  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:48:15.0337 2516  DfsC - ok
16:48:15.0399 2516  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
16:48:15.0446 2516  Dhcp - ok
16:48:15.0493 2516  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
16:48:15.0555 2516  discache - ok
16:48:15.0587 2516  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
16:48:15.0602 2516  Disk - ok
16:48:15.0665 2516  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:48:15.0696 2516  Dnscache - ok
16:48:15.0743 2516  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
16:48:15.0805 2516  dot3svc - ok
16:48:15.0821 2516  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
16:48:15.0867 2516  DPS - ok
16:48:15.0930 2516  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:48:15.0961 2516  drmkaud - ok
16:48:16.0008 2516  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:48:16.0039 2516  DXGKrnl - ok
16:48:16.0086 2516  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
16:48:16.0148 2516  EapHost - ok
16:48:16.0242 2516  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
16:48:16.0304 2516  ebdrv - ok
16:48:16.0367 2516  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:48:16.0382 2516  eeCtrl - ok
16:48:16.0398 2516  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
16:48:16.0445 2516  EFS - ok
16:48:16.0491 2516  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:48:16.0538 2516  ehRecvr - ok
16:48:16.0569 2516  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
16:48:16.0569 2516  ehSched - ok
16:48:16.0601 2516  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
16:48:16.0632 2516  elxstor - ok
16:48:16.0632 2516  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:48:16.0647 2516  ErrDev - ok
16:48:16.0694 2516  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
16:48:16.0757 2516  EventSystem - ok
16:48:16.0788 2516  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
16:48:16.0819 2516  exfat - ok
16:48:16.0850 2516  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:48:16.0897 2516  fastfat - ok
16:48:16.0944 2516  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
16:48:16.0991 2516  Fax - ok
16:48:17.0006 2516  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
16:48:17.0037 2516  fdc - ok
16:48:17.0069 2516  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
16:48:17.0115 2516  fdPHost - ok
16:48:17.0162 2516  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
16:48:17.0193 2516  FDResPub - ok
16:48:17.0209 2516  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:48:17.0225 2516  FileInfo - ok
16:48:17.0240 2516  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:48:17.0303 2516  Filetrace - ok
16:48:17.0334 2516  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
16:48:17.0349 2516  flpydisk - ok
16:48:17.0381 2516  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:48:17.0396 2516  FltMgr - ok
16:48:17.0537 2516  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
16:48:17.0568 2516  FontCache - ok
16:48:17.0615 2516  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:17.0615 2516  FontCache3.0.0.0 - ok
16:48:17.0630 2516  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:48:17.0646 2516  FsDepends - ok
16:48:17.0661 2516  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:48:17.0661 2516  Fs_Rec - ok
16:48:17.0724 2516  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:48:17.0739 2516  fvevol - ok
16:48:17.0771 2516  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
16:48:17.0771 2516  gagp30kx - ok
16:48:17.0833 2516  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:48:17.0833 2516  GamesAppService - ok
16:48:17.0973 2516  [ 2973B4EB7BE10A0D491B2037DCAAE88F ] Garmin Core Update Service C:\Users\lucy's\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
16:48:17.0989 2516  Garmin Core Update Service - ok
16:48:18.0020 2516  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
16:48:18.0051 2516  gpsvc - ok
16:48:18.0145 2516  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:48:18.0145 2516  gupdate - ok
16:48:18.0192 2516  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:48:18.0192 2516  gupdatem - ok
16:48:18.0239 2516  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:48:18.0270 2516  hcw85cir - ok
16:48:18.0301 2516  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:48:18.0332 2516  HdAudAddService - ok
16:48:18.0348 2516  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
16:48:18.0379 2516  HDAudBus - ok
16:48:18.0379 2516  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
16:48:18.0410 2516  HidBatt - ok
16:48:18.0441 2516  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
16:48:18.0473 2516  HidBth - ok
16:48:18.0504 2516  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
16:48:18.0519 2516  HidIr - ok
16:48:18.0535 2516  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
16:48:18.0597 2516  hidserv - ok
16:48:18.0660 2516  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
16:48:18.0660 2516  HidUsb - ok
16:48:18.0691 2516  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:48:18.0753 2516  hkmsvc - ok
16:48:18.0785 2516  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:48:18.0800 2516  HomeGroupListener - ok
16:48:18.0847 2516  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:48:18.0878 2516  HomeGroupProvider - ok
16:48:18.0909 2516  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:48:18.0909 2516  HpSAMD - ok
16:48:18.0941 2516  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:48:19.0003 2516  HTTP - ok
16:48:19.0034 2516  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:48:19.0050 2516  hwpolicy - ok
16:48:19.0097 2516  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
16:48:19.0097 2516  i8042prt - ok
16:48:19.0190 2516  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:48:19.0206 2516  iaStor - ok
16:48:19.0284 2516  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:48:19.0299 2516  iaStorV - ok
