Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirection of links and lots of pop-ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirection of links and lots of pop-ups

Unread postby u0717211 » September 9th, 2014, 12:25 am

Any time I use the internet I encounter a lot of popups. My computer runs much slower than normal, and any link from one page to another brings a pop up with it. The overall speed of all of my computer programs has slowed down considerably. It is to the point where I can barely use the internet.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
Run by tayweb at 22:13:40 on 2014-09-08
Microsoft Windows 8.1 6.3.9600.0.1252.1.1033.18.5582.2284 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\System32\skydrive.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\tayweb\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
C:\Users\tayweb\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE ... psv=&pt=tb
uWindow Title = Internet Explorer provided by TOSHIBA
mWindow Title = Internet Explorer provided by TOSHIBA
mWinlogon: Userinit = userinit.exe
BHO: Browser_AppS 1.1: {11111111-1111-1111-1111-110611031146} - C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho.dll
BHO: easytoosHopp: {2A27600F-EF5E-FBB6-037A-49B8C9887AF1} - C:\ProgramData\easytoosHopp\KPyX.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: grEAtsaVing: {918D19D2-3556-40A8-1067-BC8A0554087D} - C:\ProgramData\grEAtsaVing\qAL9tFg0nd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
BHO: topbuyyer: {F45E0396-51FF-D92C-B0D9-4D2D3F4D968E} - C:\ProgramData\topbuyyer\UYXNks0.dll
BHO: unicoupons: {F6791CC9-80D1-18AF-D1B4-C01B687BF6BB} - C:\ProgramData\unicoupons\NLoEklnv.dll
TB: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_4B534D2853F8AE4650317E2DD1CF4E30] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [fst_us_148] <no file>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{70772629-E937-4F07-B461-ECD641C559BB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{70772629-E937-4F07-B461-ECD641C559BB}\24561636863796465602651636164796F6E6022556E64716C637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{70772629-E937-4F07-B461-ECD641C559BB}\2656C6B696E6E2667303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{70772629-E937-4F07-B461-ECD641C559BB}\3456E647572797C496E6B603234363 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{70772629-E937-4F07-B461-ECD641C559BB}\76162727564747B69736862796374756E63756E6 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{70772629-E937-4F07-B461-ECD641C559BB}\E4544574541425 : DHCPNameServer = 192.168.1.1
AppInit_DLLs= c:\progra~3\fastan~1\fastan~1.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-BHO: Browser_AppS 1.1: {11111111-1111-1111-1111-110611031146} - C:\Program Files (x86)\Browser_AppS 1.1\Browser_AppS 1.1-bho64.dll
x64-BHO: easytoosHopp: {2A27600F-EF5E-FBB6-037A-49B8C9887AF1} - C:\ProgramData\easytoosHopp\KPyX.x64.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: grEAtsaVing: {918D19D2-3556-40A8-1067-BC8A0554087D} - C:\ProgramData\grEAtsaVing\qAL9tFg0nd.x64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-BHO: topbuyyer: {F45E0396-51FF-D92C-B0D9-4D2D3F4D968E} - C:\ProgramData\topbuyyer\UYXNks0.x64.dll
x64-BHO: unicoupons: {F6791CC9-80D1-18AF-D1B4-C01B687BF6BB} - C:\ProgramData\unicoupons\NLoEklnv.x64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
x64-Run: [TSSSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2013-12-25 39768]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2013-9-21 499096]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2014-4-14 157016]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\Windows\System32\drivers\NATx64\010A000.009\ccSetx64.sys [2013-12-27 150104]
R2 64af91bf;Fast And Safe;C:\Windows\System32\rundll32.exe [2013-8-22 52736]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2013-8-30 99328]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-9-12 239616]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-9-5 166296]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\drivers\appexDrv.sys [2013-9-21 219360]
R2 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-9-10 19792]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-7-16 235008]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [2013-12-27 232424]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe [2014-8-17 276376]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-8-9 328544]
R3 AmdAS4;AmdAS4 service;C:\Windows\System32\drivers\AmdAS4.sys [2013-9-12 17504]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdWB6.sys [2013-9-12 138240]
R3 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R3 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1505000.013\ccsetx64.sys [2014-8-17 162392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-27 137648]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2013-9-21 9216]
R3 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140122.001\IDSviA64.sys [2014-1-22 521944]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-9-21 329944]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\drivers\Rt630x64.sys [2013-9-21 816344]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2013-8-22 2945240]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-9-12 30448]
R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1505000.013\symds64.sys [2014-8-17 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1505000.013\symefa64.sys [2014-8-17 1148120]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1505000.013\ironx64.sys [2014-8-17 264280]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1505000.013\symnets.sys [2014-8-17 593112]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-9-21 58536]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-7-10 68608]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-7-10 68608]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-14 111616]
S3 lfsvc;Windows Location Framework Service;C:\Windows\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\Windows\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\Windows\System32\drivers\refs.sys [2014-4-14 924504]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2013-12-25 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2013-12-25 57176]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2013-8-22 26976]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2014-5-21 123224]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-5-21 347880]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2013-8-22 37768]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\drivers\WSDScan.sys [2013-8-22 23040]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\drivers\WUDFRd.sys [2014-8-17 227840]
S4 SymELAM;Symantec ELAM Driver;C:\Windows\System32\drivers\NISx64\1505000.013\symelam.sys [2014-8-17 23568]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-09-07 22:26:12 -------- d-----w- C:\ProgramData\SaveItCoupons
2014-09-07 03:44:13 -------- d-----w- C:\Users\tayweb\AppData\Local\AskPartnerNetwork
2014-09-07 03:44:11 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2014-09-07 03:44:11 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2014-09-07 03:44:04 -------- d-----w- C:\ProgramData\APN
2014-09-07 03:41:52 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-07 00:45:17 -------- d-----w- C:\ProgramData\unicoupons
2014-09-07 00:43:37 -------- d-----w- C:\ProgramData\nfdmmccpjkgfcociijhohgekgllebcpp
2014-09-04 00:11:27 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-09-02 22:12:26 262312 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
2014-09-02 21:48:20 -------- d-----w- C:\ProgramData\grEAtsaVing
2014-09-02 21:36:34 4148224 ----a-w- C:\Windows\System32\win32k.sys
2014-09-02 21:36:33 1336624 ----a-w- C:\Windows\System32\gdi32.dll
2014-09-02 21:36:33 1064448 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-25 21:34:25 26419488 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-08-25 21:34:24 25693720 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-08-21 03:59:20 697856 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-21 03:59:19 527360 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-21 03:59:15 918528 ----a-w- C:\Windows\System32\MrmCoreR.dll
2014-08-17 22:50:08 206848 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-08-17 22:50:03 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-17 22:50:03 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-17 22:45:44 16871936 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2014-08-17 22:42:59 -------- d-----w- C:\ProgramData\easytoosHopp
2014-08-17 21:43:45 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1505000.013\symnets.sys
2014-08-17 21:43:44 875736 ----a-w- C:\Windows\System32\drivers\NISx64\1505000.013\srtsp64.sys
2014-08-17 21:43:44 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\symds64.sys
2014-08-17 21:43:44 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\srtspx64.sys
2014-08-17 21:43:44 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\ironx64.sys
2014-08-17 21:43:44 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1505000.013\symelam.sys
2014-08-17 21:43:44 162392 ----a-w- C:\Windows\System32\drivers\NISx64\1505000.013\ccsetx64.sys
2014-08-17 21:43:44 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1505000.013\symefa64.sys
2014-08-17 21:43:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1505000.013
.
==================== Find3M ====================
.
2014-09-09 01:45:18 65536 ----a-w- C:\Windows\System32\spu_storage.bin
2014-08-17 22:44:17 233912 ----a-w- C:\Windows\System32\mfps.dll
2014-08-17 21:45:59 428888 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-08-17 21:44:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-17 21:44:30 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-17 21:44:26 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-17 21:44:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-17 21:44:26 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-17 21:44:25 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-17 21:44:24 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-17 21:44:22 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-17 21:44:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-17 21:44:21 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-02 00:17:43 704480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-02 00:17:43 105440 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-15 18:16:27 3048880 ----a-w- C:\Windows\System32\WpcMon.exe
2014-07-15 08:29:16 3118080 ----a-w- C:\Windows\System32\Wpc.dll
2014-07-15 08:22:59 2861056 ----a-w- C:\Windows\System32\WpcWebSync.dll
2014-07-15 08:03:50 2344448 ----a-w- C:\Windows\SysWow64\Wpc.dll
2014-07-12 04:17:55 623616 ----a-w- C:\Windows\System32\MDMAgent.exe
2014-07-12 02:45:06 161792 ----a-w- C:\Windows\System32\wbem\MDMAppProv.dll
2014-07-12 02:35:08 418816 ----a-w- C:\Windows\System32\wbem\MDMSettingsProv.dll
2014-07-10 04:16:37 716800 ----a-w- C:\Windows\System32\SkyDriveTelemetry.dll
2014-07-10 04:03:58 4756992 ----a-w- C:\Windows\System32\SyncEngine.dll
2014-07-10 03:33:41 1120256 ----a-w- C:\Windows\System32\SkyDrive.exe
2014-06-28 07:07:52 385536 ----a-w- C:\Windows\System32\devinv.dll
2014-06-20 01:48:19 1273184 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-06-19 23:52:15 710144 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-16 22:26:43 779264 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 22:24:45 834048 ----a-w- C:\Windows\System32\osk.exe
2014-06-13 01:15:21 517528 ----a-w- C:\Windows\System32\dxgi.dll
2014-06-13 01:14:52 1557848 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-13 00:10:45 406400 ----a-w- C:\Windows\SysWow64\dxgi.dll
.
============= FINISH: 22:14:40.30 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8.1
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2013 8:30:10 AM
System Uptime: 9/5/2014 5:42:58 PM (77 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics | Socket FT1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 397.317 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP29: 8/6/2014 10:18:38 AM - Installed iTunes
RP30: 9/2/2014 4:34:07 PM - Windows Update
RP31: 9/6/2014 9:40:39 PM - Installed Java 7 Update 67
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.07) MUI
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Quick Stream
AMD Start Now
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 3
Bonjour
Browser_AppS 1.1
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Classic Shell
DTS Sound
easytoosHopp
Fast And Safe
Google Chrome
Google Drive
Google Earth Plug-in
grEAtsaVing
iTunes
Java 7 Update 51 (64-bit)
Java 7 Update 67
Java Auto Updater
King Oddball
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft XNA Framework Redistributable 4.0
Norton Anti-Theft
Norton Internet Security
OEM Application Profile
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
SaveItCoupons
Search App by Ask
Synaptics Pointing Device Driver
topbuyyer
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Audio Enhancement
Toshiba Book Place
TOSHIBA eco Utility
TOSHIBA Function Key
TOSHIBA Password Utility
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Start
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
unicoupons
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
.
==== Event Viewer Messages From Past Week ========
.
9/8/2014 8:30:59 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.62. The computer with the IP address 192.168.1.42 did not allow the name to be claimed by this computer.
9/5/2014 5:43:01 PM, Error: Microsoft-Windows-HAL [13] - The system watchdog timer was triggered.
.
==== End Of File ===========================
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm
Advertisement
Register to Remove

Re: Redirection of links and lots of pop-ups

Unread postby Cypher » September 14th, 2014, 7:24 am

Hi u0717211.
Sorry for the long delay, somehow your topic has been overlooked.
Do you still need help?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirection of links and lots of pop-ups

Unread postby u0717211 » September 15th, 2014, 1:41 am

Yes, I'm still experiencing difficulty in the way described previously.
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and lots of pop-ups

Unread postby Cypher » September 15th, 2014, 5:14 am

Hi u0717211, welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • Now click on Create.
  • Give the new restore point a name like "Start Fix", then click Create again.
  • Now click OK.

Next.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me, there are a few things to do so just take your time.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.


Uninstall programs

  • From the top or bottom right corner... a widget panel appears, select Settings.
  • Select, click Control Panel to open.
  • Depending on your current view setting ...
    • Double click on Programs and Features.
      or
    • Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    Adobe Reader XI (11.0.07) MUI
    Browser_AppS 1.1
    easytoosHopp
    Fast And Safe
    grEAtsaVing
    Java 7 Update 51 (64-bit)
    SaveItCoupons
    Search App by Ask
    topbuyyer
    unicoupons
  • Select the program and click on Uninstall to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  • Repeat steps 4 - 5 for each program in the list. When finished... Close the Control Panel window.

Now reboot your computer.