16:48:19.0393 2516  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:48:19.0424 2516  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:48:19.0424 2516  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:48:19.0471 2516  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:19.0487 2516  idsvc - ok
16:48:19.0549 2516  [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111026.030\IDSvia64.sys
16:48:19.0565 2516  IDSVia64 - ok
16:48:19.0799 2516  [ 370C2A8629B30F910F740387795DDC6F ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
16:48:20.0126 2516  igfx - ok
16:48:20.0157 2516  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
16:48:20.0173 2516  iirsp - ok
16:48:20.0220 2516  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
16:48:20.0282 2516  IKEEXT - ok
16:48:20.0345 2516  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
16:48:20.0360 2516  IntcDAud - ok
16:48:20.0391 2516  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
16:48:20.0407 2516  intelide - ok
16:48:20.0438 2516  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:48:20.0469 2516  intelppm - ok
16:48:20.0516 2516  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:48:20.0579 2516  IPBusEnum - ok
16:48:20.0610 2516  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:48:20.0641 2516  IpFilterDriver - ok
16:48:20.0688 2516  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:48:20.0735 2516  iphlpsvc - ok
16:48:20.0750 2516  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:48:20.0766 2516  IPMIDRV - ok
16:48:20.0813 2516  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:48:20.0875 2516  IPNAT - ok
16:48:20.0922 2516  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:48:20.0937 2516  IRENUM - ok
16:48:20.0937 2516  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:48:20.0937 2516  isapnp - ok
16:48:20.0953 2516  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:48:20.0969 2516  iScsiPrt - ok
16:48:20.0984 2516  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:48:21.0000 2516  kbdclass - ok
16:48:21.0015 2516  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
16:48:21.0047 2516  kbdhid - ok
16:48:21.0062 2516  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
16:48:21.0078 2516  KeyIso - ok
16:48:21.0093 2516  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:48:21.0109 2516  KSecDD - ok
16:48:21.0140 2516  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:48:21.0156 2516  KSecPkg - ok
16:48:21.0203 2516  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:48:21.0265 2516  ksthunk - ok
16:48:21.0312 2516  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
16:48:21.0374 2516  KtmRm - ok
16:48:21.0437 2516  [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
16:48:21.0437 2516  L1C - ok
16:48:21.0530 2516  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
16:48:21.0593 2516  LanmanServer - ok
16:48:21.0624 2516  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:48:21.0686 2516  LanmanWorkstation - ok
16:48:21.0749 2516  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:48:21.0795 2516  lltdio - ok
16:48:21.0842 2516  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:48:21.0905 2516  lltdsvc - ok
16:48:21.0936 2516  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:48:21.0967 2516  lmhosts - ok
16:48:22.0045 2516  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:48:22.0045 2516  LMS - ok
16:48:22.0107 2516  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
16:48:22.0107 2516  LSI_FC - ok
16:48:22.0139 2516  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
16:48:22.0154 2516  LSI_SAS - ok
16:48:22.0170 2516  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
16:48:22.0170 2516  LSI_SAS2 - ok
16:48:22.0201 2516  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
16:48:22.0201 2516  LSI_SCSI - ok
16:48:22.0248 2516  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
16:48:22.0310 2516  luafv - ok
16:48:22.0373 2516  [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon   C:\windows\system32\drivers\mbamchameleon.sys
16:48:22.0388 2516  mbamchameleon - ok
16:48:22.0435 2516  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
16:48:22.0435 2516  MBAMProtector - ok
16:48:22.0497 2516  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:48:22.0513 2516  MBAMScheduler - ok
16:48:22.0575 2516  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:48:22.0591 2516  MBAMService - ok
16:48:22.0638 2516  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:48:22.0638 2516  Mcx2Svc - ok
16:48:22.0685 2516  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
16:48:22.0685 2516  megasas - ok
16:48:22.0700 2516  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
16:48:22.0716 2516  MegaSR - ok
16:48:22.0778 2516  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
16:48:22.0778 2516  MEIx64 - ok
16:48:22.0809 2516  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
16:48:22.0872 2516  MMCSS - ok
16:48:22.0903 2516  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
16:48:22.0965 2516  Modem - ok
16:48:22.0981 2516  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:48:23.0012 2516  monitor - ok
16:48:23.0028 2516  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:48:23.0043 2516  mouclass - ok
16:48:23.0090 2516  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\drivers\mouhid.sys
16:48:23.0121 2516  mouhid - ok
16:48:23.0153 2516  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:48:23.0168 2516  mountmgr - ok
16:48:23.0184 2516  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
16:48:23.0199 2516  mpio - ok
16:48:23.0199 2516  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:48:23.0246 2516  mpsdrv - ok
16:48:23.0277 2516  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:48:23.0340 2516  MpsSvc - ok
16:48:23.0355 2516  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:48:23.0402 2516  MRxDAV - ok
16:48:23.0433 2516  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:48:23.0480 2516  mrxsmb - ok
16:48:23.0496 2516  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:48:23.0511 2516  mrxsmb10 - ok
16:48:23.0527 2516  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:48:23.0527 2516  mrxsmb20 - ok
16:48:23.0558 2516  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
16:48:23.0558 2516  msahci - ok
16:48:23.0589 2516  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:48:23.0589 2516  msdsm - ok
16:48:23.0605 2516  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
16:48:23.0652 2516  MSDTC - ok
16:48:23.0699 2516  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:48:23.0730 2516  Msfs - ok
16:48:23.0745 2516  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:48:23.0808 2516  mshidkmdf - ok
16:48:23.0823 2516  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:48:23.0823 2516  msisadrv - ok
16:48:23.0886 2516  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:48:23.0948 2516  MSiSCSI - ok
16:48:23.0948 2516  msiserver - ok
16:48:23.0995 2516  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:48:24.0042 2516  MSKSSRV - ok
16:48:24.0057 2516  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:48:24.0089 2516  MSPCLOCK - ok
16:48:24.0089 2516  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:48:24.0135 2516  MSPQM - ok
16:48:24.0151 2516  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:48:24.0167 2516  MsRPC - ok
16:48:24.0182 2516  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
16:48:24.0198 2516  mssmbios - ok
16:48:24.0229 2516  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:48:24.0291 2516  MSTEE - ok
16:48:24.0323 2516  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
16:48:24.0323 2516  MTConfig - ok
16:48:24.0338 2516  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
16:48:24.0354 2516  Mup - ok
16:48:24.0385 2516  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
16:48:24.0447 2516  napagent - ok
16:48:24.0525 2516  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:48:24.0572 2516  NativeWifiP - ok
16:48:24.0619 2516  [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111028.002\ENG64.SYS
16:48:24.0619 2516  NAVENG - ok
16:48:24.0697 2516  [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111028.002\EX64.SYS
16:48:24.0744 2516  NAVEX15 - ok
16:48:24.0791 2516  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:48:24.0806 2516  NDIS - ok
16:48:24.0853 2516  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:48:24.0915 2516  NdisCap - ok
16:48:24.0947 2516  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:48:24.0978 2516  NdisTapi - ok
16:48:24.0993 2516  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:48:25.0040 2516  Ndisuio - ok
16:48:25.0071 2516  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:48:25.0118 2516  NdisWan - ok
16:48:25.0165 2516  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:48:25.0196 2516  NDProxy - ok
16:48:25.0196 2516  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:48:25.0259 2516  NetBIOS - ok
16:48:25.0259 2516  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:48:25.0290 2516  NetBT - ok
16:48:25.0305 2516  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
16:48:25.0321 2516  Netlogon - ok
16:48:25.0368 2516  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
16:48:25.0446 2516  Netman - ok
16:48:25.0446 2516  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
16:48:25.0493 2516  netprofm - ok
16:48:25.0524 2516  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:25.0539 2516  NetTcpPortSharing - ok
16:48:25.0571 2516  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
16:48:25.0571 2516  nfrd960 - ok
16:48:25.0649 2516  [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
16:48:25.0649 2516  NIS - ok
16:48:25.0695 2516  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:48:25.0742 2516  NlaSvc - ok
16:48:25.0758 2516  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:48:25.0789 2516  Npfs - ok
16:48:25.0820 2516  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
16:48:25.0867 2516  nsi - ok
16:48:25.0898 2516  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:48:25.0929 2516  nsiproxy - ok
16:48:25.0992 2516  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:48:26.0023 2516  Ntfs - ok
16:48:26.0039 2516  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
16:48:26.0070 2516  Null - ok
16:48:26.0132 2516  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:48:26.0148 2516  nvraid - ok
16:48:26.0195 2516  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:48:26.0210 2516  nvstor - ok
16:48:26.0226 2516  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:48:26.0241 2516  nv_agp - ok
16:48:26.0273 2516  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:48:26.0273 2516  ohci1394 - ok
16:48:26.0351 2516  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:26.0366 2516  ose - ok
16:48:26.0491 2516  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:48:26.0647 2516  osppsvc - ok
16:48:26.0678 2516  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:48:26.0709 2516  p2pimsvc - ok
16:48:26.0741 2516  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
16:48:26.0756 2516  p2psvc - ok
16:48:26.0772 2516  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
16:48:26.0787 2516  Parport - ok
16:48:26.0819 2516  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:48:26.0819 2516  partmgr - ok
16:48:26.0850 2516  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:48:26.0881 2516  PcaSvc - ok
16:48:26.0912 2516  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
16:48:26.0928 2516  pci - ok
16:48:26.0928 2516  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
16:48:26.0943 2516  pciide - ok
16:48:26.0959 2516  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
16:48:26.0975 2516  pcmcia - ok