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  • Then click Finish.
  • You'll see an alert that "Databases out of date" Click the "Update Now" button.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirection of links and lots of pop-ups

Unread postby u0717211 » September 16th, 2014, 1:11 am

Here is my Malwarebytes log. Is this the right log? I quarantined some items but the log says no threats were detected.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/15/2014
Scan Time: 9:39:53 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.16.02
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: tayweb

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312820
Time Elapsed: 30 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

And my Adw Cleaner Log

# AdwCleaner v3.310 - Report created 15/09/2014 at 22:44:17
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : tayweb - TDIDDY
# Running from : C:\Users\tayweb\AppData\Local\Microsoft\Windows\INetCache\IE\PKJBUP9H\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\SaveItCoupons
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\tayweb\AppData\Local\globalUpdate
Folder Deleted : C:\Users\tayweb\AppData\Local\Temp\apn
Folder Deleted : C:\Users\tayweb\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Users\tayweb\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\tayweb\AppData\Roaming\aps.uninstall.scan.results

***** [ Scheduled Tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Key Deleted : HKLM\SOFTWARE\Classes\eaasyytoesshoopp.eaasyytoesshoopp
Key Deleted : HKLM\SOFTWARE\Classes\eaasyytoesshoopp.eaasyytoesshoopp.1.8
Key Deleted : HKLM\SOFTWARE\Classes\GreatsaviNg.GreatsaviNg
Key Deleted : HKLM\SOFTWARE\Classes\GreatsaviNg.GreatsaviNg.8.3
Key Deleted : HKLM\SOFTWARE\Classes\unicoupons.unicoupons
Key Deleted : HKLM\SOFTWARE\Classes\unicoupons.unicoupons.2.0
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A27600F-EF5E-FBB6-037A-49B8C9887AF1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{918D19D2-3556-40A8-1067-BC8A0554087D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6791CC9-80D1-18AF-D1B4-C01B687BF6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A27600F-EF5E-FBB6-037A-49B8C9887AF1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{918D19D2-3556-40A8-1067-BC8A0554087D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6791CC9-80D1-18AF-D1B4-C01B687BF6BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A27600F-EF5E-FBB6-037A-49B8C9887AF1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{918D19D2-3556-40A8-1067-BC8A0554087D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F6791CC9-80D1-18AF-D1B4-C01B687BF6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2A27600F-EF5E-FBB6-037A-49B8C9887AF1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{918D19D2-3556-40A8-1067-BC8A0554087D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6791CC9-80D1-18AF-D1B4-C01B687BF6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2A27600F-EF5E-FBB6-037A-49B8C9887AF1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{918D19D2-3556-40A8-1067-BC8A0554087D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F6791CC9-80D1-18AF-D1B4-C01B687BF6BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Google Chrome v

[ File : C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : kbohmgpeabkdiinjpgnadfceebineoig
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [6405 octets] - [15/09/2014 22:28:07]
AdwCleaner[S0].txt - [5821 octets] - [15/09/2014 22:44:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5881 octets] ##########

Then my FRST Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by tayweb (administrator) on TDIDDY on 15-09-2014 22:51:10
Running from C:\Users\tayweb\AppData\Local\Microsoft\Windows\INetCache\IE\8QKJPCQ7
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-444850313-4093084663-149680862-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-444850313-4093084663-149680862-1001\...\Run: [GoogleChromeAutoLaunch_4B534D2853F8AE4650317E2DD1CF4E30] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKLM - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL =
SearchScopes: HKCU - {BE6FDA0B-3592-4971-9879-5DACE7F1C60B} URL = http://www.search.ask.com/web?tpid=ORJ- ... &pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.15.5.30&apn_uid=1FC733E6-67EE-43B7-B6AA-E4B67E2270DE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=new_chrome.exe_0_36.0.1985.125&doi=2014-09-07&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-12-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Google Search) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (Browser_AppS 1.1) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Gmail) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-25] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140122.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140122.003\ENG64.SYS [126040 2013-12-25] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140122.003\EX64.SYS [2099288 2013-12-25] (Symantec Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-08-23] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-21] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 22:50 - 2014-09-15 22:51 - 00000000 ____D () C:\FRST
2014-09-15 22:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-15 22:26 - 2014-09-15 22:44 - 00000000 ____D () C:\AdwCleaner
2014-09-15 21:38 - 2014-09-15 21:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 21:38 - 2014-09-15 21:38 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 21:37 - 2014-09-15 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 21:37 - 2014-09-15 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 21:37 - 2014-09-15 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 21:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-15 21:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 21:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 21:36 - 2014-09-15 21:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\tayweb\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-15 18:04 - 2014-09-15 18:04 - 04057608 _____ () C:\Users\tayweb\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-15 18:04 - 2014-09-15 18:04 - 00002262 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-15 18:04 - 2014-09-15 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-15 18:04 - 2014-09-15 18:04 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-15 13:58 - 2014-08-15 19:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 13:58 - 2014-08-15 19:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 13:58 - 2014-08-15 19:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 13:58 - 2014-08-15 19:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 13:58 - 2014-08-15 19:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 13:58 - 2014-08-15 19:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 13:58 - 2014-08-15 19:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 13:58 - 2014-08-15 19:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 13:58 - 2014-08-15 19:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 13:58 - 2014-08-15 19:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 13:58 - 2014-08-15 18:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 13:57 - 2014-08-15 20:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 13:57 - 2014-08-15 20:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 13:57 - 2014-08-15 20:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 13:57 - 2014-08-15 20:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 13:57 - 2014-08-15 19:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 13:57 - 2014-08-15 19:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 13:57 - 2014-08-15 19:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 13:57 - 2014-08-15 19:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 13:57 - 2014-08-15 19:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 13:57 - 2014-08-15 19:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 13:57 - 2014-08-15 19:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 13:57 - 2014-08-15 18:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 13:57 - 2014-08-15 18:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 13:57 - 2014-08-15 18:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 13:57 - 2014-08-15 18:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 13:57 - 2014-08-15 18:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 13:57 - 2014-08-15 18:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 13:57 - 2014-08-15 18:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 13:57 - 2014-08-15 18:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 13:57 - 2014-08-15 18:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 13:57 - 2014-08-15 18:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 13:57 - 2014-08-15 18:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 13:57 - 2014-08-15 18:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 13:57 - 2014-08-15 18:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 12:03 - 2014-08-01 18:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-13 12:02 - 2014-07-23 21:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-13 12:02 - 2014-07-23 21:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-13 11:48 - 2014-09-13 11:49 - 00848304 _____ () C:\Windows\Minidump\091314-24562-01.dmp
2014-09-09 08:48 - 2014-09-09 08:49 - 00686368 _____ () C:\Windows\Minidump\090914-27750-01.dmp
2014-09-08 22:14 - 2014-09-08 22:14 - 00024147 _____ () C:\Users\tayweb\Desktop\dds.txt
2014-09-08 22:14 - 2014-09-08 22:14 - 00004404 _____ () C:\Users\tayweb\Desktop\attach.txt
2014-09-08 22:13 - 2014-09-08 22:13 - 00688992 ____R (Swearware) C:\Users\tayweb\Downloads\dds (1).scr
2014-09-08 22:08 - 2014-09-08 22:08 - 00688992 _____ (Swearware) C:\Users\tayweb\Downloads\dds.scr
2014-09-07 16:32 - 2014-09-07 16:32 - 00895120 _____ (Google Inc.) C:\Users\tayweb\Downloads\ChromeSetup (3).exe
2014-09-07 16:27 - 2014-09-08 20:31 - 00001927 _____ () C:\Users\tayweb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\new_chrome - Shortcut.lnk
2014-09-07 16:26 - 2014-09-08 20:31 - 00001863 _____ () C:\Users\tayweb\Desktop\Google Chrome.lnk
2014-09-06 21:41 - 2014-09-06 21:41 - 00004624 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-06 21:41 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-06 21:41 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-06 21:41 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-06 21:41 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-06 21:40 - 2014-09-06 21:40 - 00918440 _____ (Oracle Corporation) C:\Users\tayweb\Downloads\chromeinstall-7u67.exe
2014-09-06 21:39 - 2014-09-06 21:39 - 00895120 _____ (Google Inc.) C:\Users\tayweb\Downloads\ChromeSetup (2).exe
2014-09-06 21:33 - 2014-09-06 21:33 - 00895120 _____ (Google Inc.) C:\Users\tayweb\Downloads\ChromeSetup (1).exe
2014-09-06 21:32 - 2014-09-06 21:32 - 00895120 _____ (Google Inc.) C:\Users\tayweb\Downloads\ChromeSetup.exe
2014-09-06 18:43 - 2014-09-06 18:43 - 00000000 ____D () C:\ProgramData\nfdmmccpjkgfcociijhohgekgllebcpp
2014-09-05 17:52 - 2014-09-05 17:52 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-02 15:36 - 2014-08-22 18:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-02 15:36 - 2014-08-06 20:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 15:36 - 2014-08-01 21:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-25 22:03 - 2014-08-25 22:03 - 03192320 _____ () C:\Users\tayweb\Downloads\Chapter R.ppt
2014-08-20 21:59 - 2014-08-06 16:38 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-20 21:59 - 2014-08-01 23:44 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-20 21:59 - 2014-08-01 21:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-17 16:51 - 2014-06-19 19:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 16:51 - 2014-06-19 17:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-17 16:51 - 2014-06-12 19:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-17 16:51 - 2014-06-12 19:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 16:51 - 2014-06-12 18:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-17 16:51 - 2014-06-06 05:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-17 16:50 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 16:50 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 16:50 - 2014-05-31 00:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-17 16:46 - 2014-07-15 12:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-17 16:46 - 2014-07-15 02:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-17 16:46 - 2014-07-15 02:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-17 16:46 - 2014-07-15 02:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-17 16:46 - 2014-07-09 22:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-17 16:46 - 2014-07-09 22:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-17 16:46 - 2014-07-09 21:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-17 16:46 - 2014-05-13 01:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-17 16:46 - 2014-05-12 23:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-17 16:46 - 2014-05-12 22:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-17 16:46 - 2014-05-12 22:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-17 16:46 - 2014-05-12 21:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-17 16:46 - 2014-05-12 21:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-17 16:46 - 2014-05-03 05:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-17 16:46 - 2014-05-03 03:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-17 16:46 - 2014-05-02 23:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-17 16:46 - 2014-05-02 23:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-17 16:46 - 2014-05-02 23:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-17 16:46 - 2014-05-02 23:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-17 16:46 - 2014-05-02 22:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-17 16:46 - 2014-05-02 22:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-17 16:46 - 2014-05-02 22:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-17 16:46 - 2014-05-02 17:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-17 16:46 - 2014-04-30 23:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-17 16:46 - 2014-04-30 00:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-17 16:46 - 2014-04-30 00:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-17 16:46 - 2014-04-30 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-17 16:46 - 2014-04-30 00:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-17 16:46 - 2014-04-29 23:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-17 16:46 - 2014-04-29 22:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-17 16:46 - 2014-04-29 22:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-17 16:46 - 2014-04-29 22:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-17 16:46 - 2014-04-29 22:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-17 16:46 - 2014-04-29 22:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-17 16:46 - 2014-04-29 22:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-17 16:46 - 2014-04-29 21:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-17 16:46 - 2014-04-29 21:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-17 16:46 - 2014-04-29 21:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-17 16:46 - 2014-04-29 21:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-17 16:46 - 2014-04-29 21:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-17 16:46 - 2014-04-29 21:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-17 16:46 - 2014-04-28 16:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-17 16:46 - 2014-04-26 16:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-17 16:46 - 2014-04-26 14:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-17 16:46 - 2014-04-26 10:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-17 16:46 - 2014-04-14 03:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-17 16:46 - 2014-04-14 02:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-17 16:46 - 2014-04-13 23:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-17 16:46 - 2014-04-09 00:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-17 16:46 - 2014-04-08 23:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-17 16:45 - 2014-07-11 22:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-17 16:45 - 2014-06-05 08:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-17 16:45 - 2014-06-05 07:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-17 16:45 - 2014-06-04 03:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 16:45 - 2014-06-03 23:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 16:45 - 2014-06-03 23:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 16:45 - 2014-06-03 22:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 16:45 - 2014-06-03 22:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 16:45 - 2014-06-03 20:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 16:45 - 2014-06-03 20:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 16:45 - 2014-06-01 20:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-17 16:45 - 2014-05-31 04:07 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-17 16:45 - 2014-05-31 04:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-17 16:45 - 2014-05-31 04:07 - 00419672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-17 16:45 - 2014-05-31 04:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-17 16:45 - 2014-05-31 04:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-17 16:45 - 2014-05-31 00:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-17 16:45 - 2014-05-31 00:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-17 16:45 - 2014-05-31 00:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-17 16:45 - 2014-05-30 22:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-17 16:45 - 2014-05-30 22:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-17 16:45 - 2014-05-30 22:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-17 16:45 - 2014-05-27 09:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-17 16:45 - 2014-05-27 03:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-17 16:45 - 2014-05-27 03:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-17 16:45 - 2014-05-16 22:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-17 16:45 - 2014-05-16 22:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 22:51 - 2014-09-15 22:50 - 00000000 ____D () C:\FRST
2014-09-15 22:49 - 2014-01-14 12:02 - 00000000 ____D () C:\Users\tayweb\AppData\Roaming\ClassicShell
2014-09-15 22:49 - 2013-09-21 19:18 - 01949634 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 22:48 - 2014-01-07 20:13 - 00000000 ___RD () C:\Users\tayweb\Google Drive
2014-09-15 22:47 - 2013-12-25 10:57 - 00000000 ___DO () C:\Users\tayweb\SkyDrive
2014-09-15 22:47 - 2013-09-21 19:52 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 22:47 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 22:46 - 2013-09-12 21:14 - 00042928 _____ () C:\Windows\PFRO.log
2014-09-15 22:46 - 2013-08-22 07:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-09-15 22:44 - 2014-09-15 22:26 - 00000000 ____D () C:\AdwCleaner
2014-09-15 22:42 - 2013-12-25 10:34 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{43896C46-6ED1-4AAC-9E8E-3030293305A3}
2014-09-15 22:34 - 2013-12-25 09:36 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-444850313-4093084663-149680862-1001
2014-09-15 22:03 - 2013-09-21 19:52 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 22:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-15 21:38 - 2014-09-15 21:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 21:38 - 2014-09-15 21:38 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 21:38 - 2014-09-15 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 21:38 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-15 21:37 - 2014-09-15 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 21:37 - 2014-09-15 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 21:36 - 2014-09-15 21:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\tayweb\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-15 21:33 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-15 21:15 - 2014-01-11 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 21:12 - 2014-01-11 11:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-15 21:12 - 2013-12-25 09:30 - 00000000 ____D () C:\Users\tayweb
2014-09-15 21:11 - 2014-07-31 18:25 - 00000000 ____D () C:\ProgramData\fadb5000b04225e
2014-09-15 21:05 - 2013-09-12 21:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-15 20:59 - 2014-04-24 17:42 - 00000000 ____D () C:\Users\tayweb\AppData\Local\CrashDumps
2014-09-15 18:04 - 2014-09-15 18:04 - 04057608 _____ () C:\Users\tayweb\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-15 18:04 - 2014-09-15 18:04 - 00002262 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-15 18:04 - 2014-09-15 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-15 18:04 - 2014-09-15 18:04 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-15 17:58 - 2014-04-12 13:25 - 02234368 ___SH () C:\Users\tayweb\Downloads\Thumbs.db
2014-09-15 16:32 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-15 13:53 - 2013-09-12 21:25 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 00:13 - 2013-09-21 19:18 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-09-15 00:13 - 2013-08-22 08:46 - 00023742 _____ () C:\Windows\setupact.log
2014-09-13 11:49 - 2014-09-13 11:48 - 00848304 _____ () C:\Windows\Minidump\091314-24562-01.dmp
2014-09-13 11:48 - 2014-04-10 11:03 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 11:48 - 2014-04-10 11:02 - 542394446 _____ () C:\Windows\MEMORY.DMP
2014-09-09 08:49 - 2014-09-09 08:48 - 00686368 _____ () C:\Windows\Minidump\090914-27750-01.dmp
2014-09-09 08:48 - 2013-08-22 09:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-08 22:14 - 2014-09-08 22:14 - 00024147 _____ () C:\Users\tayweb\Desktop\dds.txt
2014-09-08 22:14 - 2014-09-08 22:14 - 00004404 _____ () C:\Users\tayweb\Desktop\attach.txt
2014-09-08 22:13 - 2014-09-08 22:13 - 00688992 ____R (Swearware) C:\Users\tayweb\Downloads\dds (1).scr
2014-09-08 22:08 - 2014-09-08 22:08 - 00688992 _____ (Swearware) C:\Users\tayweb\Downloads\dds.scr
2014-09-08 20:31 - 2014-09-07 16:27 - 00001927 _____ () C:\Users\tayweb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\new_chrome - Shortcut.lnk
2014-09-08 20:31 - 2014-09-07 16:26 - 00001863 _____ () C:\Users\tayweb\Desktop\Google Chrome.lnk
2014-09-08 13:02 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache
2014-09-07 16:32 - 2014-09-07 16:32 - 00895120 _____ (Google Inc.) C:\Users\tayweb\Downloads\ChromeSetup (3).exe
2014-09-06 21:42 - 2014-01-22 21:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 21:41 - 2014-09-06 21:41 - 00004624 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-06 21:41 - 2014-01-22 21:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-06 21:40 - 2014-09-06 21:40 - 00918440 _____ (Oracle Corporation) C:\Users\tayweb\Downloads\chromeinstall-7u67.exe
2014-09-06 21:39 - 2014-09-06 21:39 - 00895120 _____ (Google Inc.) C:\Users\tayweb\Downloads\ChromeSetup (2).exe
2014-09-06 21:33 - 2014-09-06 21:33 - 00895120 _____ (Google Inc.) C:\Users\tayweb\Downloads\ChromeSetup (1).exe
2014-09-06 21:32 - 2014-09-06 21:32 - 00895120 _____ (Google Inc.) C:\Users\tayweb\Downloads\ChromeSetup.exe
2014-09-06 18:43 - 2014-09-06 18:43 - 00000000 ____D () C:\ProgramData\nfdmmccpjkgfcociijhohgekgllebcpp
2014-09-05 18:14 - 2014-03-23 22:50 - 00113152 ___SH () C:\Users\tayweb\Documents\Thumbs.db
2014-09-05 17:52 - 2014-09-05 17:52 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-05 17:48 - 2013-12-28 19:45 - 00124416 ___SH () C:\Users\tayweb\Desktop\Thumbs.db
2014-09-05 17:47 - 2013-09-21 19:49 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-05 17:47 - 2013-09-21 19:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-05 17:47 - 2013-09-21 19:48 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-05 17:44 - 2013-08-22 08:44 - 00373288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-05 17:40 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-05 17:40 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-05 17:40 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-09-05 17:40 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\FileManager
2014-09-05 17:40 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\Camera
2014-09-02 16:36 - 2014-07-17 16:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-02 14:06 - 2013-08-22 09:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 14:06 - 2013-08-22 09:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-25 22:03 - 2014-08-25 22:03 - 03192320 _____ () C:\Users\tayweb\Downloads\Chapter R.ppt
2014-08-22 18:42 - 2014-09-02 15:36 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 16:44 - 2013-12-25 22:59 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-17 15:45 - 2014-06-11 22:00 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