16:48:26.0990 2516  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
16:48:27.0006 2516  pcw - ok
16:48:27.0021 2516  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:48:27.0084 2516  PEAUTH - ok
16:48:27.0146 2516  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:48:27.0177 2516  PerfHost - ok
16:48:27.0240 2516  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
16:48:27.0240 2516  PGEffect - ok
16:48:27.0302 2516  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
16:48:27.0365 2516  pla - ok
16:48:27.0443 2516  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:48:27.0474 2516  PlugPlay - ok
16:48:27.0521 2516  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:48:27.0552 2516  PNRPAutoReg - ok
16:48:27.0567 2516  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:48:27.0583 2516  PNRPsvc - ok
16:48:27.0614 2516  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:48:27.0677 2516  PolicyAgent - ok
16:48:27.0723 2516  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
16:48:27.0770 2516  Power - ok
16:48:27.0817 2516  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:48:27.0879 2516  PptpMiniport - ok
16:48:27.0895 2516  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
16:48:27.0926 2516  Processor - ok
16:48:27.0973 2516  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
16:48:28.0004 2516  ProfSvc - ok
16:48:28.0020 2516  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:48:28.0035 2516  ProtectedStorage - ok
16:48:28.0082 2516  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:48:28.0129 2516  Psched - ok
16:48:28.0191 2516  [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem          C:\windows\system32\DRIVERS\QIOMem.sys
16:48:28.0238 2516  QIOMem - ok
16:48:28.0316 2516  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
16:48:28.0363 2516  ql2300 - ok
16:48:28.0379 2516  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
16:48:28.0394 2516  ql40xx - ok
16:48:28.0425 2516  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
16:48:28.0441 2516  QWAVE - ok
16:48:28.0457 2516  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:48:28.0488 2516  QWAVEdrv - ok
16:48:28.0519 2516  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:48:28.0581 2516  RasAcd - ok
16:48:28.0628 2516  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:48:28.0659 2516  RasAgileVpn - ok
16:48:28.0675 2516  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
16:48:28.0737 2516  RasAuto - ok
16:48:28.0769 2516  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:48:28.0815 2516  Rasl2tp - ok
16:48:28.0831 2516  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
16:48:28.0878 2516  RasMan - ok
16:48:28.0893 2516  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:48:28.0956 2516  RasPppoe - ok
16:48:29.0003 2516  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:48:29.0065 2516  RasSstp - ok
16:48:29.0081 2516  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:48:29.0143 2516  rdbss - ok
16:48:29.0159 2516  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
16:48:29.0190 2516  rdpbus - ok
16:48:29.0221 2516  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:48:29.0268 2516  RDPCDD - ok
16:48:29.0299 2516  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:48:29.0361 2516  RDPENCDD - ok
16:48:29.0377 2516  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:48:29.0408 2516  RDPREFMP - ok
16:48:29.0439 2516  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:48:29.0455 2516  RDPWD - ok
16:48:29.0486 2516  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:48:29.0502 2516  rdyboost - ok
16:48:29.0549 2516  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:48:29.0627 2516  RemoteAccess - ok
16:48:29.0658 2516  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:48:29.0689 2516  RemoteRegistry - ok
16:48:29.0705 2516  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:48:29.0751 2516  RpcEptMapper - ok
16:48:29.0783 2516  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
16:48:29.0798 2516  RpcLocator - ok
16:48:29.0892 2516  [ 6684437F3628EF237C354F77D33426D1 ] rpcnet          C:\windows\SysWOW64\rpcnet.exe
16:48:29.0892 2516  rpcnet - ok
16:48:29.0954 2516  [ F4402AFE7F512904D05D657FE16F8BE0 ] rpcnetp         C:\windows\System32\rpcnetp.exe
16:48:29.0985 2516  rpcnetp ( UnsignedFile.Multi.Generic ) - warning
16:48:29.0985 2516  rpcnetp - detected UnsignedFile.Multi.Generic (1)
16:48:30.0032 2516  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\System32\rpcss.dll
16:48:30.0079 2516  RpcSs - ok
16:48:30.0095 2516  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:48:30.0126 2516  rspndr - ok
16:48:30.0188 2516  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
16:48:30.0188 2516  RSUSBSTOR - ok
16:48:30.0235 2516  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\windows\system32\Drivers\RTSUVSTOR.sys
16:48:30.0251 2516  RSUSBVSTOR - ok
16:48:30.0329 2516  [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce       C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:48:30.0344 2516  RTL8192Ce - ok
16:48:30.0360 2516  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
16:48:30.0360 2516  SamSs - ok
16:48:30.0391 2516  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:48:30.0407 2516  sbp2port - ok
16:48:30.0438 2516  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:48:30.0469 2516  SCardSvr - ok
16:48:30.0485 2516  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:48:30.0547 2516  scfilter - ok
16:48:30.0594 2516  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
16:48:30.0656 2516  Schedule - ok
16:48:30.0687 2516  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:48:30.0734 2516  SCPolicySvc - ok
16:48:30.0750 2516  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:48:30.0781 2516  SDRSVC - ok
16:48:30.0828 2516  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:48:30.0890 2516  secdrv - ok
16:48:30.0921 2516  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
16:48:30.0953 2516  seclogon - ok
16:48:30.0984 2516  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
16:48:31.0031 2516  SENS - ok
16:48:31.0077 2516  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:48:31.0109 2516  SensrSvc - ok
16:48:31.0155 2516  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
16:48:31.0187 2516  Serenum - ok
16:48:31.0202 2516  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
16:48:31.0233 2516  Serial - ok
16:48:31.0249 2516  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
16:48:31.0265 2516  sermouse - ok
16:48:31.0296 2516  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
16:48:31.0358 2516  SessionEnv - ok
16:48:31.0374 2516  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:48:31.0389 2516  sffdisk - ok
16:48:31.0421 2516  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:48:31.0452 2516  sffp_mmc - ok
16:48:31.0467 2516  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:48:31.0514 2516  sffp_sd - ok
16:48:31.0530 2516  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
16:48:31.0561 2516  sfloppy - ok
16:48:31.0623 2516  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
16:48:31.0639 2516  Sftfs - ok
16:48:31.0717 2516  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:48:31.0733 2516  sftlist - ok
16:48:31.0764 2516  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
16:48:31.0764 2516  Sftplay - ok
16:48:31.0795 2516  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
16:48:31.0795 2516  Sftredir - ok
16:48:31.0811 2516  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
16:48:31.0811 2516  Sftvol - ok
16:48:31.0857 2516  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:48:31.0873 2516  sftvsa - ok
16:48:31.0935 2516  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:48:31.0982 2516  SharedAccess - ok
16:48:32.0013 2516  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:48:32.0060 2516  ShellHWDetection - ok
16:48:32.0091 2516  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
16:48:32.0107 2516  SiSRaid2 - ok
16:48:32.0138 2516  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
16:48:32.0154 2516  SiSRaid4 - ok
16:48:32.0247 2516  [ 7C70691D01181E3F441C6B9D429D24CC ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:48:32.0263 2516  SkypeUpdate - ok
16:48:32.0279 2516  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:48:32.0325 2516  Smb - ok
16:48:32.0403 2516  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:48:32.0435 2516  SNMPTRAP - ok
16:48:32.0481 2516  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
16:48:32.0481 2516  spldr - ok
16:48:32.0528 2516  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
16:48:32.0544 2516  Spooler - ok
16:48:32.0606 2516  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
16:48:32.0715 2516  sppsvc - ok
16:48:32.0747 2516  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:48:32.0778 2516  sppuinotify - ok
16:48:32.0856 2516  [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP           C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
16:48:32.0871 2516  SRTSP - ok
16:48:32.0903 2516  [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX          C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
16:48:32.0903 2516  SRTSPX - ok
16:48:32.0934 2516  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
16:48:32.0996 2516  srv - ok
16:48:33.0012 2516  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:48:33.0059 2516  srv2 - ok
16:48:33.0105 2516  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\windows\system32\DRIVERS\VSTAZL6.SYS
16:48:33.0105 2516  SrvHsfHDA - ok
16:48:33.0152 2516  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\windows\system32\DRIVERS\VSTDPV6.SYS
16:48:33.0199 2516  SrvHsfV92 - ok
16:48:33.0246 2516  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\windows\system32\DRIVERS\VSTCNXT6.SYS
16:48:33.0277 2516  SrvHsfWinac - ok
16:48:33.0308 2516  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:48:33.0324 2516  srvnet - ok
16:48:33.0386 2516  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:48:33.0449 2516  SSDPSRV - ok
16:48:33.0464 2516  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:48:33.0495 2516  SstpSvc - ok
16:48:33.0527 2516  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
16:48:33.0527 2516  stexstor - ok
16:48:33.0589 2516  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
16:48:33.0605 2516  stisvc - ok
16:48:33.0620 2516  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
16:48:33.0636 2516  swenum - ok
16:48:33.0698 2516  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
16:48:33.0761 2516  swprv - ok
16:48:33.0792 2516  [ 6160145C7A87FC7672E8E3B886888176 ] SymDS           C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
16:48:33.0807 2516  SymDS - ok
16:48:33.0839 2516  [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA          C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
16:48:33.0854 2516  SymEFA - ok
16:48:33.0885 2516  [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
16:48:33.0901 2516  SymEvent - ok
16:48:33.0932 2516  [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON         C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
16:48:33.0932 2516  SymIRON - ok
16:48:33.0963 2516  [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS         C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
16:48:33.0979 2516  SymNetS - ok
16:48:34.0057 2516  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:48:34.0088 2516  SynTP - ok
16:48:34.0135 2516  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
16:48:34.0197 2516  SysMain - ok
16:48:34.0213 2516  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:48:34.0244 2516  TabletInputService - ok
16:48:34.0291 2516  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
16:48:34.0338 2516  TapiSrv - ok
16:48:34.0369 2516  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