Some content of TEMP:
====================
C:\Users\tayweb\AppData\Local\Temp\APNSetup.exe
C:\Users\tayweb\AppData\Local\Temp\Compete_setup.exe
C:\Users\tayweb\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\tayweb\AppData\Local\Temp\optprosetup.exe
C:\Users\tayweb\AppData\Local\Temp\ose00000.exe
C:\Users\tayweb\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-03 18:24

==================== End Of Log ============================

And lastly, my Addition Log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by tayweb at 2014-09-15 22:53:50
Running from C:\Users\tayweb\AppData\Local\Microsoft\Windows\INetCache\IE\8QKJPCQ7
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AMD Start Now (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

06-08-2014 16:18:38 Installed iTunes
02-09-2014 22:34:07 Windows Update
07-09-2014 03:40:39 Installed Java 7 Update 67
15-09-2014 19:48:49 Windows Update
16-09-2014 00:00:32 Start Fix

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0AAD7C23-1B80-40FD-90D8-ABA60B40A7A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-15] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D887059-9683-41FB-8949-25858DFFBD4E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1C06A7E5-7850-4FD3-A26E-410DDD2AE970} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {25117C2D-B5FA-4DDA-BF5C-17D9B32EF8D4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {2A589662-5217-4C5F-BCB9-F85EB5160F86} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E648E60-0A4C-4A52-9779-F49D1B3C187D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {620AECB8-BF1D-445B-81B0-6D5ACD0DD82D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AD563D8-17EC-4122-AC41-7680EA8F3924} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E8BF76A-45F5-4A80-A341-49FB368255FA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {94BAA4E2-E6D8-41F3-B234-6DC7BDB1CC34} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9563FCBC-EF91-4669-8052-69BFBC9CFA74} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9BD77BD6-B760-415C-BDED-7F25674F700A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-23] (Synaptics Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A540EEAF-903E-40EB-B08C-7FE907B23158} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {A85A4382-C212-4470-80F9-A81220AE080E} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {AC9C2BE4-BDC6-46C6-8A16-D5828EB0B948} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D255E493-1FBD-46DD-8547-8897AC0796CE} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F1CFE016-B532-48C6-83A0-F14A6B2A2E3D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {FC6AE7E8-ADCE-453D-A269-C2355C305236} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 20:47 - 2013-08-30 20:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-10 13:54 - 2013-09-10 13:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-15 22:47 - 2014-09-15 22:47 - 00098816 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32api.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00110080 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\pywintypes27.dll
2014-09-15 22:47 - 2014-09-15 22:47 - 00364544 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\pythoncom27.dll
2014-09-15 22:47 - 2014-09-15 22:47 - 00045568 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\_socket.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 01160704 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\_ssl.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00320512 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32com.shell.shell.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00713216 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\_hashlib.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 01175040 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\wx._core_.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00805888 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\wx._gdi_.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00811008 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\wx._windows_.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 01062400 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\wx._controls_.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00735232 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\wx._misc_.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00128512 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\_elementtree.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00127488 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\pyexpat.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00557056 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\pysqlite2._sqlite.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00007168 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\hashobjs_ext.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00087552 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\_ctypes.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00119808 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32file.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00108544 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32security.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00018432 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32event.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00038912 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32inet.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00070656 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\wx._html2.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00167936 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32gui.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00011264 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32crypt.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00027136 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\_multiprocessing.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00122368 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\wx._wizard.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00010240 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\select.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00024064 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32pipe.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00686080 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\unicodedata.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00025600 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32pdh.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00525640 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\windows._lib_cacheinvalidation.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00035840 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32process.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00017408 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32profile.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00022528 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\win32ts.pyd
2014-09-15 22:47 - 2014-09-15 22:47 - 00078336 _____ () C:\Users\tayweb\AppData\Local\Temp\_MEI27042\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\tayweb\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2014 10:48:09 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/15/2014 10:24:43 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/15/2014 09:21:00 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/15/2014 08:59:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Toolbar.exe, version: 21.9.0.1064, time stamp: 0x53f23547
Faulting module name: so.dll_unloaded, version: 21.9.0.1064, time stamp: 0x53f2353d
Exception code: 0xc0000005
Fault offset: 0x00004200
Faulting process id: 0x107c
Faulting application start time: 0xToolbar.exe0
Faulting application path: Toolbar.exe1
Faulting module path: Toolbar.exe2
Report Id: Toolbar.exe3
Faulting package full name: Toolbar.exe4
Faulting package-relative application ID: Toolbar.exe5

Error: (09/15/2014 08:59:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Toolbar.exe, version: 21.9.0.1064, time stamp: 0x53f23547
Faulting module name: so.dll_unloaded, version: 21.9.0.1064, time stamp: 0x53f2353d
Exception code: 0xc0000005
Fault offset: 0x00004200
Faulting process id: 0x13e0
Faulting application start time: 0xToolbar.exe0
Faulting application path: Toolbar.exe1
Faulting module path: Toolbar.exe2
Report Id: Toolbar.exe3
Faulting package full name: Toolbar.exe4
Faulting package-relative application ID: Toolbar.exe5

Error: (09/15/2014 06:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Toolbar.exe, version: 21.9.0.1064, time stamp: 0x53f23547
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53086d7c
Exception code: 0xc0000005
Fault offset: 0x00016d61
Faulting process id: 0x107c
Faulting application start time: 0xToolbar.exe0
Faulting application path: Toolbar.exe1
Faulting module path: Toolbar.exe2
Report Id: Toolbar.exe3
Faulting package full name: Toolbar.exe4
Faulting package-relative application ID: Toolbar.exe5

Error: (09/15/2014 06:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Toolbar.exe, version: 21.9.0.1064, time stamp: 0x53f23547
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53086d7c
Exception code: 0xc0000005
Fault offset: 0x00016d61
Faulting process id: 0x13e0
Faulting application start time: 0xToolbar.exe0
Faulting application path: Toolbar.exe1
Faulting module path: Toolbar.exe2
Report Id: Toolbar.exe3
Faulting package full name: Toolbar.exe4
Faulting package-relative application ID: Toolbar.exe5

Error: (09/15/2014 04:30:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: atidxx32.dll, version: 8.17.10.519, time stamp: 0x52212a54
Exception code: 0xc0000005
Fault offset: 0x00072e57
Faulting process id: 0xca0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (09/15/2014 02:07:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ca4

Start Time: 01cfd11ff6bf4ee4

Termination Time: 4294967295

Application Path: C:\Windows\syswow64\wwahost.exe

Report Id: ea633303-3d13-11e4-827f-008cfa733796

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (09/15/2014 01:53:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: da0

Start Time: 01cfcf7b19149335

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e75f1e72-3d11-11e4-827f-008cfa733796

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (09/15/2014 09:18:07 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (09/15/2014 09:15:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB2976978).

Error: (09/15/2014 09:15:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB2975719).

Error: (09/15/2014 02:13:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (09/13/2014 11:49:30 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xffffe001206ae880, 0xfffff80270a2f930, 0xffffe0011fc02010)C:\Windows\MEMORY.DMP091314-24562-01

Error: (09/13/2014 11:48:23 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (09/13/2014 11:48:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:31:42 PM on ‎9/‎10/‎2014 was unexpected.

Error: (09/13/2014 11:48:21 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT AUTHORITY)
Description: 32212254731132128

Error: (09/09/2014 08:49:06 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xffffe0005688b060, 0xfffff802737df930, 0xffffe0005750a600)C:\Windows\MEMORY.DMP090914-27750-01

Error: (09/09/2014 08:47:53 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 5582.26 MB
Available physical RAM: 4137.08 MB
Total Pagefile: 11214.26 MB
Available Pagefile: 9453.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (TI10673700F) (Fixed) (Total:456.45 GB) (Free:390.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and lots of pop-ups

Unread postby Cypher » September 16th, 2014, 6:29 am

Hi u0717211,
Here is my Malwarebytes log. Is this the right log? I quarantined some items but the log says no threats were detected.

If you quarantined some items it should of shown what they were in the log, please check to see if Malwarebytes saved any other logs.
If it has post the log where the entries were quarantined.

  • Start MBAM... Press the History icon on the top panel.
  • From the left side select the option:

      Application Logs
  • Double click on the requested (by date) log... the log display automatically. (Do not use the Select box)
  • When viewing the log, press the Copy to Clipboard button.
  • Please copy and paste viewed log contents in your next reply.
    Be sure to post the complete log... including the top portion showing MBAM's database version and your operating system.
  • Exit MBAM when done.
Using the default History Settings ... Log files can be found in these locations:
Windows Vista, Win 7, Win 8 or 8.1: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

Next.

The next thing i need you to do is move FRST.exe to your desktop, you have saved it to another location.
Running from C:\Users\tayweb\AppData\Local\Microsoft\Windows\INetCache\IE\8QKJPCQ7


Once you have moved FRST.exe to your desktop continue with the following.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    SearchScopes: HKCU - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL =
    SearchScopes: HKCU - {BE6FDA0B-3592-4971-9879-5DACE7F1C60B} URL = http://www.search.ask.com/web?tpid=ORJ- ... &pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.15.5.30&apn_uid=1FC733E6-67EE-43B7-B6AA-E4B67E2270DE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=new_chrome.exe_0_36.0.1985.125&doi=2014-09-07&trgb=IE&q={searchTerms}&psv=&pt=tb
    CHR Extension: (Browser_AppS 1.1) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg [2014-09-05]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\ProgramData\nfdmmccpjkgfcociijhohgekgllebcpp
    C:\Users\tayweb\AppData\Local\Temp\APNSetup.exe
    C:\Users\tayweb\AppData\Local\Temp\Compete_setup.exe
    C:\Users\tayweb\AppData\Local\Temp\ConsumerInputSetup.exe
    C:\Users\tayweb\AppData\Local\Temp\optprosetup.exe
    C:\Users\tayweb\AppData\Local\Temp\ose00000.exe
    C:\Users\tayweb\AppData\Local\Temp\Quarantine.exe
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe as filename fixlist.txt.
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • Malwarebytes log if found.
  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirection of links and lots of pop-ups

Unread postby u0717211 » September 18th, 2014, 2:36 pm

So I found the logs on Malwarebytes but it was the same one I posted before that said no malicious threats were found. Stuff was quarantined so I must have missed a step during the initial scan to not save the log properly. Sorry about that.