16:48:34.0400 2516  TBS - ok
16:48:34.0478 2516  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:48:34.0525 2516  Tcpip - ok
16:48:34.0541 2516  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:48:34.0572 2516  TCPIP6 - ok
16:48:34.0619 2516  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:48:34.0634 2516  tcpipreg - ok
16:48:34.0681 2516  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
16:48:34.0697 2516  tdcmdpst - ok
16:48:34.0712 2516  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:48:34.0743 2516  TDPIPE - ok
16:48:34.0790 2516  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:48:34.0806 2516  TDTCP - ok
16:48:34.0837 2516  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:48:34.0868 2516  tdx - ok
16:48:34.0884 2516  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
16:48:34.0884 2516  TermDD - ok
16:48:34.0931 2516  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
16:48:34.0993 2516  TermService - ok
16:48:35.0009 2516  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
16:48:35.0024 2516  Themes - ok
16:48:35.0055 2516  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
16:48:35.0087 2516  THREADORDER - ok
16:48:35.0133 2516  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:48:35.0149 2516  TMachInfo - ok
16:48:35.0180 2516  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
16:48:35.0180 2516  TODDSrv - ok
16:48:35.0274 2516  [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:48:35.0289 2516  TosCoSrv - ok
16:48:35.0336 2516  [ D0F868A67CB4D817A3F7ABEF8C42F49C ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:48:35.0352 2516  TOSHIBA eco Utility Service - ok
16:48:35.0383 2516  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:48:35.0399 2516  TOSHIBA HDD SSD Alert Service - ok
16:48:35.0461 2516  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
16:48:35.0477 2516  tos_sps64 - ok
16:48:35.0523 2516  [ D65C6B0C070534336B72005391B6168A ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:48:35.0555 2516  TPCHSrv - ok
16:48:35.0570 2516  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
16:48:35.0617 2516  TrkWks - ok
16:48:35.0664 2516  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:48:35.0711 2516  TrustedInstaller - ok
16:48:35.0726 2516  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:48:35.0742 2516  tssecsrv - ok
16:48:35.0773 2516  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:48:35.0789 2516  TsUsbFlt - ok
16:48:35.0804 2516  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
16:48:35.0820 2516  TsUsbGD - ok
16:48:35.0867 2516  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:48:35.0913 2516  tunnel - ok
16:48:35.0960 2516  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:48:35.0960 2516  TVALZ - ok
16:48:36.0007 2516  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
16:48:36.0007 2516  TVALZFL - ok
16:48:36.0023 2516  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
16:48:36.0038 2516  uagp35 - ok
16:48:36.0069 2516  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:48:36.0132 2516  udfs - ok
16:48:36.0163 2516  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:48:36.0179 2516  UI0Detect - ok
16:48:36.0194 2516  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:48:36.0210 2516  uliagpkx - ok
16:48:36.0225 2516  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
16:48:36.0257 2516  umbus - ok
16:48:36.0288 2516  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
16:48:36.0303 2516  UmPass - ok
16:48:36.0444 2516  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:48:36.0506 2516  UNS - ok
16:48:36.0553 2516  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
16:48:36.0615 2516  upnphost - ok
16:48:36.0647 2516  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:48:36.0662 2516  usbccgp - ok
16:48:36.0709 2516  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:48:36.0725 2516  usbcir - ok
16:48:36.0740 2516  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
16:48:36.0771 2516  usbehci - ok
16:48:36.0803 2516  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:48:36.0834 2516  usbhub - ok
16:48:36.0849 2516  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:48:36.0881 2516  usbohci - ok
16:48:36.0943 2516  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:48:36.0974 2516  usbprint - ok
16:48:37.0021 2516  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
16:48:37.0021 2516  usbscan - ok
16:48:37.0068 2516  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:48:37.0083 2516  USBSTOR - ok
16:48:37.0130 2516  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:48:37.0146 2516  usbuhci - ok
16:48:37.0208 2516  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
16:48:37.0208 2516  usbvideo - ok
16:48:37.0239 2516  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
16:48:37.0286 2516  UxSms - ok
16:48:37.0317 2516  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
16:48:37.0317 2516  VaultSvc - ok
16:48:37.0333 2516  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:48:37.0333 2516  vdrvroot - ok
16:48:37.0395 2516  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
16:48:37.0458 2516  vds - ok
16:48:37.0520 2516  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:48:37.0520 2516  vga - ok
16:48:37.0536 2516  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
16:48:37.0598 2516  VgaSave - ok
16:48:37.0614 2516  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:48:37.0629 2516  vhdmp - ok
16:48:37.0645 2516  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
16:48:37.0661 2516  viaide - ok
16:48:37.0676 2516  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:48:37.0692 2516  volmgr - ok
16:48:37.0723 2516  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:48:37.0739 2516  volmgrx - ok
16:48:37.0739 2516  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:48:37.0754 2516  volsnap - ok
16:48:37.0770 2516  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
16:48:37.0785 2516  vsmraid - ok
16:48:37.0832 2516  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
16:48:37.0910 2516  VSS - ok
16:48:37.0941 2516  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:48:37.0973 2516  vwifibus - ok
16:48:38.0004 2516  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:48:38.0035 2516  vwififlt - ok
16:48:38.0066 2516  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:48:38.0082 2516  vwifimp - ok
16:48:38.0129 2516  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
16:48:38.0160 2516  W32Time - ok
16:48:38.0191 2516  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
16:48:38.0222 2516  WacomPen - ok
16:48:38.0238 2516  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:48:38.0300 2516  WANARP - ok
16:48:38.0300 2516  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:48:38.0331 2516  Wanarpv6 - ok
16:48:38.0409 2516  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:48:38.0441 2516  WatAdminSvc - ok
16:48:38.0487 2516  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
16:48:38.0534 2516  wbengine - ok
16:48:38.0565 2516  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:48:38.0581 2516  WbioSrvc - ok
16:48:38.0597 2516  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:48:38.0643 2516  wcncsvc - ok
16:48:38.0690 2516  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:48:38.0690 2516  WcsPlugInService - ok
16:48:38.0721 2516  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
16:48:38.0737 2516  Wd - ok
16:48:38.0768 2516  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:48:38.0784 2516  Wdf01000 - ok
16:48:38.0815 2516  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:48:38.0846 2516  WdiServiceHost - ok
16:48:38.0862 2516  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:48:38.0877 2516  WdiSystemHost - ok
16:48:38.0893 2516  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
16:48:38.0940 2516  WebClient - ok
16:48:38.0971 2516  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:48:39.0018 2516  Wecsvc - ok
16:48:39.0049 2516  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:48:39.0080 2516  wercplsupport - ok
16:48:39.0127 2516  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
16:48:39.0158 2516  WerSvc - ok
16:48:39.0189 2516  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:48:39.0221 2516  WfpLwf - ok
16:48:39.0236 2516  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:48:39.0236 2516  WIMMount - ok
16:48:39.0267 2516  WinDefend - ok
16:48:39.0283 2516  WinHttpAutoProxySvc - ok
16:48:39.0330 2516  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:48:39.0377 2516  Winmgmt - ok
16:48:39.0423 2516  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
16:48:39.0486 2516  WinRM - ok
16:48:39.0548 2516  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:48:39.0564 2516  WinUsb - ok
16:48:39.0611 2516  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
16:48:39.0657 2516  Wlansvc - ok
16:48:39.0735 2516  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:48:39.0735 2516  wlcrasvc - ok
16:48:39.0860 2516  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:39.0923 2516  wlidsvc - ok
16:48:39.0985 2516  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
16:48:40.0016 2516  WmiAcpi - ok
16:48:40.0047 2516  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:48:40.0079 2516  wmiApSrv - ok
16:48:40.0125 2516  WMPNetworkSvc - ok
16:48:40.0141 2516  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:48:40.0157 2516  WPCSvc - ok
16:48:40.0172 2516  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:48:40.0203 2516  WPDBusEnum - ok
16:48:40.0235 2516  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:48:40.0266 2516  ws2ifsl - ok
16:48:40.0281 2516  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
16:48:40.0328 2516  wscsvc - ok
16:48:40.0328 2516  WSearch - ok
16:48:40.0406 2516  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
16:48:40.0453 2516  wuauserv - ok
16:48:40.0484 2516  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:48:40.0515 2516  WudfPf - ok
16:48:40.0547 2516  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:48:40.0578 2516  WUDFRd - ok
16:48:40.0609 2516  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:48:40.0640 2516  wudfsvc - ok
16:48:40.0687 2516  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
16:48:40.0718 2516  WwanSvc - ok
16:48:40.0749 2516  ================ Scan global ===============================
16:48:40.0781 2516  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:48:40.0796 2516  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:48:40.0812 2516  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:48:40.0843 2516  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:48:40.0859 2516  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:48:40.0874 2516  [Global] - ok
16:48:40.0874 2516  ================ Scan MBR ==================================
16:48:40.0874 2516  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
16:48:41.0810 2516  \Device\Harddisk0\DR0 - ok
16:48:41.0810 2516  ================ Scan VBR ==================================
16:48:41.0841 2516  [ 4EB1E2B90BED742042FAA8A67B61B3EC ] \Device\Harddisk0\DR0\Partition1
16:48:41.0841 2516  \Device\Harddisk0\DR0\Partition1 - ok
16:48:41.0841 2516  ============================================================
16:48:41.0841 2516  Scan finished
16:48:41.0841 2516  ============================================================
16:48:41.0857 2508  Detected object count: 2
16:48:41.0857 2508  Actual detected object count: 2
16:49:11.0840 2508  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:11.0840 2508  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:11.0840 2508  rpcnetp ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:11.0840 2508  rpcnetp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 