Here is my FRST log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by tayweb at 2014-09-18 12:16:25 Run:1
Running from C:\Users\tayweb\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {46CF69E2-52E7-49A1-876C-EB39B13879C9} URL =
SearchScopes: HKCU - {BE6FDA0B-3592-4971-9879-5DACE7F1C60B} URL = http://www.search.ask.com/web?tpid=ORJ- ... &pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.15.5.30&apn_uid=1FC733E6-67EE-43B7-B6AA-E4B67E2270DE&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=new_chrome.exe_0_36.0.1985.125&doi=2014-09-07&trgb=IE&q={searchTerms}&psv=&pt=tb
CHR Extension: (Browser_AppS 1.1) - C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg [2014-09-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\nfdmmccpjkgfcociijhohgekgllebcpp
C:\Users\tayweb\AppData\Local\Temp\APNSetup.exe
C:\Users\tayweb\AppData\Local\Temp\Compete_setup.exe
C:\Users\tayweb\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\tayweb\AppData\Local\Temp\optprosetup.exe
C:\Users\tayweb\AppData\Local\Temp\ose00000.exe
C:\Users\tayweb\AppData\Local\Temp\Quarantine.exe

EmptyTemp:
CMD: ipconfig /flushdns

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46CF69E2-52E7-49A1-876C-EB39B13879C9}" => Key deleted successfully.
"HKCR\CLSID\{46CF69E2-52E7-49A1-876C-EB39B13879C9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE6FDA0B-3592-4971-9879-5DACE7F1C60B}" => Key deleted successfully.
"HKCR\CLSID\{BE6FDA0B-3592-4971-9879-5DACE7F1C60B}" => Key not found.
C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\nfdmmccpjkgfcociijhohgekgllebcpp => Moved successfully.
C:\Users\tayweb\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\tayweb\AppData\Local\Temp\Compete_setup.exe => Moved successfully.
C:\Users\tayweb\AppData\Local\Temp\ConsumerInputSetup.exe => Moved successfully.
C:\Users\tayweb\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\tayweb\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\tayweb\AppData\Local\Temp\Quarantine.exe => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 2.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

My computer is running much better. I still have a few pop-ups but it is at least 80% better than before. It runs much quicker than before when it was nearly impossible to surf the internet. I can now get to this website without any problems. The pop-ups may be just typical pop-ups that aren't indicative of a larger problem.
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and lots of pop-ups

Unread postby Cypher » September 19th, 2014, 5:33 am

Hi u0717211,
Don't worry about the Malwarebytes log.
My computer is running much better

That's good to hear.
I still have a few pop-ups but it is at least 80% better than before.

Which browser/browsers are affected, more than one? let me know in your next reply.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Logs/Information to Post in your Next Reply

  • Which browser/browsers are affected by pop-ups?
  • zoek-results.log
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirection of links and lots of pop-ups

Unread postby u0717211 » September 21st, 2014, 11:22 pm

I am not quite sure what happened but it seems like my computer has gotten worse over the last couple days. I pretty much only use Google Chrome but have used internet explorer too. On both browsers I get a lot of pop-ups in new screens and new tabs. Links have again been re-directing me to different pages. I also get a strange pop-up with no ads that says something like "there has been a virus detected, call this toll free number for help."

Here is my Zoek Results


Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by tayweb on Fri 09/19/2014 at 13:49:56.68.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\tayweb\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

9/19/2014 1:51:15 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\tayweb\AppData\LocalLow\{2A27600F-EF5E-FBB6-037A-49B8C9887AF1} deleted
C:\Users\tayweb\AppData\LocalLow\{F45E0396-51FF-D92C-B0D9-4D2D3F4D968E} deleted
C:\Users\tayweb\AppData\Local\Packages\windows_ie_ac_001\AC\{2A27600F-EF5E-FBB6-037A-49B8C9887AF1} deleted
C:\Users\tayweb\AppData\Local\Packages\windows_ie_ac_001\AC\{F45E0396-51FF-D92C-B0D9-4D2D3F4D968E} deleted
C:\PROGRA~3\fadb5000b04225e deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\tayweb\AppData\Local\nst988B.tmp deleted
C:\Users\tayweb\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\1e955.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF" [12/25/2013 11:04 PM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Google Voice Search Hotword (Beta) - tayweb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Chromium Fix ======================

C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"
"Default_Secondary_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Secondary Start Pages"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Secondary Start Pages"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{46CF69E2-52E7-49A1-876C-EB39B13879C9}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{46CF69E2-52E7-49A1-876C-EB39B13879C9} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF07604E-C860-40E9-A230-E37FA41F103A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tayweb\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tayweb\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=42 folders=24 23051206 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\tayweb\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\tayweb\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 09/21/2014 at 14:50:29.64 ======================
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and lots of pop-ups

Unread postby Cypher » September 22nd, 2014, 5:05 am

Hi,
Run another scan with Malwarebytes' Anti-Malware for me.

  • Launch Malwarebytes then click Update Now.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • The log is like UtilityName.Version_Date_Time_log.txt. for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • Post the contents of that log in your next reply please.

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • TDSSKiller log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirection of links and lots of pop-ups

Unread postby u0717211 » September 23rd, 2014, 12:55 am

Ok, here is my Malwarebytes Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/22/2014
Scan Time: 10:01:04 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.23.02
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: tayweb

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305391
Time Elapsed: 17 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Superfish.A, C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [af5f6c857902280e84e477acf60d32ce],
PUP.Optional.Superfish.A, C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [07072bc62d4ede5863051013f310f50b],

Physical Sectors: 0
(No malicious items detected)


(end)