 

Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted

Roguekiller went smoothly:

 

RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : lucy's [Admin rights]
Mode : Remove -- Date : 08/18/2013 16:55:54
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : GarminExpressTrayApp ("C:\Users\lucy's\Desktop\Garmin\Express Tray\ExpressTray.exe" [7]) -> DELETED
[RUN][sUSP PATH] HKUS\S-1-5-21-1889665631-2126717968-3753671527-1000\[...]\Run : GarminExpressTrayApp ("C:\Users\lucy's\Desktop\Garmin\Express Tray\ExpressTray.exe" [7]) -> [0x2] The system cannot find the file specified. 
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : DE4EB219-C26F-41C4-9A5E-681C0D8532EE (cmd.exe /C start /D "C:\Users\lucy's\AppData\Local\Temp" /B DE4EB219-C26F-41C4-9A5E-681C0D8532EE.exe -activeimages -postboot [x][-][x]) -> DELETED
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : 8FF45D5D-3CF0-446C-A829-9B77FE2568A4 (cmd.exe /C start /D "C:\Users\lucy's\AppData\Local\Temp" /B 8FF45D5D-3CF0-446C-A829-9B77FE2568A4.exe -activeimages -postboot [x][-][x]) -> DELETED
[sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 07357328 (C:\windows\system32\drivers\91459253.sys [x]) -> DELETED
[sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 52299872 (C:\windows\system32\drivers\87827551.sys [x]) -> DELETED
[sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 07357328 (C:\windows\system32\drivers\91459253.sys [x]) -> [0x3] The system cannot find the path specified. 
[sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 52299872 (C:\windows\system32\drivers\87827551.sys [x]) -> [0x3] The system cannot find the path specified. 
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 442aaa6927b31297461e6f5031d50495
[bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594921 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221472256 | Size: 14058 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_08182013_165554.txt >>
RKreport[0]_S_08182013_165546.txt
Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted

alright went into regular windows and still running slow.  Tried to go into control alt delete menu to see what processes were running and when I clicked to performance it went to CPU 99% and everything hung up.  Things were running really sluggish.  I manually powered down and came through safe mode w networking.  How are the logs looking?

 

Did TDS Killer work even though I couldn't get it to work perfectly?  Should I try running it again?

 

Thanks again!  This forum is the best.  Thanks! 

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Please read these steps thoroughly before proceeding.

download Malwarebytes Anti-Rootkit (MBAR) from here http://downloads.malwarebytes.org/file/mbar and save it to your desktop.

•Be sure to print out and follow the instructions provided on that same page.

•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

•Doubleclick on the MBAR file you downloaded.

•Approve the UAC prompt in Vista and newer operating systems.

•Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.

•By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next'.

•Click the 'Scan' button.

A.With some infections, you may see two messages boxes.

1.'Could not load protection driver'. Click 'OK'.

2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

----------------

Please monitor the scan. If during the scan you see a message that says this:

"could not be remediated because backup file is not available"

Do NOT click Cleanup when it becomes available, but rather click Exit, and provide the same logs as requested below.

-----------------

•If malware is found, click the 'Cleanup' button with the above mentioned exception.

Once the system restore point is created and the cleanup is scheduled, a 'Reboot required' message will appear.

Click 'Yes' and allow the computer to reboot.

Once back in Windows, run mbar.exe once again to ensure all previously detected items have been removed, and no additional threats found.

Please send all logs which were generated.

Link to post
Share on other sites
wallysurfr

wallysurfr

Posted
  • Author
Posted
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

System is currently in a safe mode

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16660

 

Java version: 1.6.0_20

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 4240293888, free: 3513856000

 

Could not load protection driver

Downloaded database version: v2013.08.19.05

Initializing...

------------ Kernel report ------------

     08/19/2013 17:34:06

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\NISx64\1207020.003\SYMDS64.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\system32\DRIVERS\tos_sps64.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\QIOMem.sys

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\SysWOW64\ntdll.dll

\Windows\System32\wow64.dll

\Windows\System32\wow64win.dll

\Windows\System32\wow64cpu.dll

\Windows\System32\kernel32.dll

\Windows\SysWOW64\kernel32.dll

\Windows\System32\kernel32.dll

\Windows\System32\user32.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800573d410

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80049a1050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800573d410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800573e040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800573d410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80049a1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 4E59E2AF

 

Partition information:

 

    Partition 0 type is Other (0x27)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 3072000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 3074048  Numsec = 1218398208

 

    Partition 2 type is HIDDEN (0x17)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1221472256  Numsec = 28790784

    Partition is not bootable

Hidden partition VBR is not infected.

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 640135028736 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Done!

Scan finished
Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello

I want you to run things in selective startup, this will help pinpoint the type of problem it is

1. push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)

2. In the Open box, type msconfig and then click OK. The System Configuration Utility appears.

3. Click the "services" tab.

4. Put a checkmark in "hide all Microsofts services".

5. Uncheck anything that is left.

6. click on the "startup" tab

7. uncheck all under this tab

8. click on the apply button

Restat the computer and see how things are doing, If things are doing better then repeat the process but this time start with the services and start by adding the first half back and apply the changes

If things go bad again then you know the problem is in the services that you restarted and you can keep searching untill you find the one it is

if you restart all the services and things are still ok then go back and do the same thing for the startup programs

Gringo

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.