And my TDS Log

22:44:32.0343 0x0ddc TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
22:44:32.0343 0x0ddc UEFI system
22:44:36.0636 0x0ddc ============================================================
22:44:36.0636 0x0ddc Current date / time: 2014/09/22 22:44:36.0636
22:44:36.0636 0x0ddc SystemInfo:
22:44:36.0636 0x0ddc
22:44:36.0636 0x0ddc OS Version: 6.3.9600 ServicePack: 0.0
22:44:36.0636 0x0ddc Product type: Workstation
22:44:36.0636 0x0ddc ComputerName: TDIDDY
22:44:36.0637 0x0ddc UserName: tayweb
22:44:36.0637 0x0ddc Windows directory: C:\Windows
22:44:36.0637 0x0ddc System windows directory: C:\Windows
22:44:36.0637 0x0ddc Running under WOW64
22:44:36.0637 0x0ddc Processor architecture: Intel x64
22:44:36.0637 0x0ddc Number of processors: 4
22:44:36.0637 0x0ddc Page size: 0x1000
22:44:36.0637 0x0ddc Boot type: Normal boot
22:44:36.0637 0x0ddc ============================================================
22:44:38.0328 0x0ddc KLMD registered as C:\Windows\system32\drivers\65122656.sys
22:44:39.0219 0x0ddc System UUID: {DA6777A1-CC07-1CCA-6B03-70D8C0288689}
22:44:40.0255 0x0ddc Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:44:40.0264 0x0ddc ============================================================
22:44:40.0264 0x0ddc \Device\Harddisk0\DR0:
22:44:40.0265 0x0ddc GPT partitions:
22:44:40.0265 0x0ddc \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {03B7E17B-AF08-11E4-A24E-D8EDBCE1572C}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x200000
22:44:40.0265 0x0ddc \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {03B7E183-AF08-11E4-A24E-D8EDBCE1572C}, Name: Basic data partition, StartLBA 0x200800, BlocksNum 0x32000
22:44:40.0265 0x0ddc \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {03B7E185-AF08-11E4-A24E-D8EDBCE1572C}, Name: Basic data partition, StartLBA 0x232800, BlocksNum 0x40000
22:44:40.0266 0x0ddc \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {03B7E18D-AF08-11E4-A24E-D8EDBCE1572C}, Name: Basic data partition, StartLBA 0x272800, BlocksNum 0x390E8800
22:44:40.0266 0x0ddc \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {150F2401-2333-11E3-B548-008CFA733796}, Name: Basic data partition, StartLBA 0x3935B000, BlocksNum 0x102B000
22:44:40.0266 0x0ddc MBR partitions:
22:44:40.0266 0x0ddc ============================================================
22:44:40.0282 0x0ddc C: <-> \Device\Harddisk0\DR0\Partition4
22:44:40.0282 0x0ddc ============================================================
22:44:40.0282 0x0ddc Initialize success
22:44:40.0282 0x0ddc ============================================================
22:45:41.0337 0x09fc ============================================================
22:45:41.0337 0x09fc Scan started
22:45:41.0337 0x09fc Mode: Manual;
22:45:41.0337 0x09fc ============================================================
22:45:41.0337 0x09fc KSN ping started
22:45:43.0896 0x09fc KSN ping finished: true
22:45:45.0997 0x09fc ================ Scan system memory ========================
22:45:45.0998 0x09fc System memory - ok
22:45:45.0999 0x09fc ================ Scan services =============================
22:45:47.0492 0x09fc [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
22:45:47.0505 0x09fc 1394ohci - ok
22:45:47.0575 0x09fc [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
22:45:47.0581 0x09fc 3ware - ok
22:45:47.0650 0x09fc [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:45:47.0678 0x09fc ACPI - ok
22:45:47.0700 0x09fc [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
22:45:47.0705 0x09fc acpiex - ok
22:45:47.0719 0x09fc [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
22:45:47.0722 0x09fc acpipagr - ok
22:45:47.0732 0x09fc [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
22:45:47.0735 0x09fc AcpiPmi - ok
22:45:47.0766 0x09fc [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
22:45:47.0769 0x09fc acpitime - ok
22:45:47.0876 0x09fc [ AECB490016EE078BD66E94E0F2039B79, D7B90A137D52CA5116472D932029EFE8673F590E8D32F2CD99AF0F9465A6EFF2 ] AdaptiveSleepService C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
22:45:47.0881 0x09fc AdaptiveSleepService - ok
22:45:48.0080 0x09fc [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
22:45:48.0114 0x09fc ADP80XX - ok
22:45:48.0174 0x09fc [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:45:48.0184 0x09fc AeLookupSvc - ok
22:45:48.0352 0x09fc [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\Windows\system32\drivers\afd.sys
22:45:48.0421 0x09fc AFD - ok
22:45:48.0644 0x09fc [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:45:48.0699 0x09fc agp440 - ok
22:45:48.0746 0x09fc [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
22:45:48.0751 0x09fc ahcache - ok
22:45:48.0808 0x09fc [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\Windows\System32\alg.exe
22:45:48.0813 0x09fc ALG - ok
22:45:48.0890 0x09fc [ 13AE8D986A8D61FBAFAF5CD3F8B3B89C, 2FE02A9E974EAC0D7E7E4E454A56EAA2CFE9B6E78CA97716F5BB725AAF5E5594 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:45:48.0900 0x09fc AMD External Events Utility - ok
22:45:48.0927 0x09fc [ C0A486A51FDE02E22E8D5E5544479825, 9C476AAAD4BE8C5D5AD9F90078ADDD7420D38F0B1901763CCFC0985DBC6FD5F4 ] AmdAS4 C:\Windows\System32\drivers\AmdAS4.sys
22:45:48.0929 0x09fc AmdAS4 - ok
22:45:48.0966 0x09fc [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
22:45:48.0972 0x09fc AmdK8 - ok
22:45:49.0765 0x09fc [ 1BF58E56CA271FEF678DC3A9996FAB0A, E4D93759E5D1022AF2A85DEDED79A1EAAE40403F671DE0307BB7F060813EE88D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:45:50.0359 0x09fc amdkmdag - ok
22:45:50.0464 0x09fc [ 4DD3339D3818356145A4945C1B4CB4C5, 46DA51ACC72CEFAA7F5C8B9626FC6BA916D139BBC1D6B0C7B7E24822D5B4A02F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:45:50.0498 0x09fc amdkmdap - ok
22:45:50.0550 0x09fc [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
22:45:50.0556 0x09fc AmdPPM - ok
22:45:50.0592 0x09fc [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:45:50.0597 0x09fc amdsata - ok
22:45:50.0641 0x09fc [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:45:50.0654 0x09fc amdsbs - ok
22:45:50.0667 0x09fc [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:45:50.0669 0x09fc amdxata - ok
22:45:50.0704 0x09fc [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\Windows\system32\drivers\appid.sys
22:45:50.0708 0x09fc AppID - ok
22:45:50.0758 0x09fc [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:45:50.0762 0x09fc AppIDSvc - ok
22:45:50.0810 0x09fc [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo C:\Windows\System32\appinfo.dll
22:45:50.0816 0x09fc Appinfo - ok
22:45:50.0987 0x09fc [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:45:50.0990 0x09fc Apple Mobile Device - ok
22:45:51.0103 0x09fc [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\Windows\system32\AppReadiness.dll
22:45:51.0127 0x09fc AppReadiness - ok
22:45:51.0243 0x09fc [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
22:45:51.0349 0x09fc AppXSvc - ok
22:45:51.0395 0x09fc [ FE62EDC3C804974E6CECB471E1E80EF6, D2C293645BECF1153D94DA41632DBE5852DCA32124B01F047AB5E6887742DA41 ] APXACC C:\Windows\system32\DRIVERS\appexDrv.sys
22:45:51.0405 0x09fc APXACC - ok
22:45:51.0429 0x09fc [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:45:51.0435 0x09fc arcsas - ok
22:45:51.0450 0x09fc [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
22:45:51.0452 0x09fc atapi - ok
22:45:51.0484 0x09fc [ AEB8BC801F11E436EBD8D347F866F7A1, 5C1DBFDD1D705E8CD8680DA3AC933EE47676FFB5FB0800CD0FCDAB5C379356B3 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
22:45:51.0491 0x09fc AtiHDAudioService - ok
22:45:51.0543 0x09fc [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
22:45:51.0553 0x09fc AudioEndpointBuilder - ok
22:45:51.0606 0x09fc [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:45:51.0651 0x09fc Audiosrv - ok
22:45:51.0682 0x09fc [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:45:51.0688 0x09fc AxInstSV - ok
22:45:51.0734 0x09fc [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:45:51.0768 0x09fc b06bdrv - ok
22:45:51.0791 0x09fc [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
22:45:51.0794 0x09fc BasicDisplay - ok
22:45:51.0848 0x09fc [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
22:45:51.0851 0x09fc BasicRender - ok
22:45:51.0877 0x09fc [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
22:45:51.0880 0x09fc bcmfn2 - ok
22:45:51.0986 0x09fc [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:45:52.0002 0x09fc BDESVC - ok
22:45:52.0034 0x09fc [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
22:45:52.0036 0x09fc Beep - ok
22:45:52.0126 0x09fc [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE C:\Windows\System32\bfe.dll
22:45:52.0195 0x09fc BFE - ok
22:45:52.0448 0x09fc [ F14F048B4D05FBCE536250EA74BF9FDC, 63E25E916209B6AF7AAC98B665E0128842F1EFDDEF95D50095514A9FDDC522A9 ] BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140121.001\BHDrvx64.sys
22:45:52.0507 0x09fc BHDrvx64 - ok
22:45:52.0586 0x09fc [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\Windows\System32\qmgr.dll
22:45:52.0642 0x09fc BITS - ok
22:45:52.0692 0x09fc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:45:52.0712 0x09fc Bonjour Service - ok
22:45:52.0743 0x09fc [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:45:52.0749 0x09fc bowser - ok
22:45:52.0800 0x09fc [ F2559A492AF8D653D1F47ADABA4C3E97, 77347915FB433023769699DFC9511F54E69C7FC7AB75F57FDC1A58E64A7126DE ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
22:45:52.0813 0x09fc BrokerInfrastructure - ok
22:45:52.0867 0x09fc [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser C:\Windows\System32\browser.dll
22:45:52.0875 0x09fc Browser - ok
22:45:52.0905 0x09fc [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
22:45:52.0908 0x09fc BthAvrcpTg - ok
22:45:52.0940 0x09fc [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
22:45:52.0945 0x09fc BthHFEnum - ok
22:45:52.0955 0x09fc [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
22:45:52.0959 0x09fc bthhfhid - ok
22:45:52.0972 0x09fc [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
22:45:52.0976 0x09fc BTHMODEM - ok
22:45:53.0125 0x09fc [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\Windows\system32\bthserv.dll
22:45:53.0132 0x09fc bthserv - ok
22:45:53.0209 0x09fc [ A5C16A0BE89EE409732178BEB62F7EA7, D4B993F63CFD9B487BD53B532AB9435084B4C752F2731E189FA1420D516A4E95 ] ccSet_NAT C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys
22:45:53.0216 0x09fc ccSet_NAT - ok
22:45:53.0292 0x09fc [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys
22:45:53.0300 0x09fc ccSet_NIS - ok
22:45:53.0330 0x09fc [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:45:53.0335 0x09fc cdfs - ok
22:45:53.0368 0x09fc [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
22:45:53.0378 0x09fc cdrom - ok
22:45:53.0422 0x09fc [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\Windows\System32\certprop.dll
22:45:53.0431 0x09fc CertPropSvc - ok
22:45:53.0462 0x09fc [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
22:45:53.0466 0x09fc circlass - ok
22:45:53.0530 0x09fc [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\Windows\system32\drivers\CLFS.sys
22:45:53.0546 0x09fc CLFS - ok
22:45:53.0597 0x09fc [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
22:45:53.0600 0x09fc CmBatt - ok
22:45:53.0721 0x09fc [ 1CD3A907D64D08F49208DA00B69BF35E, ABBD70FFCA0DE2274D855AFC08BF7BC0AA6D44EFC9FDBF7DF44B73CD5C210E28 ] CNG C:\Windows\system32\Drivers\cng.sys
22:45:53.0747 0x09fc CNG - ok
22:45:53.0771 0x09fc [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
22:45:53.0774 0x09fc CompositeBus - ok
22:45:53.0783 0x09fc COMSysApp - ok
22:45:53.0812 0x09fc [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
22:45:53.0815 0x09fc condrv - ok
22:45:53.0858 0x09fc [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:45:53.0865 0x09fc CryptSvc - ok
22:45:53.0897 0x09fc [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
22:45:53.0901 0x09fc dam - ok
22:45:53.0976 0x09fc [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:45:54.0022 0x09fc DcomLaunch - ok
22:45:54.0085 0x09fc [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc C:\Windows\System32\defragsvc.dll
22:45:54.0106 0x09fc defragsvc - ok
22:45:54.0164 0x09fc [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
22:45:54.0182 0x09fc DeviceAssociationService - ok
22:45:54.0227 0x09fc [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
22:45:54.0236 0x09fc DeviceInstall - ok
22:45:54.0274 0x09fc [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
22:45:54.0282 0x09fc Dfsc - ok
22:45:54.0334 0x09fc [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:45:54.0351 0x09fc Dhcp - ok
22:45:54.0381 0x09fc [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
22:45:54.0387 0x09fc disk - ok
22:45:54.0411 0x09fc [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
22:45:54.0413 0x09fc dmvsc - ok
22:45:54.0461 0x09fc [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:45:54.0474 0x09fc Dnscache - ok
22:45:54.0552 0x09fc [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\Windows\System32\dot3svc.dll
22:45:54.0565 0x09fc dot3svc - ok
22:45:54.0597 0x09fc [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\Windows\system32\dps.dll
22:45:54.0606 0x09fc DPS - ok
22:45:54.0638 0x09fc [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:45:54.0641 0x09fc drmkaud - ok
22:45:54.0673 0x09fc [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
22:45:54.0684 0x09fc DsmSvc - ok
22:45:54.0722 0x09fc [ 40CFC6671B2442D32E149FF1683212D1, ADC1743CDB98EAC736783156D659364DF8613BCC4C0B6D0AC0D8F05AF18E0BF7 ] dts_apo_service C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
22:45:54.0724 0x09fc dts_apo_service - ok
22:45:55.0108 0x09fc [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:45:55.0240 0x09fc DXGKrnl - ok
22:45:55.0299 0x09fc [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\Windows\System32\eapsvc.dll
22:45:55.0305 0x09fc Eaphost - ok
22:45:55.0530 0x09fc [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:45:55.0701 0x09fc ebdrv - ok
22:45:55.0762 0x09fc [ 1B7AA375F711F66D5FF2B855F9EC987F, 151E3897A31F0E828D08EBBB9C10A60047B48534BB38349EF1C8D9245524CA58 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:45:55.0783 0x09fc eeCtrl - ok
22:45:55.0813 0x09fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\Windows\System32\lsass.exe
22:45:55.0818 0x09fc EFS - ok
22:45:55.0855 0x09fc [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
22:45:55.0860 0x09fc EhStorClass - ok
22:45:55.0888 0x09fc [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
22:45:55.0895 0x09fc EhStorTcgDrv - ok
22:45:55.0952 0x09fc [ 7230C8B80DDE1F0524C353240B78CC0E, 15F73EBFB9152010E7736AFE518A47C209E17DDB347A40C4CDA0D9BBD26D1176 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:45:55.0964 0x09fc EraserUtilRebootDrv - ok
22:45:56.0004 0x09fc [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
22:45:56.0007 0x09fc ErrDev - ok
22:45:56.0082 0x09fc [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\Windows\system32\es.dll
22:45:56.0104 0x09fc EventSystem - ok
22:45:56.0150 0x09fc [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
22:45:56.0216 0x09fc exfat - ok
22:45:56.0256 0x09fc [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:45:56.0267 0x09fc fastfat - ok
22:45:56.0339 0x09fc [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\Windows\system32\fxssvc.exe
22:45:56.0384 0x09fc Fax - ok
22:45:56.0410 0x09fc [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
22:45:56.0414 0x09fc fdc - ok
22:45:56.0472 0x09fc [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\Windows\system32\fdPHost.dll
22:45:56.0476 0x09fc fdPHost - ok
22:45:56.0499 0x09fc [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\Windows\system32\fdrespub.dll
22:45:56.0503 0x09fc FDResPub - ok
22:45:56.0539 0x09fc [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\Windows\system32\fhsvc.dll
22:45:56.0547 0x09fc fhsvc - ok
22:45:56.0579 0x09fc [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:45:56.0583 0x09fc FileInfo - ok
22:45:56.0613 0x09fc [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:45:56.0616 0x09fc Filetrace - ok
22:45:56.0678 0x09fc [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
22:45:56.0681 0x09fc flpydisk - ok
22:45:56.0839 0x09fc [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:45:56.0857 0x09fc FltMgr - ok
22:45:56.0995 0x09fc [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache C:\Windows\system32\FntCache.dll
22:45:57.0086 0x09fc FontCache - ok
22:45:57.0230 0x09fc [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:45:57.0234 0x09fc FontCache3.0.0.0 - ok
22:45:57.0286 0x09fc [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:45:57.0290 0x09fc FsDepends - ok
22:45:57.0320 0x09fc [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:45:57.0323 0x09fc Fs_Rec - ok
22:45:57.0429 0x09fc [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:45:57.0485 0x09fc fvevol - ok
22:45:57.0531 0x09fc [ 114920A7332F358AFA448F49EB107AB9, 721FC03F6DB2173AB5EA0B5B3DC81F24BC84F0A363F5330401713240BA3E1E11 ] FwLnk C:\Windows\System32\drivers\FwLnk.sys
22:45:57.0533 0x09fc FwLnk - ok
22:45:57.0592 0x09fc [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
22:45:57.0664 0x09fc FxPPM - ok
22:45:57.0686 0x09fc [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:45:57.0820 0x09fc gagp30kx - ok
22:45:57.0888 0x09fc [ 61ABC13A9A44E6D6793BAC4F35045025, 44B58E98CC0F87B79FAD0D1CA04447F9401E2467C238CB07295A53EE72771633 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
22:45:57.0899 0x09fc GamesAppIntegrationService - ok
22:45:57.0979 0x09fc [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:45:57.0989 0x09fc GamesAppService - ok
22:45:58.0035 0x09fc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:45:58.0038 0x09fc GEARAspiWDM - ok
22:45:58.0077 0x09fc [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
22:45:58.0079 0x09fc gencounter - ok
22:45:58.0122 0x09fc [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
22:45:58.0130 0x09fc GPIOClx0101 - ok
22:45:58.0225 0x09fc [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc C:\Windows\System32\gpsvc.dll
22:45:58.0305 0x09fc gpsvc - ok
22:45:58.0380 0x09fc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:45:58.0386 0x09fc gupdate - ok
22:45:58.0397 0x09fc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:45:58.0403 0x09fc gupdatem - ok
22:45:58.0463 0x09fc [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:45:58.0485 0x09fc HdAudAddService - ok
22:45:58.0578 0x09fc [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
22:45:58.0582 0x09fc HDAudBus - ok
22:45:58.0618 0x09fc [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
22:45:58.0620 0x09fc HidBatt - ok
22:45:58.0679 0x09fc [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\Windows\System32\drivers\hidbth.sys
22:45:58.0685 0x09fc HidBth - ok
22:45:58.0712 0x09fc [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
22:45:58.0716 0x09fc hidi2c - ok
22:45:58.0735 0x09fc [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
22:45:58.0738 0x09fc HidIr - ok
22:45:58.0783 0x09fc [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\Windows\system32\hidserv.dll
22:45:58.0787 0x09fc hidserv - ok
22:45:58.0826 0x09fc [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
22:45:58.0831 0x09fc HidUsb - ok
22:45:58.0876 0x09fc [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:45:58.0883 0x09fc hkmsvc - ok
22:45:58.0913 0x09fc [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:45:58.0927 0x09fc HomeGroupListener - ok
22:45:59.0001 0x09fc [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:45:59.0023 0x09fc HomeGroupProvider - ok
22:45:59.0042 0x09fc [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:45:59.0046 0x09fc HpSAMD - ok
22:45:59.0124 0x09fc [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:45:59.0213 0x09fc HTTP - ok
22:45:59.0236 0x09fc [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:45:59.0239 0x09fc hwpolicy - ok
22:45:59.0268 0x09fc [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
22:45:59.0271 0x09fc hyperkbd - ok
22:45:59.0294 0x09fc [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
22:45:59.0297 0x09fc HyperVideo - ok
22:45:59.0394 0x09fc [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
22:45:59.0401 0x09fc i8042prt - ok
22:45:59.0420 0x09fc [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
22:45:59.0423 0x09fc iaLPSSi_GPIO - ok
22:45:59.0479 0x09fc [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
22:45:59.0484 0x09fc iaLPSSi_I2C - ok
22:45:59.0565 0x09fc [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
22:45:59.0594 0x09fc iaStorAV - ok
22:45:59.0661 0x09fc [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:45:59.0681 0x09fc iaStorV - ok
22:45:59.0864 0x09fc [ 777612849691B0D9EE064F93481FEFF1, BA970CE9F13EE25AA54E7E9B3BE7DE0C271D9067A317F8AE5F60F93B3D18E912 ] IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140122.001\IDSvia64.sys
22:45:59.0885 0x09fc IDSVia64 - ok
22:45:59.0897 0x09fc IEEtwCollectorService - ok
22:45:59.0993 0x09fc [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT C:\Windows\System32\ikeext.dll
22:46:00.0084 0x09fc IKEEXT - ok
22:46:00.0697 0x09fc [ 2BEE14AC102CF1259AC99ABF53291A8B, 45FAF81302E7A575D378A67F4EF75C89FDDE3B16AC3155BB2803A54D3A7B0DD3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:46:00.0902 0x09fc IntcAzAudAddService - ok
22:46:00.0940 0x09fc [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
22:46:00.0942 0x09fc intelide - ok
22:46:00.0977 0x09fc [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep C:\Windows\system32\drivers\intelpep.sys
22:46:00.0980 0x09fc intelpep - ok
22:46:01.0027 0x09fc [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
22:46:01.0038 0x09fc intelppm - ok
22:46:01.0063 0x09fc [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:46:01.0068 0x09fc IpFilterDriver - ok
22:46:01.0144 0x09fc [ 1670A274ED1A815311BA33CD27B0D0E8, 28378D3908DCFA2C0E8FCF83E5AFEF643C89BBB285FA0F1692FE576AEA2F4E45 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:46:01.0190 0x09fc iphlpsvc - ok
22:46:01.0235 0x09fc [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
22:46:01.0243 0x09fc IPMIDRV - ok
22:46:01.0280 0x09fc [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:46:01.0287 0x09fc IPNAT - ok
22:46:01.0348 0x09fc [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:46:01.0382 0x09fc iPod Service - ok
22:46:01.0401 0x09fc [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:46:01.0403 0x09fc IRENUM - ok
22:46:01.0425 0x09fc [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:46:01.0427 0x09fc isapnp - ok
22:46:01.0477 0x09fc [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
22:46:01.0492 0x09fc iScsiPrt - ok
22:46:01.0580 0x09fc [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
22:46:01.0584 0x09fc kbdclass - ok
22:46:01.0605 0x09fc [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
22:46:01.0608 0x09fc kbdhid - ok
22:46:01.0644 0x09fc [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
22:46:01.0646 0x09fc kdnic - ok
22:46:01.0669 0x09fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\Windows\system32\lsass.exe
22:46:01.0674 0x09fc KeyIso - ok
22:46:01.0729 0x09fc [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:46:01.0735 0x09fc KSecDD - ok
22:46:01.0796 0x09fc [ F88CC88F4A6D8476F1664E805CA18CC2, 2C61EE5EEA4FD45AA3FA927CC16E34EF90BD44324EAB14198AF65C3A27617991 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:46:01.0804 0x09fc KSecPkg - ok
22:46:01.0838 0x09fc [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:46:01.0840 0x09fc ksthunk - ok
22:46:01.0894 0x09fc [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:46:01.0912 0x09fc KtmRm - ok
22:46:01.0973 0x09fc [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer C:\Windows\system32\srvsvc.dll
22:46:01.0991 0x09fc LanmanServer - ok
22:46:02.0057 0x09fc [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:46:02.0074 0x09fc LanmanWorkstation - ok
22:46:02.0144 0x09fc [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
22:46:02.0169 0x09fc lfsvc - ok
22:46:02.0221 0x09fc [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:46:02.0225 0x09fc lltdio - ok
22:46:02.0297 0x09fc [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:46:02.0311 0x09fc lltdsvc - ok
22:46:02.0336 0x09fc [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:46:02.0340 0x09fc lmhosts - ok
22:46:02.0451 0x09fc [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:46:02.0458 0x09fc LSI_SAS - ok
22:46:02.0477 0x09fc [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:46:02.0483 0x09fc LSI_SAS2 - ok
22:46:02.0506 0x09fc [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
22:46:02.0552 0x09fc LSI_SAS3 - ok
22:46:02.0659 0x09fc [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
22:46:02.0664 0x09fc LSI_SSS - ok
22:46:02.0807 0x09fc [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\Windows\System32\lsm.dll
22:46:02.0848 0x09fc LSM - ok
22:46:03.0544 0x09fc [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
22:46:03.0582 0x09fc luafv - ok
22:46:03.0628 0x09fc [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
22:46:03.0844 0x09fc megasas - ok
22:46:03.0980 0x09fc [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
22:46:04.0091 0x09fc megasr - ok
22:46:04.0201 0x09fc [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\Windows\system32\mmcss.dll
22:46:04.0208 0x09fc MMCSS - ok
22:46:04.0552 0x09fc [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
22:46:04.0618 0x09fc Modem - ok
22:46:04.0644 0x09fc [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
22:46:04.0646 0x09fc monitor - ok
22:46:04.0679 0x09fc [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\Windows\System32\drivers\mouclass.sys
22:46:04.0683 0x09fc mouclass - ok
22:46:04.0707 0x09fc [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\Windows\System32\drivers\mouhid.sys
22:46:04.0710 0x09fc mouhid - ok
22:46:04.0733 0x09fc [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:46:04.0738 0x09fc mountmgr - ok
22:46:04.0885 0x09fc [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:46:04.0894 0x09fc mpsdrv - ok
22:46:05.0182 0x09fc [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\Windows\system32\mpssvc.dll
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and lots of pop-ups

Unread postby u0717211 » September 23rd, 2014, 12:56 am

My TDS Log had too many characters so I just cut it off somewhere near half. Here is the other half:

22:46:05.0439 0x09fc MpsSvc - ok
22:46:05.0513 0x09fc [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:46:05.0521 0x09fc MRxDAV - ok
22:46:05.0608 0x09fc [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:46:05.0626 0x09fc mrxsmb - ok
22:46:05.0688 0x09fc [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:46:05.0703 0x09fc mrxsmb10 - ok
22:46:05.0776 0x09fc [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:46:05.0786 0x09fc mrxsmb20 - ok
22:46:05.0823 0x09fc [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
22:46:05.0830 0x09fc MsBridge - ok
22:46:05.0924 0x09fc [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\Windows\System32\msdtc.exe
22:46:05.0934 0x09fc MSDTC - ok
22:46:05.0980 0x09fc [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:46:05.0983 0x09fc Msfs - ok
22:46:06.0020 0x09fc [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
22:46:06.0023 0x09fc msgpiowin32 - ok
22:46:06.0048 0x09fc [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:46:06.0050 0x09fc mshidkmdf - ok
22:46:06.0069 0x09fc [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
22:46:06.0071 0x09fc mshidumdf - ok
22:46:06.0112 0x09fc [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:46:06.0115 0x09fc msisadrv - ok
22:46:06.0172 0x09fc [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:46:06.0182 0x09fc MSiSCSI - ok
22:46:06.0191 0x09fc msiserver - ok
22:46:06.0371 0x09fc [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:46:06.0373 0x09fc MSKSSRV - ok
22:46:06.0396 0x09fc [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
22:46:06.0400 0x09fc MsLldp - ok
22:46:06.0416 0x09fc [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:46:06.0417 0x09fc MSPCLOCK - ok
22:46:06.0427 0x09fc [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:46:06.0429 0x09fc MSPQM - ok
22:46:06.0463 0x09fc [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:46:06.0479 0x09fc MsRPC - ok
22:46:06.0506 0x09fc [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
22:46:06.0509 0x09fc mssmbios - ok
22:46:06.0523 0x09fc [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:46:06.0525 0x09fc MSTEE - ok
22:46:06.0538 0x09fc [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
22:46:06.0541 0x09fc MTConfig - ok
22:46:06.0563 0x09fc [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
22:46:06.0568 0x09fc Mup - ok
22:46:06.0587 0x09fc [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
22:46:06.0591 0x09fc mvumis - ok
22:46:06.0630 0x09fc [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\Windows\system32\qagentRT.dll
22:46:06.0653 0x09fc napagent - ok
22:46:06.0729 0x09fc [ 8FA07AF404BC705FDEC03493644970B2, BF3B681AB11D830524607B3C5790B83A886B7CBDE397C3C7C9C96F79E2EC244D ] NAT C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
22:46:06.0739 0x09fc NAT - ok
22:46:06.0837 0x09fc [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:46:06.0857 0x09fc NativeWifiP - ok
22:46:06.0943 0x09fc [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140122.003\ENG64.SYS
22:46:06.0950 0x09fc NAVENG - ok
22:46:07.0072 0x09fc [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140122.003\EX64.SYS
22:46:07.0183 0x09fc NAVEX15 - ok
22:46:07.0301 0x09fc [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\Windows\System32\ncasvc.dll
22:46:07.0324 0x09fc NcaSvc - ok
22:46:07.0373 0x09fc [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\Windows\System32\ncbservice.dll
22:46:07.0382 0x09fc NcbService - ok
22:46:07.0404 0x09fc [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
22:46:07.0411 0x09fc NcdAutoSetup - ok
22:46:07.0503 0x09fc [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:46:07.0582 0x09fc NDIS - ok
22:46:07.0663 0x09fc [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:46:07.0719 0x09fc NdisCap - ok
22:46:07.0783 0x09fc [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
22:46:07.0812 0x09fc NdisImPlatform - ok
22:46:07.0850 0x09fc [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:46:07.0853 0x09fc NdisTapi - ok
22:46:07.0875 0x09fc [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:46:07.0879 0x09fc Ndisuio - ok
22:46:07.0896 0x09fc [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
22:46:07.0898 0x09fc NdisVirtualBus - ok
22:46:07.0930 0x09fc [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:46:07.0941 0x09fc NdisWan - ok
22:46:07.0957 0x09fc [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
22:46:07.0967 0x09fc NdisWanLegacy - ok
22:46:07.0990 0x09fc [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:46:07.0994 0x09fc NDProxy - ok
22:46:08.0024 0x09fc [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\Windows\system32\drivers\Ndu.sys
22:46:08.0030 0x09fc Ndu - ok
22:46:08.0052 0x09fc [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:46:08.0056 0x09fc NetBIOS - ok
22:46:08.0106 0x09fc [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:46:08.0120 0x09fc NetBT - ok
22:46:08.0148 0x09fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\Windows\system32\lsass.exe
22:46:08.0152 0x09fc Netlogon - ok
22:46:08.0291 0x09fc [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\Windows\System32\netman.dll
22:46:08.0311 0x09fc Netman - ok
22:46:08.0366 0x09fc [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\Windows\System32\netprofmsvc.dll
22:46:08.0420 0x09fc netprofm - ok
22:46:08.0479 0x09fc [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:46:08.0529 0x09fc NetTcpPortSharing - ok
22:46:08.0563 0x09fc [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\Windows\system32\DRIVERS\netvsc63.sys
22:46:08.0568 0x09fc netvsc - ok
22:46:08.0824 0x09fc [ DA97E7798C1B1B265436BF6B2026E74D, 0A9B176D46E53A5B28262C143410CFB3C4D7ABC12F9F0E0BCE6526E11C01FF4B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
22:46:08.0835 0x09fc NIS - ok
22:46:08.0918 0x09fc [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:46:08.0938 0x09fc NlaSvc - ok
22:46:08.0967 0x09fc [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:46:08.0971 0x09fc Npfs - ok
22:46:08.0996 0x09fc [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
22:46:08.0998 0x09fc npsvctrig - ok
22:46:09.0034 0x09fc [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\Windows\system32\nsisvc.dll
22:46:09.0038 0x09fc nsi - ok
22:46:09.0083 0x09fc [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:46:09.0086 0x09fc nsiproxy - ok
22:46:09.0246 0x09fc [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:46:09.0381 0x09fc Ntfs - ok
22:46:09.0435 0x09fc [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
22:46:09.0437 0x09fc Null - ok
22:46:09.0460 0x09fc [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:46:09.0468 0x09fc nvraid - ok
22:46:09.0498 0x09fc [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:46:09.0508 0x09fc nvstor - ok
22:46:09.0527 0x09fc [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:46:09.0534 0x09fc nv_agp - ok
22:46:09.0644 0x09fc [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:46:09.0664 0x09fc odserv - ok
22:46:09.0703 0x09fc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:46:09.0710 0x09fc ose - ok
22:46:09.0779 0x09fc [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:46:09.0798 0x09fc p2pimsvc - ok
22:46:09.0873 0x09fc [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\Windows\system32\p2psvc.dll
22:46:09.0896 0x09fc p2psvc - ok
22:46:09.0954 0x09fc [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
22:46:09.0961 0x09fc Parport - ok
22:46:10.0025 0x09fc [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:46:10.0030 0x09fc partmgr - ok
22:46:10.0096 0x09fc [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:46:10.0121 0x09fc PcaSvc - ok
22:46:10.0188 0x09fc [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
22:46:10.0201 0x09fc pci - ok
22:46:10.0231 0x09fc [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
22:46:10.0233 0x09fc pciide - ok
22:46:10.0276 0x09fc [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:46:10.0283 0x09fc pcmcia - ok
22:46:10.0306 0x09fc [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
22:46:10.0310 0x09fc pcw - ok
22:46:10.0339 0x09fc [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc C:\Windows\system32\drivers\pdc.sys
22:46:10.0344 0x09fc pdc - ok
22:46:10.0414 0x09fc [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:46:10.0449 0x09fc PEAUTH - ok
22:46:10.0691 0x09fc [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:46:10.0711 0x09fc PerfHost - ok
22:46:10.0858 0x09fc [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\Windows\system32\pla.dll
22:46:10.0937 0x09fc pla - ok
22:46:10.0973 0x09fc [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:46:10.0982 0x09fc PlugPlay - ok
22:46:11.0001 0x09fc [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:46:11.0006 0x09fc PNRPAutoReg - ok
22:46:11.0035 0x09fc [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:46:11.0053 0x09fc PNRPsvc - ok
22:46:11.0096 0x09fc [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:46:11.0117 0x09fc PolicyAgent - ok
22:46:11.0155 0x09fc [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\Windows\system32\umpo.dll
22:46:11.0163 0x09fc Power - ok
22:46:11.0971 0x09fc [ C0B3AD50136FE57C2548BD75CAC49DA2, B5661CE7631C5D1B1C50F36EE66AF6DF2E9E69DA1D9BA7C852E74D206F72D8DB ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
22:46:12.0376 0x09fc PrintNotify - ok
22:46:12.0415 0x09fc [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
22:46:12.0421 0x09fc Processor - ok
22:46:12.0465 0x09fc [ EF1F8B57323E5D3FC6A0A25F98F90DBC, F50E81151604DCD59BB647FD6767C1631AE48B5FCA6D3423C4E32535C94D6369 ] ProfSvc C:\Windows\system32\profsvc.dll
22:46:12.0478 0x09fc ProfSvc - ok
22:46:12.0504 0x09fc [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:46:12.0512 0x09fc Psched - ok
22:46:12.0557 0x09fc [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\Windows\system32\qwave.dll
22:46:12.0574 0x09fc QWAVE - ok
22:46:12.0592 0x09fc [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:46:12.0596 0x09fc QWAVEdrv - ok
22:46:12.0621 0x09fc [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:46:12.0623 0x09fc RasAcd - ok
22:46:12.0653 0x09fc [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\Windows\System32\rasauto.dll
22:46:12.0661 0x09fc RasAuto - ok
22:46:12.0727 0x09fc [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\Windows\System32\rasmans.dll
22:46:12.0762 0x09fc RasMan - ok
22:46:12.0786 0x09fc [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:46:12.0791 0x09fc RasPppoe - ok
22:46:12.0933 0x09fc [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:46:12.0952 0x09fc rdbss - ok
22:46:13.0018 0x09fc [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
22:46:13.0021 0x09fc rdpbus - ok
22:46:13.0050 0x09fc [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:46:13.0060 0x09fc RDPDR - ok
22:46:13.0121 0x09fc [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:46:13.0124 0x09fc RdpVideoMiniport - ok
22:46:13.0184 0x09fc [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:46:13.0195 0x09fc rdyboost - ok
22:46:13.0283 0x09fc [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\Windows\system32\drivers\ReFS.sys
22:46:13.0352 0x09fc ReFS - ok
22:46:13.0397 0x09fc [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:46:13.0411 0x09fc RemoteAccess - ok
22:46:13.0442 0x09fc [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:46:13.0453 0x09fc RemoteRegistry - ok
22:46:13.0475 0x09fc [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:46:13.0483 0x09fc RpcEptMapper - ok
22:46:13.0514 0x09fc [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\Windows\system32\locator.exe
22:46:13.0518 0x09fc RpcLocator - ok
22:46:13.0588 0x09fc [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\Windows\system32\rpcss.dll
22:46:13.0622 0x09fc RpcSs - ok
22:46:13.0646 0x09fc [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:46:13.0651 0x09fc rspndr - ok
22:46:13.0697 0x09fc [ 28B356BAB74470786867BF4DC261E17C, 92030573D97224FF9BE6CCEBFFDE71EC3F845A1A4D19DA599A6E93CC215FBB0E ] RSUSBVSTOR C:\Windows\System32\Drivers\RtsUVStor.sys
22:46:13.0711 0x09fc RSUSBVSTOR - ok
22:46:13.0775 0x09fc [ 948D5E71CF9DB59961353A355EA45139, A23D012B07A92CC217C67C904CDFBA2BCCDCC2BD49B24FB694BD230D000F2B7B ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
22:46:13.0822 0x09fc RTL8168 - ok
22:46:13.0998 0x09fc [ 79F9D44C9022BE848C8862518B9E7866, C3616F7F3EF763E6E5F5B4EDC068A1D71C68FE110F5137271AB6875BBFEAFDF2 ] RTWlanE C:\Windows\system32\DRIVERS\rtwlane.sys
22:46:14.0145 0x09fc RTWlanE - ok
22:46:14.0232 0x09fc [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
22:46:14.0267 0x09fc s3cap - ok
22:46:14.0303 0x09fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\Windows\system32\lsass.exe
22:46:14.0311 0x09fc SamSs - ok
22:46:14.0347 0x09fc [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:46:14.0355 0x09fc sbp2port - ok
22:46:14.0394 0x09fc [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:46:14.0407 0x09fc SCardSvr - ok
22:46:14.0437 0x09fc [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
22:46:14.0447 0x09fc ScDeviceEnum - ok
22:46:14.0472 0x09fc [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:46:14.0476 0x09fc scfilter - ok
22:46:14.0642 0x09fc [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule C:\Windows\system32\schedsvc.dll
22:46:14.0721 0x09fc Schedule - ok
22:46:14.0757 0x09fc [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:46:14.0764 0x09fc SCPolicySvc - ok
22:46:14.0818 0x09fc [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus C:\Windows\System32\drivers\sdbus.sys
22:46:14.0831 0x09fc sdbus - ok
22:46:14.0872 0x09fc [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
22:46:14.0877 0x09fc sdstor - ok
22:46:14.0906 0x09fc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:46:14.0908 0x09fc secdrv - ok
22:46:14.0940 0x09fc [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\Windows\system32\seclogon.dll
22:46:14.0946 0x09fc seclogon - ok
22:46:14.0971 0x09fc [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\Windows\System32\sens.dll
22:46:14.0978 0x09fc SENS - ok
22:46:15.0003 0x09fc [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:46:15.0016 0x09fc SensrSvc - ok
22:46:15.0047 0x09fc [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
22:46:15.0051 0x09fc SerCx - ok
22:46:15.0088 0x09fc [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
22:46:15.0095 0x09fc SerCx2 - ok
22:46:15.0113 0x09fc [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
22:46:15.0116 0x09fc Serenum - ok
22:46:15.0145 0x09fc [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
22:46:15.0151 0x09fc Serial - ok
22:46:15.0162 0x09fc [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\Windows\System32\drivers\sermouse.sys
22:46:15.0164 0x09fc sermouse - ok
22:46:15.0236 0x09fc [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\Windows\system32\sessenv.dll
22:46:15.0254 0x09fc SessionEnv - ok
22:46:15.0276 0x09fc [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
22:46:15.0279 0x09fc sfloppy - ok
22:46:15.0355 0x09fc [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:46:15.0377 0x09fc SharedAccess - ok
22:46:15.0437 0x09fc [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:46:15.0472 0x09fc ShellHWDetection - ok
22:46:15.0489 0x09fc [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:46:15.0493 0x09fc SiSRaid2 - ok
22:46:15.0525 0x09fc [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:46:15.0530 0x09fc SiSRaid4 - ok
22:46:15.0567 0x09fc [ 3083E0A1871AB287BB96E727B2015CF4, 09963B5B49B5E633C8648321253C1974AABA9CA906E68F1FADAEAB51AC890D59 ] SmbDrv C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys
22:46:15.0569 0x09fc SmbDrv - ok
22:46:15.0626 0x09fc [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\Windows\System32\smphost.dll
22:46:15.0630 0x09fc smphost - ok
22:46:15.0820 0x09fc [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:46:15.0860 0x09fc SNMPTRAP - ok
22:46:15.0966 0x09fc [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport C:\Windows\system32\drivers\spaceport.sys
22:46:16.0536 0x09fc spaceport - ok
22:46:16.0656 0x09fc [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
22:46:16.0664 0x09fc SpbCx - ok
22:46:16.0748 0x09fc [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler C:\Windows\System32\spoolsv.exe
22:46:16.0781 0x09fc Spooler - ok
22:46:17.0126 0x09fc [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe
22:46:17.0451 0x09fc sppsvc - ok
22:46:17.0646 0x09fc [ F718A57D946EAC76EFCB351D74E269F4, 473AE48BACEE64A9582814951B731BDDDEB48D2E9D407ACEAA3F0850B536DABA ] SRTSP C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS
22:46:17.0707 0x09fc SRTSP - ok
22:46:17.0739 0x09fc [ B18CE01B9C09C59422BA7C7064248B35, B355EE2FBB37C4B0EFFE4DC5E0788A26579266828E7988EDC497B0AE7375F8AB ] SRTSPX C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS
22:46:17.0742 0x09fc SRTSPX - ok
22:46:17.0783 0x09fc [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:46:17.0802 0x09fc srv - ok
22:46:17.0860 0x09fc [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:46:17.0894 0x09fc srv2 - ok
22:46:17.0927 0x09fc [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:46:17.0937 0x09fc srvnet - ok
22:46:18.0012 0x09fc [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:46:18.0025 0x09fc SSDPSRV - ok
22:46:18.0040 0x09fc [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:46:18.0050 0x09fc SstpSvc - ok
22:46:18.0081 0x09fc [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:46:18.0083 0x09fc stexstor - ok
22:46:18.0135 0x09fc [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\Windows\System32\wiaservc.dll
22:46:18.0171 0x09fc stisvc - ok
22:46:18.0194 0x09fc [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
22:46:18.0199 0x09fc storahci - ok
22:46:18.0296 0x09fc [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:46:18.0302 0x09fc storflt - ok
22:46:18.0353 0x09fc [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
22:46:18.0357 0x09fc stornvme - ok
22:46:18.0382 0x09fc [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\Windows\system32\storsvc.dll
22:46:18.0388 0x09fc StorSvc - ok
22:46:18.0412 0x09fc [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:46:18.0415 0x09fc storvsc - ok
22:46:18.0424 0x09fc [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\Windows\system32\svsvc.dll
22:46:18.0430 0x09fc svsvc - ok
22:46:18.0453 0x09fc [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\Windows\System32\drivers\swenum.sys
22:46:18.0455 0x09fc swenum - ok
22:46:18.0525 0x09fc [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\Windows\System32\swprv.dll
22:46:18.0570 0x09fc swprv - ok
22:46:18.0629 0x09fc [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS
22:46:18.0650 0x09fc SymDS - ok
22:46:18.0750 0x09fc [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS
22:46:18.0807 0x09fc SymEFA - ok
22:46:18.0834 0x09fc [ 20F758E6339A16F97DD83389D582E09A, 837016154B7952B645B5545AEB8E2A8878EFA8674E6B96471C3DB5E458B06960 ] SymELAM C:\Windows\system32\drivers\NISx64\1505000.013\SymELAM.sys
22:46:18.0876 0x09fc SymELAM - ok
22:46:19.0025 0x09fc [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:46:19.0064 0x09fc SymEvent - ok
22:46:19.0124 0x09fc [ 48C2934683CBD06F662B088EEF49EF6A, 2212A3588C28F33EFCB1D34618B3054EBBAC6731D177A581D21D1F969FE040C0 ] SymIRON C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS
22:46:19.0140 0x09fc SymIRON - ok
22:46:19.0195 0x09fc [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS
22:46:19.0229 0x09fc SymNetS - ok
22:46:19.0295 0x09fc [ 5385DA405FDAAB0BD2AF0B24723FBA46, 0C50CC3F2D97E2087EF477948DF8CBC41662835F6CC222D66A8E3F9EE4168DD1 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:46:19.0329 0x09fc SynTP - ok
22:46:19.0429 0x09fc [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\Windows\system32\sysmain.dll
22:46:19.0497 0x09fc SysMain - ok
22:46:19.0549 0x09fc [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
22:46:19.0565 0x09fc SystemEventsBroker - ok
22:46:19.0608 0x09fc [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
22:46:19.0618 0x09fc TabletInputService - ok
22:46:19.0753 0x09fc [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:46:19.0775 0x09fc TapiSrv - ok
22:46:20.0564 0x09fc [ FEBAA7D782E30882FFF1CBCBBE8AD467, B54333F52CF901CADB3B71334BFAFA63C508A0F7EA7E700C5578FC20D780403E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:46:20.0670 0x09fc Tcpip - ok
22:46:20.0792 0x09fc [ FEBAA7D782E30882FFF1CBCBBE8AD467, B54333F52CF901CADB3B71334BFAFA63C508A0F7EA7E700C5578FC20D780403E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:46:20.0889 0x09fc TCPIP6 - ok
22:46:20.0947 0x09fc [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:46:20.0950 0x09fc tcpipreg - ok
22:46:21.0057 0x09fc [ 58480A57ACF2671C343FD1D4BA990E34, 24AD9C808D06FABFE8E81242CAC8B5A91829F7D951B245865EF77B79BB795E3D ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:46:21.0060 0x09fc tdcmdpst - ok
22:46:21.0106 0x09fc [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:46:21.0112 0x09fc tdx - ok
22:46:21.0134 0x09fc [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
22:46:21.0137 0x09fc terminpt - ok
22:46:21.0224 0x09fc [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService C:\Windows\System32\termsrv.dll
22:46:21.0280 0x09fc TermService - ok
22:46:21.0305 0x09fc [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\Windows\system32\themeservice.dll
22:46:21.0311 0x09fc Themes - ok
22:46:21.0346 0x09fc [ 77CF0ECC1C2B5E616B650AB5D4931114, FFB54C264EE10AABA076B591196A98DA5F57E975A4A143AFB5424DFF726AF66F ] Thotkey C:\Windows\System32\drivers\Thotkey.sys
22:46:21.0350 0x09fc Thotkey - ok
22:46:21.0391 0x09fc [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\Windows\system32\mmcss.dll
22:46:21.0398 0x09fc THREADORDER - ok
22:46:21.0422 0x09fc [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
22:46:21.0437 0x09fc TimeBroker - ok
22:46:21.0514 0x09fc [ 6C4F5CD42074DB52AE88FC4BAB2C54F7, B4E3B6A23C99A11186F4EE875871D459A7A03EF4565CA114B41FB3C982841A45 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:46:21.0517 0x09fc TMachInfo - ok
22:46:21.0551 0x09fc [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe
22:46:21.0560 0x09fc TODDSrv - ok
22:46:21.0620 0x09fc [ 380192EE4C9FA50A083C14522E6240C8, 539EF29B97E552F655F73EFB54AE300587F3C6FCE9AF89C81B838997E9E0CD43 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\Teco\TecoService.exe
22:46:21.0634 0x09fc TOSHIBA eco Utility Service - ok
22:46:21.0677 0x09fc [ 36391C3953D191A2AF4556D5D706C641, 5191A35C86B6C98F2CBDDC23B5311ED62310345CEDE084A54BBF70CCF0F84C50 ] tos_sps64 C:\Windows\system32\drivers\tos_sps64.sys
22:46:21.0699 0x09fc tos_sps64 - ok
22:46:21.0733 0x09fc [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys
22:46:21.0742 0x09fc TPM - ok
22:46:21.0818 0x09fc [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\Windows\System32\trkwks.dll
22:46:21.0828 0x09fc TrkWks - ok
22:46:21.0879 0x09fc [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:46:21.0884 0x09fc TrustedInstaller - ok
22:46:21.0906 0x09fc [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:46:21.0911 0x09fc TsUsbFlt - ok
22:46:21.0932 0x09fc [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
22:46:21.0935 0x09fc TsUsbGD - ok
22:46:21.0969 0x09fc [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:46:21.0977 0x09fc tunnel - ok
22:46:22.0005 0x09fc [ 54BDBF3D4DED58DA78B702471C68D4CA, D12F9F09FFE7D38A5EE6BF79DB74D775A9861C3C87E06D7C23259E47247B1782 ] TVALZ C:\Windows\system32\drivers\TVALZ_O.SYS
22:46:22.0008 0x09fc TVALZ - ok
22:46:22.0026 0x09fc [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:46:22.0031 0x09fc uagp35 - ok
22:46:22.0058 0x09fc [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
22:46:22.0063 0x09fc UASPStor - ok
22:46:22.0113 0x09fc [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
22:46:22.0124 0x09fc UCX01000 - ok
22:46:22.0160 0x09fc [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:46:22.0175 0x09fc udfs - ok
22:46:22.0209 0x09fc [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
22:46:22.0212 0x09fc UEFI - ok
22:46:22.0259 0x09fc [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:46:22.0265 0x09fc UI0Detect - ok
22:46:22.0293 0x09fc [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:46:22.0298 0x09fc uliagpkx - ok
22:46:22.0317 0x09fc [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
22:46:22.0321 0x09fc umbus - ok
22:46:22.0343 0x09fc [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
22:46:22.0346 0x09fc UmPass - ok
22:46:22.0383 0x09fc [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\Windows\System32\umrdp.dll
22:46:22.0400 0x09fc UmRdpService - ok
22:46:22.0441 0x09fc [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\Windows\System32\upnphost.dll
22:46:22.0489 0x09fc upnphost - ok
22:46:22.0537 0x09fc [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
22:46:22.0541 0x09fc USBAAPL64 - ok
22:46:22.0607 0x09fc [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
22:46:22.0615 0x09fc usbccgp - ok
22:46:22.0658 0x09fc [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\Windows\System32\drivers\usbcir.sys
22:46:22.0664 0x09fc usbcir - ok
22:46:22.0703 0x09fc [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\Windows\System32\drivers\usbehci.sys
22:46:22.0709 0x09fc usbehci - ok
22:46:22.0749 0x09fc [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:46:22.0753 0x09fc usbfilter - ok
22:46:22.0820 0x09fc [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\Windows\System32\drivers\usbhub.sys
22:46:22.0839 0x09fc usbhub - ok
22:46:22.0896 0x09fc [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
22:46:22.0917 0x09fc USBHUB3 - ok
22:46:22.0975 0x09fc [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys
22:46:22.0978 0x09fc usbohci - ok
22:46:22.0996 0x09fc [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
22:46:22.0999 0x09fc usbprint - ok
22:46:23.0041 0x09fc [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
22:46:23.0051 0x09fc USBSTOR - ok
22:46:23.0093 0x09fc [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
22:46:23.0096 0x09fc usbuhci - ok
22:46:23.0169 0x09fc [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:46:23.0181 0x09fc usbvideo - ok
22:46:23.0246 0x09fc [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
22:46:23.0263 0x09fc USBXHCI - ok
22:46:23.0282 0x09fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\Windows\system32\lsass.exe
22:46:23.0286 0x09fc VaultSvc - ok
22:46:23.0306 0x09fc [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:46:23.0310 0x09fc vdrvroot - ok
22:46:23.0435 0x09fc [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\Windows\System32\vds.exe
22:46:23.0503 0x09fc vds - ok
22:46:23.0617 0x09fc [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
22:46:23.0632 0x09fc VerifierExt - ok
22:46:23.0716 0x09fc [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
22:46:23.0747 0x09fc vhdmp - ok
22:46:23.0794 0x09fc [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
22:46:23.0797 0x09fc viaide - ok
22:46:23.0827 0x09fc [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:46:23.0833 0x09fc vmbus - ok
22:46:23.0866 0x09fc [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
22:46:23.0869 0x09fc VMBusHID - ok
22:46:23.0929 0x09fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
22:46:23.0962 0x09fc vmicguestinterface - ok
22:46:24.0006 0x09fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
22:46:24.0027 0x09fc vmicheartbeat - ok
22:46:24.0057 0x09fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
22:46:24.0080 0x09fc vmickvpexchange - ok
22:46:24.0111 0x09fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\Windows\System32\ICSvc.dll
22:46:24.0132 0x09fc vmicrdv - ok
22:46:24.0162 0x09fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\Windows\System32\ICSvc.dll
22:46:24.0184 0x09fc vmicshutdown - ok
22:46:24.0213 0x09fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\Windows\System32\ICSvc.dll
22:46:24.0235 0x09fc vmictimesync - ok
22:46:24.0305 0x09fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\Windows\System32\ICSvc.dll
22:46:24.0326 0x09fc vmicvss - ok
22:46:24.0353 0x09fc [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:46:24.0358 0x09fc volmgr - ok
22:46:24.0399 0x09fc [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:46:24.0424 0x09fc volmgrx - ok
22:46:24.0503 0x09fc [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:46:24.0518 0x09fc volsnap - ok
22:46:24.0547 0x09fc [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\Windows\System32\drivers\vpci.sys
22:46:24.0552 0x09fc vpci - ok
22:46:24.0610 0x09fc [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:46:24.0619 0x09fc vsmraid - ok
22:46:24.0941 0x09fc [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\Windows\system32\vssvc.exe
22:46:25.0019 0x09fc VSS - ok
22:46:25.0084 0x09fc [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
22:46:25.0098 0x09fc VSTXRAID - ok
22:46:25.0146 0x09fc [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:46:25.0150 0x09fc vwifibus - ok
22:46:25.0223 0x09fc [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:46:25.0228 0x09fc vwififlt - ok
22:46:25.0255 0x09fc [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:46:25.0259 0x09fc vwifimp - ok
22:46:25.0351 0x09fc [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\Windows\system32\w32time.dll
22:46:25.0375 0x09fc W32Time - ok
22:46:25.0412 0x09fc [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
22:46:25.0415 0x09fc WacomPen - ok
22:46:25.0527 0x09fc [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\Windows\system32\wbengine.exe
22:46:25.0606 0x09fc wbengine - ok
22:46:25.0671 0x09fc [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:46:25.0695 0x09fc WbioSrvc - ok
22:46:25.0733 0x09fc [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
22:46:25.0753 0x09fc Wcmsvc - ok
22:46:25.0797 0x09fc [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:46:25.0824 0x09fc wcncsvc - ok
22:46:25.0893 0x09fc [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:46:25.0899 0x09fc WcsPlugInService - ok
22:46:25.0945 0x09fc [ F5D4FA3E1F4879C361FFF3855259D2C2, 48C60FE4AAB011E2250157506FF0624031BFA346F8F2F8C6DFDF6F3CAA4F3F42 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
22:46:25.0948 0x09fc WdBoot - ok
22:46:26.0021 0x09fc [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:46:26.0067 0x09fc Wdf01000 - ok
22:46:26.0113 0x09fc [ 019CC610AD95FF47EAD7C08B7A683B96, BB9D42F8ED90ECA2E7B8C906E06A1EA859FAD9BD1B3492BB1E28C0D00004812A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
22:46:26.0125 0x09fc WdFilter - ok
22:46:26.0163 0x09fc [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:46:26.0172 0x09fc WdiServiceHost - ok
22:46:26.0182 0x09fc [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:46:26.0190 0x09fc WdiSystemHost - ok
22:46:26.0220 0x09fc [ 6CC1BB8F6851A262E2E824F0E92D5EEF, 45A88A984179BBA38C1F4434C4D6C2823C1FE6AFBE8CB0F656DAE0092D1D5611 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
22:46:26.0227 0x09fc WdNisDrv - ok
22:46:26.0290 0x09fc WdNisSvc - ok
22:46:26.0340 0x09fc [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient C:\Windows\System32\webclnt.dll
22:46:26.0354 0x09fc WebClient - ok
22:46:26.0399 0x09fc [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\Windows\system32\wecsvc.dll
22:46:26.0414 0x09fc Wecsvc - ok
22:46:26.0432 0x09fc [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
22:46:26.0438 0x09fc WEPHOSTSVC - ok
22:46:26.0481 0x09fc [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:46:26.0489 0x09fc wercplsupport - ok
22:46:26.0544 0x09fc [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\Windows\System32\WerSvc.dll
22:46:26.0553 0x09fc WerSvc - ok
22:46:26.0602 0x09fc [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
22:46:26.0610 0x09fc WFPLWFS - ok
22:46:26.0653 0x09fc [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\Windows\System32\wiarpc.dll
22:46:26.0660 0x09fc WiaRpc - ok
22:46:26.0699 0x09fc [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:46:26.0702 0x09fc WIMMount - ok
22:46:26.0709 0x09fc WinDefend - ok
22:46:26.0836 0x09fc [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
22:46:27.0067 0x09fc WinHttpAutoProxySvc - ok
22:46:27.0236 0x09fc [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:46:27.0249 0x09fc Winmgmt - ok
22:46:27.0395 0x09fc [ C8D6344BDE2691A196E61C0D3372EAB7, FF8EB79D8A7E298343C22B83276FF68293D08A9DA438BB22600BEFC4CA93A91D ] WinRM C:\Windows\system32\WsmSvc.dll
22:46:27.0535 0x09fc WinRM - ok
22:46:27.0591 0x09fc [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:46:27.0598 0x09fc WinUsb - ok
22:46:27.0709 0x09fc [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc C:\Windows\System32\wlansvc.dll
22:46:27.0800 0x09fc WlanSvc - ok
22:46:28.0138 0x09fc [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\Windows\system32\wlidsvc.dll
22:46:28.0210 0x09fc wlidsvc - ok
22:46:28.0235 0x09fc [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
22:46:28.0237 0x09fc WmiAcpi - ok
22:46:28.0277 0x09fc [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:46:28.0287 0x09fc wmiApSrv - ok
22:46:28.0318 0x09fc WMPNetworkSvc - ok
22:46:28.0364 0x09fc [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
22:46:28.0372 0x09fc Wof - ok
22:46:28.0478 0x09fc [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
22:46:28.0602 0x09fc workfolderssvc - ok
22:46:28.0655 0x09fc [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
22:46:28.0659 0x09fc wpcfltr - ok
22:46:28.0684 0x09fc [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:46:28.0690 0x09fc WPCSvc - ok
22:46:28.0728 0x09fc [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:46:28.0736 0x09fc WPDBusEnum - ok
22:46:28.0763 0x09fc [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
22:46:28.0766 0x09fc WpdUpFltr - ok
22:46:28.0791 0x09fc [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:46:28.0793 0x09fc ws2ifsl - ok
22:46:28.0843 0x09fc [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc C:\Windows\System32\wscsvc.dll
22:46:28.0852 0x09fc wscsvc - ok
22:46:28.0878 0x09fc [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
22:46:28.0882 0x09fc WSDPrintDevice - ok
22:46:28.0909 0x09fc [ D38297814FB6E33655342D869996E617, 3701892EEF87D1BF0E73322B90678802B6EA4AFA9CBF6111F39611C79DBA96C7 ] WSDScan C:\Windows\System32\drivers\WSDScan.sys
22:46:28.0912 0x09fc WSDScan - ok
22:46:28.0921 0x09fc WSearch - ok
22:46:29.0122 0x09fc [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\Windows\System32\WSService.dll
22:46:29.0358 0x09fc WSService - ok
22:46:29.0717 0x09fc [ D24002EB2F4A8A04897703067E81CC5D, 03806198D26DD7BA3E27EFE0911B49E5B48CAD8A05EC4F56AF45CF1E3FAD6916 ] wuauserv C:\Windows\system32\wuaueng.dll
22:46:29.0892 0x09fc wuauserv - ok
22:46:29.0964 0x09fc [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:46:29.0971 0x09fc WudfPf - ok
22:46:30.0000 0x09fc [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
22:46:30.0012 0x09fc WUDFRd - ok
22:46:30.0028 0x09fc [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP C:\Windows\System32\drivers\WUDFRd.sys
22:46:30.0039 0x09fc WUDFSensorLP - ok
22:46:30.0063 0x09fc [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:46:30.0073 0x09fc wudfsvc - ok
22:46:30.0092 0x09fc [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
22:46:30.0102 0x09fc WUDFWpdFs - ok
22:46:30.0120 0x09fc [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
22:46:30.0129 0x09fc WUDFWpdMtp - ok
22:46:30.0178 0x09fc [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\Windows\System32\wwansvc.dll
22:46:30.0212 0x09fc WwanSvc - ok
22:46:30.0238 0x09fc ================ Scan global ===============================
22:46:30.0279 0x09fc [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
22:46:30.0334 0x09fc [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
22:46:30.0379 0x09fc [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
22:46:30.0432 0x09fc [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
22:46:30.0451 0x09fc [ Global ] - ok
22:46:30.0452 0x09fc ================ Scan MBR ==================================
22:46:30.0553 0x09fc [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:46:30.0565 0x09fc \Device\Harddisk0\DR0 - ok
22:46:30.0566 0x09fc ================ Scan VBR ==================================
22:46:30.0593 0x09fc [ B92014AA530963BDE699345AC4D5ABE6 ] \Device\Harddisk0\DR0\Partition1
22:46:30.0606 0x09fc \Device\Harddisk0\DR0\Partition1 - ok
22:46:30.0686 0x09fc [ 5C9F43BBC4BE43CF74EBBAD15D85A2E3 ] \Device\Harddisk0\DR0\Partition2
22:46:30.0736 0x09fc \Device\Harddisk0\DR0\Partition2 - ok
22:46:30.0772 0x09fc [ 669C3D5AF2B5D8BB46D7D2CF23ECB53B ] \Device\Harddisk0\DR0\Partition3
22:46:30.0820 0x09fc \Device\Harddisk0\DR0\Partition3 - ok
22:46:30.0835 0x09fc [ 46D2D9E8D99A2CFD15649C2EAE8ADADF ] \Device\Harddisk0\DR0\Partition4
22:46:30.0849 0x09fc \Device\Harddisk0\DR0\Partition4 - ok
22:46:30.0883 0x09fc [ 4A4A421303F33867E59333E5496E5936 ] \Device\Harddisk0\DR0\Partition5
22:46:30.0887 0x09fc \Device\Harddisk0\DR0\Partition5 - ok
22:46:30.0888 0x09fc ================ Scan generic autorun ======================
22:46:31.0123 0x09fc [ 0210577A83C3E30C724E21EC3211ED95, 1433DE5B47B5EC1F99E6BCD6C8538D8BD1F17B175AB4FE2CE7D480D46AAF3822 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
22:46:31.0154 0x09fc StartCCC - ok
22:46:31.0232 0x09fc [ 2D7816ACDA1CC85C873CBC19A4121D58, 3F3E41EBEF81DB8C2A84A8E75D1E4852046A10A5DCB8CCCC2ADF7FD0DC8EEF66 ] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
22:46:31.0265 0x09fc ToshibaAppPlace - ok
22:46:31.0327 0x09fc [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
22:46:31.0333 0x09fc iTunesHelper - ok
22:46:31.0414 0x09fc GoogleDriveSync - ok
22:46:31.0510 0x09fc [ AC08A03D7E579E2903925736E7AB48F2, B4350DFB5BF153D60C38835FD0D4A13A993B5FCEDE04F98750396EDF0070B3FE ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
22:46:31.0542 0x09fc GoogleChromeAutoLaunch_4B534D2853F8AE4650317E2DD1CF4E30 - ok
22:46:31.0546 0x09fc Waiting for KSN requests completion. In queue: 105
22:46:32.0547 0x09fc Waiting for KSN requests completion. In queue: 105
22:46:33.0547 0x09fc Waiting for KSN requests completion. In queue: 105
22:46:34.0628 0x09fc AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
22:46:34.0629 0x09fc AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x54010 ( disabled : outofdate )
22:46:34.0631 0x09fc FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x50010 ( disabled )
22:46:34.0636 0x09fc Win FW state via NFP2: enabled
22:46:37.0171 0x09fc ============================================================
22:46:37.0171 0x09fc Scan finished
22:46:37.0171 0x09fc ============================================================
22:46:37.0193 0x10f4 Detected object count: 0
22:46:37.0193 0x10f4 Actual detected object count: 0
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and lots of pop-ups

Unread postby Cypher » September 23rd, 2014, 5:42 am

Hi,
How are things now, still having problems?
If so are both Chrome and Internet Explorer still affected?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirection of links and lots of pop-ups

Unread postby u0717211 » September 25th, 2014, 12:23 am

Yes we are pretty much back to square one. Both Chrome and Explorer are running slow with many pop ups. A pop up will come up saying that it can't navigate that page and won't let me select anything else. The popups are on pretty much all pages, and some links take me to other websites. The symptoms were much better for a while, but now it's acting up again. What else can we do to make progress?
u0717211
Regular Member
 
Posts: 18
Joined: September 8th, 2014, 11:51 pm

Re: Redirection of links and lots of pop-ups

Unread postby Cypher » September 25th, 2014, 6:09 am

Hi,
This is the main cause of your problems, you have a Superfish.A infection.
PUP.Optional.Superfish.A, C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [af5f6c857902280e84e477acf60d32ce],
PUP.Optional.Superfish.A, C:\Users\tayweb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [07072bc62d4ede5863051013f310f50b],

Please run Malwarebytes again as per my last instructions here.
viewtopic.php?p=636971#p636971

Next.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, Seven, Eight, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next.

zoek.exe

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the boxs:

    • IE Defaults
    • Reset Chrome
    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • JRT.txt.
  • zoek-results.log
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware