Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Zaccess virus woes, constant popups and redirects


  • This topic is locked This topic is locked
16 replies to this topic

#1 daniel0311

daniel0311

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 27 January 2015 - 08:52 PM

HELP!!!!!!!!! Thanks in advance

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Stephanie (administrator) on STEPH-PC on 27-01-2015 20:35:20
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available profiles: Stephanie & Guest)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WindowsAnytimeUpgradeui.exe
(Farbar) C:\Users\Stephanie\Downloads\FRST64(1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7970848 2009-07-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2011-03-15] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-13] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [Google Update] => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-29] (Google Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D3E3B50F-2A74-4269-B4A8-4ED4DEA87E6A} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\l8bp2ncg.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2621610626-3318039025-3462326288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2621610626-3318039025-3462326288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: 9efe12fc8e7b41dc917eb9341daa31e0 - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\l8bp2ncg.default\Extensions\{9efe12fc-8e7b-41dc-917e-b9341daa31e0} [2015-01-19]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=M60C049FB-FC9F-488B-9FBA-AB7606423497&SearchSource=55&CUI=&UM=8&UP=SPBBC1B80E-D206-45D5-A77E-9F1E0BBEB2B4&SSPV=
CHR StartupUrls: Default -> "hxxp://www.animalpak.com/"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=M60C049FB-FC9F-488B-9FBA-AB7606423497&SearchSource=58&CUI=&UM=8&UP=SPBBC1B80E-D206-45D5-A77E-9F1E0BBEB2B4&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=M60C049FB-FC9F-488B-9FBA-AB7606423497&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=8&UP=SPBBC1B80E-D206-45D5-A77E-9F1E0BBEB2B4&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-19]
CHR Extension: (YouTube) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Cast) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Netflix) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-01-02]
CHR Extension: (Pandora) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-12-30]
CHR Extension: (Google Sheets) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "ab6bf9c35ccd084" service could not be unlocked. <===== ATTENTION

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 ab6bf9c35ccd084; C:\Windows\System32\Drivers\ab6bf9c35ccd084.sys [84952 2015-01-26] () <===== ATTENTION Necurs Rootkit?
S1 kqdzauuu; C:\Windows\system32\drivers\kqdzauuu.sys [55104 2015-01-26] (Microsoft Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-13] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-13] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-13] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-13] ()
R1 NEOFLTR_710_18671; C:\Windows\system32\Drivers\NEOFLTR_710_18671.SYS [99664 2011-06-23] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-13] () [File not signed]
R3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [6952960 2009-09-15] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-13] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1657216 2011-03-11] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-13] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-13] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-13] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75632 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-13] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12352 2009-07-13] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-13] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-13] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-13] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-13] () [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55280 2009-07-09] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-13] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-13] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-13] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-13] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-13] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2012-04-27] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-13] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [216064 2009-06-04] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [215040 2009-05-22] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-13] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-13] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-13] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-13] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-13] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-13] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2010-10-18] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-13] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-13] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [461312 2011-04-28] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [399872 2011-04-28] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [161792 2011-04-28] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-13] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] () [File not signed]
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] () [File not signed]
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [272432 2009-06-26] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1895280 2012-03-30] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1895280 2012-03-30] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-13] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-13] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-13] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-13] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-13] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-13] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327680 2010-10-18] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-13] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-13] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-13] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99328 2011-03-28] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-13] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52224 2011-03-28] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-28] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-03-28] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-13] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91136 2011-03-10] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2011-03-28] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184832 2010-10-18] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-13] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-13] () [File not signed]
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-13] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-13] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-13] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-13] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-13] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-13] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-13] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] () [File not signed]
S3 WimFltr; C:\Windows\System32\DRIVERS\wimfltr.sys [151656 2006-11-01] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41472 2010-10-18] () [File not signed]
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-13] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112640 2010-10-18] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-10-18] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 20:28 - 2015-01-27 20:28 - 02129920 _____ (Farbar) C:\Users\Stephanie\Downloads\FRST64(1).exe
2015-01-26 04:43 - 2015-01-26 04:43 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kqdzauuu.sys
2015-01-26 03:02 - 2015-01-26 03:02 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-26 03:02 - 2015-01-26 03:02 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-26 03:02 - 2015-01-26 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-26 03:02 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-26 03:00 - 2015-01-26 03:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Stephanie\Downloads\spybot-2.4(1).exe
2015-01-26 02:57 - 2015-01-26 02:57 - 00000637 _____ () C:\Users\Stephanie\Desktop\JRT.txt
2015-01-26 00:19 - 2015-01-26 00:22 - 621283886 _____ () C:\Users\Stephanie\Downloads\Hirens.BootCD.15.2.zip
2015-01-21 21:26 - 2015-01-21 21:26 - 00013888 _____ () C:\Users\Stephanie\Desktop\attach.txt
2015-01-21 21:26 - 2015-01-21 21:25 - 00022829 _____ () C:\Users\Stephanie\Desktop\dds.txt
2015-01-21 21:24 - 2015-01-21 21:24 - 00688992 ____R (Swearware) C:\Users\Stephanie\Downloads\dds.com
2015-01-21 15:59 - 2015-01-21 16:00 - 00852520 _____ () C:\Users\Stephanie\Downloads\SecurityCheck(1).exe
2015-01-21 15:59 - 2015-01-21 15:59 - 00852520 _____ () C:\Users\Stephanie\Downloads\SecurityCheck.exe
2015-01-21 15:33 - 2015-01-26 02:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 15:23 - 2015-01-26 02:33 - 00000000 ____D () C:\Users\Stephanie\Desktop\mbar
2015-01-21 15:23 - 2015-01-21 15:23 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Stephanie\Downloads\mbar-1.08.3.1004.exe
2015-01-21 15:13 - 2015-01-26 02:01 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-01-21 15:13 - 2015-01-21 15:13 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-21 15:10 - 2015-01-21 15:11 - 00753184 _____ () C:\Users\Stephanie\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-21 14:47 - 2015-01-21 14:47 - 01707939 _____ (Thisisu) C:\Users\Stephanie\Desktop\JRT(1).exe
2015-01-21 14:34 - 2015-01-21 14:34 - 00032585 _____ () C:\Users\Stephanie\Downloads\Result.txt
2015-01-21 14:31 - 2015-01-21 14:32 - 00401920 _____ (Farbar) C:\Users\Stephanie\Downloads\MiniToolBox.exe
2015-01-21 04:28 - 2015-01-21 04:28 - 00001479 _____ () C:\Users\Stephanie\Desktop\Install Kaspersky Internet Security version 15.0.1.415.lnk
2015-01-21 03:57 - 2015-01-21 03:58 - 00025771 _____ () C:\Users\Stephanie\Downloads\Addition.txt
2015-01-21 03:55 - 2015-01-27 20:35 - 00036444 _____ () C:\Users\Stephanie\Downloads\FRST.txt
2015-01-21 03:55 - 2015-01-27 20:35 - 00000000 ____D () C:\FRST
2015-01-21 03:55 - 2015-01-21 03:55 - 02126848 _____ (Farbar) C:\Users\Stephanie\Downloads\FRST64.exe
2015-01-20 22:05 - 2015-01-20 22:05 - 01707939 _____ (Thisisu) C:\Users\Stephanie\Downloads\JRT.exe
2015-01-20 22:05 - 2015-01-20 22:05 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:53 - 2015-01-21 15:08 - 00000000 ____D () C:\AdwCleaner
2015-01-20 21:52 - 2015-01-20 21:53 - 02186752 _____ () C:\Users\Stephanie\Downloads\adwcleaner_4.108.exe
2015-01-20 21:39 - 2015-01-21 04:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-20 21:36 - 2015-01-20 21:38 - 196444992 _____ (Kaspersky Lab) C:\Users\Stephanie\Downloads\kts15.0.2.361en_7225.exe
2015-01-20 19:47 - 2015-01-20 19:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-20 19:46 - 2015-01-26 03:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 19:45 - 2015-01-26 03:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 19:44 - 2015-01-20 19:44 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Stephanie\Downloads\spybot-2.4.exe
2015-01-20 17:39 - 2015-01-20 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 17:11 - 2015-01-20 17:11 - 00001079 _____ () C:\Users\Stephanie\Desktop\Kaspersky Security Scan.lnk
2015-01-20 17:11 - 2015-01-20 17:11 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-01-20 17:11 - 2015-01-20 17:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-20 17:11 - 2015-01-20 17:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-20 17:10 - 2015-01-20 17:10 - 00364640 _____ (Kaspersky Lab) C:\Users\Stephanie\Downloads\kss12.0.1.808_6398_6399.exe
2015-01-19 12:49 - 2015-01-27 20:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 12:49 - 2015-01-19 12:49 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 12:49 - 2015-01-19 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 12:48 - 2015-01-26 02:10 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 12:48 - 2015-01-19 12:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Stephanie\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 12:48 - 2015-01-19 12:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 12:48 - 2015-01-19 12:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 12:48 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-19 12:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 12:47 - 2015-01-20 22:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 12:47 - 2015-01-19 12:47 - 04637504 _____ (AVG Technologies) C:\Users\Stephanie\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-19 12:47 - 2015-01-19 12:47 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\MFAData
2015-01-19 12:38 - 2015-01-19 12:38 - 00280768 _____ () C:\Windows\Minidump\011915-27003-01.dmp
2015-01-16 15:02 - 2015-01-16 15:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\58E9643A-E035-1D45-8F80-8495C365477F
2015-01-16 14:57 - 2015-01-16 14:57 - 00001730 _____ () C:\ProgramData\tempimage.bmp
2015-01-14 20:50 - 2015-01-14 20:50 - 00613057 _____ (CMI Limited) C:\Users\Stephanie\AppData\Local\nsb1C32.tmp
2015-01-14 20:25 - 2015-01-15 19:06 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-01-14 20:21 - 2015-01-16 17:33 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-14 20:18 - 2015-01-19 13:14 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.31
2015-01-14 20:18 - 2015-01-14 20:21 - 00000000 ____D () C:\9c041e6f2524c08fd30c6883be
2015-01-14 20:18 - 2015-01-14 20:18 - 00000537 _____ () C:\Windows\KB893803v2.log
2015-01-10 17:49 - 2014-06-20 10:38 - 00072128 _____ () C:\Windows\system32\Drivers\cfwids.sys
2015-01-10 17:49 - 2014-06-20 10:23 - 00523792 _____ () C:\Windows\system32\Drivers\mfefirek.sys
2015-01-10 17:49 - 2014-06-20 10:20 - 00181704 _____ () C:\Windows\system32\Drivers\mfeapfk.sys
2015-01-10 17:40 - 2015-01-10 17:40 - 00282392 _____ () C:\Windows\Minidump\011015-25568-01.dmp
2014-12-29 22:03 - 2015-01-27 20:18 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA.job
2014-12-29 22:03 - 2015-01-26 00:20 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core.job
2014-12-29 22:03 - 2014-12-29 22:03 - 00880784 _____ (Google Inc.) C:\Users\Stephanie\Downloads\chromecastinstaller.exe
2014-12-29 22:03 - 2014-12-29 22:03 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA
2014-12-29 22:03 - 2014-12-29 22:03 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core
2014-12-29 22:03 - 2014-12-29 22:03 - 00001226 _____ () C:\Users\Stephanie\Desktop\Chromecast.lnk
2014-12-29 22:03 - 2014-12-29 22:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-29 22:02 - 2015-01-25 16:47 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-29 22:02 - 2015-01-20 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-29 22:01 - 2015-01-27 20:18 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 22:01 - 2015-01-26 02:14 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 22:01 - 2014-12-29 22:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Google
2014-12-29 22:01 - 2014-12-29 22:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 22:01 - 2014-12-29 22:01 - 00880784 _____ (Google Inc.) C:\Users\Stephanie\Downloads\ChromeSetup.exe
2014-12-29 22:01 - 2014-12-29 22:01 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-29 22:01 - 2014-12-29 22:01 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 20:34 - 2013-07-31 17:56 - 00000000 ____D () C:\Users\Guest
2015-01-27 20:32 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 20:32 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 20:18 - 2010-12-11 10:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E212FC62-636C-45CD-A2CC-9F08A31E0036}
2015-01-26 04:43 - 2012-09-13 20:19 - 00084952 _____ () C:\Windows\system32\Drivers\ab6bf9c35ccd084.sys
2015-01-26 04:31 - 2009-07-14 00:10 - 01169245 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 02:14 - 2010-12-08 19:17 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\SoftThinks
2015-01-26 02:14 - 2010-10-18 12:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-26 02:14 - 2010-10-18 12:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-26 02:14 - 2010-10-18 12:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-26 02:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 02:14 - 2009-07-13 23:51 - 00112954 _____ () C:\Windows\setupact.log
2015-01-26 02:13 - 2010-10-18 13:52 - 00468132 _____ () C:\Windows\PFRO.log
2015-01-26 00:10 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 15:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-20 22:02 - 2012-04-30 09:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 17:19 - 2011-02-02 23:01 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-20 17:19 - 2011-02-02 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-19 13:39 - 2010-10-18 12:28 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-19 13:34 - 2010-12-08 18:22 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Deployment
2015-01-19 13:23 - 2010-10-18 12:21 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-19 13:23 - 2010-10-18 12:21 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-19 13:22 - 2010-10-18 14:45 - 00000000 ____D () C:\Windows\Panther
2015-01-19 13:11 - 2012-12-01 12:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-19 12:38 - 2010-12-18 21:47 - 351547093 _____ () C:\Windows\MEMORY.DMP
2015-01-19 12:38 - 2010-12-18 21:47 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:31 - 2011-11-27 16:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-14 20:30 - 2014-08-29 17:09 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-01-14 20:50 - 2015-01-14 20:50 - 0613057 _____ (CMI Limited) C:\Users\Stephanie\AppData\Local\nsb1C32.tmp
2011-02-02 23:05 - 2011-02-02 23:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-01-16 14:57 - 2015-01-16 14:57 - 0001730 _____ () C:\ProgramData\tempimage.bmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-01-26 04:35

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 28 January 2015 - 05:10 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).


Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 28 January 2015 - 12:55 PM

It wouldn't load the advanced monitoring driver. I was able to skip and still run a scan though. the following is the log. Thanks

 

10:42:16.0380 0x0904  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
10:42:30.0100 0x0904  ============================================================
10:42:30.0100 0x0904  Current date / time: 2015/01/28 10:42:30.0100
10:42:30.0100 0x0904  SystemInfo:
10:42:30.0100 0x0904  
10:42:30.0100 0x0904  OS Version: 6.1.7600 ServicePack: 0.0
10:42:30.0100 0x0904  Product type: Workstation
10:42:30.0101 0x0904  ComputerName: STEPH-PC
10:42:30.0101 0x0904  UserName: Stephanie
10:42:30.0101 0x0904  Windows directory: C:\Windows
10:42:30.0101 0x0904  System windows directory: C:\Windows
10:42:30.0101 0x0904  Running under WOW64
10:42:30.0101 0x0904  Processor architecture: Intel x64
10:42:30.0101 0x0904  Number of processors: 2
10:42:30.0101 0x0904  Page size: 0x1000
10:42:30.0101 0x0904  Boot type: Normal boot
10:42:30.0101 0x0904  ============================================================
10:42:33.0563 0x0904  KLMD registered as C:\Windows\system32\drivers\28073813.sys
10:42:54.0195 0x0904  System UUID: {ECA7C01B-F4B2-CCC4-7527-18BD16210A09}
10:42:54.0821 0x0904  !crdlk
10:42:55.0071 0x0904  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
10:42:55.0095 0x0904  ============================================================
10:42:55.0095 0x0904  \Device\Harddisk0\DR0:
10:42:55.0096 0x0904  MBR partitions:
10:42:55.0096 0x0904  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
10:42:55.0096 0x0904  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236AFAB0
10:42:55.0096 0x0904  ============================================================
10:42:55.0118 0x0904  C: <-> \Device\Harddisk0\DR0\Partition2
10:42:55.0118 0x0904  ============================================================
10:42:55.0119 0x0904  Initialize success
10:42:55.0119 0x0904  ============================================================
10:43:27.0091 0x130c  ============================================================
10:43:27.0092 0x130c  Scan started
10:43:27.0092 0x130c  Mode: Manual; SigCheck; TDLFS; 
10:43:27.0092 0x130c  ============================================================
10:43:27.0092 0x130c  KSN ping started
10:43:29.0570 0x130c  KSN ping finished: true
10:43:31.0016 0x130c  ================ Scan system memory ========================
10:43:31.0016 0x130c  System memory - ok
10:43:31.0017 0x130c  ================ Scan services =============================
10:43:31.0233 0x130c  [ 969C91060CBB5D17CB8440B5F78B4C51, 9B5754DDACA15B11DB4D22B0473360C72CFA854AD4AD57546AF3B3C63AAE7759 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
10:43:31.0400 0x130c  1394ohci - ok
10:43:31.0426 0x130c  Suspicious service (NoAccess): ab6bf9c35ccd084
10:43:31.0480 0x130c  [ 1F4AD48685B9CB32648B04DD4A43E64E, 3AE77CDD7196EF9C3CE454B030FE549D26D86108D70590EBA203B48F1250F9EA ] ab6bf9c35ccd084 C:\Windows\System32\Drivers\ab6bf9c35ccd084.sys
10:43:31.0480 0x130c  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\ab6bf9c35ccd084.sys. md5: 1F4AD48685B9CB32648B04DD4A43E64E, sha256: 3AE77CDD7196EF9C3CE454B030FE549D26D86108D70590EBA203B48F1250F9EA
10:43:31.0544 0x130c  ab6bf9c35ccd084 - detected Rootkit.Win32.Necurs.gen ( 0 )
10:43:34.0410 0x130c  ab6bf9c35ccd084 ( Rootkit.Win32.Necurs.gen ) - infected
10:43:34.0410 0x130c  Force sending object to P2P due to detect: ab6bf9c35ccd084
10:43:37.0136 0x130c  Object send P2P result: true
10:43:39.0756 0x130c  [ 794FF35015209B9D44F1360C42C9776D, 4CF2C3968A4A3A5211BAD5F6D9E7A70C18FAE0BF57F45413711AB0C974C419EA ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
10:43:39.0806 0x130c  ACPI - ok
10:43:39.0893 0x130c  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
10:43:39.0998 0x130c  AcpiPmi - ok
10:43:40.0168 0x130c  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:43:40.0193 0x130c  AdobeARMservice - ok
10:43:40.0265 0x130c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:43:40.0322 0x130c  adp94xx - ok
10:43:40.0373 0x130c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:43:40.0410 0x130c  adpahci - ok
10:43:40.0451 0x130c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:43:40.0484 0x130c  adpu320 - ok
10:43:40.0559 0x130c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:43:40.0739 0x130c  AeLookupSvc - ok
10:43:40.0830 0x130c  [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2, BBB1FB1A80D9641CB7965A75B8CB8094F0876E9631A93E6BDCC53A016EB48D05 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:43:40.0955 0x130c  AERTFilters - ok
10:43:41.0058 0x130c  [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD             C:\Windows\system32\drivers\afd.sys
10:43:41.0162 0x130c  AFD - ok
10:43:41.0298 0x130c  [ 4F2688F7399DC9A8C3078887E359095E, 773F851D26855689AB43F6D4ACC5F832321C45BDA3A1B321F390DDF41B99590C ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
10:43:41.0360 0x130c  AffinegyService - ok
10:43:41.0415 0x130c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
10:43:41.0442 0x130c  agp440 - ok
10:43:41.0498 0x130c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:43:41.0586 0x130c  ALG - ok
10:43:41.0643 0x130c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
10:43:41.0669 0x130c  aliide - ok
10:43:41.0754 0x130c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
10:43:41.0778 0x130c  amdide - ok
10:43:41.0822 0x130c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:43:41.0929 0x130c  AmdK8 - ok
10:43:42.0140 0x130c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:43:42.0184 0x130c  AmdPPM - ok
10:43:42.0240 0x130c  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:43:42.0275 0x130c  amdsata - ok
10:43:42.0320 0x130c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:43:42.0358 0x130c  amdsbs - ok
10:43:42.0409 0x130c  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:43:42.0433 0x130c  amdxata - ok
10:43:42.0478 0x130c  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
10:43:42.0590 0x130c  AppID - ok
10:43:42.0652 0x130c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:43:42.0743 0x130c  AppIDSvc - ok
10:43:42.0802 0x130c  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
10:43:42.0870 0x130c  Appinfo - ok
10:43:42.0996 0x130c  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:43:43.0017 0x130c  Apple Mobile Device - ok
10:43:43.0061 0x130c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:43:43.0089 0x130c  arc - ok
10:43:43.0119 0x130c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:43:43.0146 0x130c  arcsas - ok
10:43:43.0199 0x130c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:43.0298 0x130c  AsyncMac - ok
10:43:43.0351 0x130c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
10:43:43.0378 0x130c  atapi - ok
10:43:43.0456 0x130c  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:43:43.0608 0x130c  AudioEndpointBuilder - ok
10:43:43.0685 0x130c  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:43:43.0783 0x130c  AudioSrv - ok
10:43:43.0847 0x130c  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:43:43.0921 0x130c  AxInstSV - ok
10:43:43.0986 0x130c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:43:44.0082 0x130c  b06bdrv - ok
10:43:44.0123 0x130c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:43:44.0201 0x130c  b57nd60a - ok
10:43:44.0268 0x130c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:43:44.0307 0x130c  BDESVC - ok
10:43:44.0350 0x130c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:43:44.0446 0x130c  Beep - ok
10:43:44.0532 0x130c  [ 9BB84C554D7429F0A2CDF4EA1836F233, 36E5D815C752B726028D8EE4A49997226C6F259FF7E07DA8C6A115F697426231 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
10:43:44.0580 0x130c  Belkin Local Backup Service - detected UnsignedFile.Multi.Generic ( 1 )
10:43:47.0346 0x130c  Detect skipped due to KSN trusted
10:43:47.0346 0x130c  Belkin Local Backup Service - ok
10:43:47.0421 0x130c  [ E62A04D615A8CAC83601E1F07C010D3C, BA9E08EE979C3898DF573B61514B3EAA6E5DAAA182DA3618BFA1BD94ABDA0266 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
10:43:47.0451 0x130c  Belkin Network USB Helper - detected UnsignedFile.Multi.Generic ( 1 )
10:43:50.0156 0x130c  Detect skipped due to KSN trusted
10:43:50.0156 0x130c  Belkin Network USB Helper - ok
10:43:50.0279 0x130c  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
10:43:50.0420 0x130c  BFE - ok
10:43:50.0539 0x130c  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
10:43:50.0719 0x130c  BITS - ok
10:43:50.0769 0x130c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:43:50.0807 0x130c  blbdrive - ok
10:43:50.0913 0x130c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:43:50.0963 0x130c  Bonjour Service - ok
10:43:51.0060 0x130c  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:43:51.0153 0x130c  bowser - ok
10:43:51.0226 0x130c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:43:51.0281 0x130c  BrFiltLo - ok
10:43:51.0318 0x130c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:43:51.0348 0x130c  BrFiltUp - ok
10:43:51.0436 0x130c  [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser         C:\Windows\System32\browser.dll
10:43:51.0510 0x130c  Browser - ok
10:43:51.0567 0x130c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:43:51.0677 0x130c  Brserid - ok
10:43:51.0730 0x130c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:43:51.0784 0x130c  BrSerWdm - ok
10:43:51.0836 0x130c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:43:51.0897 0x130c  BrUsbMdm - ok
10:43:51.0937 0x130c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:43:51.0982 0x130c  BrUsbSer - ok
10:43:52.0023 0x130c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:43:52.0079 0x130c  BTHMODEM - ok
10:43:52.0167 0x130c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:43:52.0258 0x130c  bthserv - ok
10:43:52.0353 0x130c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:43:52.0449 0x130c  cdfs - ok
10:43:52.0509 0x130c  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:43:52.0540 0x130c  cdrom - ok
10:43:52.0596 0x130c  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:43:52.0699 0x130c  CertPropSvc - ok
10:43:52.0734 0x130c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:43:52.0768 0x130c  circlass - ok
10:43:52.0835 0x130c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
10:43:52.0890 0x130c  CLFS - ok
10:43:53.0115 0x130c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:53.0139 0x130c  clr_optimization_v2.0.50727_32 - ok
10:43:53.0221 0x130c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:43:53.0245 0x130c  clr_optimization_v2.0.50727_64 - ok
10:43:53.0331 0x130c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:53.0371 0x130c  clr_optimization_v4.0.30319_32 - ok
10:43:53.0429 0x130c  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:43:53.0457 0x130c  clr_optimization_v4.0.30319_64 - ok
10:43:53.0503 0x130c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:43:53.0549 0x130c  CmBatt - ok
10:43:53.0610 0x130c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
10:43:53.0637 0x130c  cmdide - ok
10:43:53.0763 0x130c  [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG             C:\Windows\system32\Drivers\cng.sys
10:43:53.0835 0x130c  CNG - ok
10:43:53.0880 0x130c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:43:53.0905 0x130c  Compbatt - ok
10:43:53.0963 0x130c  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:43:54.0015 0x130c  CompositeBus - ok
10:43:54.0070 0x130c  COMSysApp - ok
10:43:54.0138 0x130c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:43:54.0167 0x130c  crcdisk - ok
10:43:54.0266 0x130c  [ F02786B66375292E58C8777082D4396D, EE7BCD10C014A16A06619EFD47226FAA1460A67CD7687EA8C38D63C71DBCD51B ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:43:54.0340 0x130c  CryptSvc - ok
10:43:54.0407 0x130c  [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:43:54.0477 0x130c  CtClsFlt - ok
10:43:54.0565 0x130c  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:43:54.0684 0x130c  DcomLaunch - ok
10:43:54.0759 0x130c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:43:54.0882 0x130c  defragsvc - ok
10:43:54.0966 0x130c  [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:43:55.0015 0x130c  DfsC - ok
10:43:55.0101 0x130c  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:43:55.0217 0x130c  Dhcp - ok
10:43:55.0266 0x130c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:43:55.0360 0x130c  discache - ok
10:43:55.0427 0x130c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:43:55.0454 0x130c  Disk - ok
10:43:55.0523 0x130c  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:43:55.0571 0x130c  Dnscache - ok
10:43:55.0645 0x130c  [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
10:43:55.0668 0x130c  DockLoginService - detected UnsignedFile.Multi.Generic ( 1 )
10:43:58.0372 0x130c  Detect skipped due to KSN trusted
10:43:58.0372 0x130c  DockLoginService - ok
10:43:58.0465 0x130c  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:43:58.0577 0x130c  dot3svc - ok
10:43:58.0655 0x130c  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
10:43:58.0773 0x130c  DPS - ok
10:43:58.0832 0x130c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:43:58.0880 0x130c  drmkaud - ok
10:43:58.0985 0x130c  [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:43:59.0052 0x130c  DXGKrnl - ok
10:43:59.0117 0x130c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:43:59.0210 0x130c  EapHost - ok
10:43:59.0430 0x130c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:43:59.0692 0x130c  ebdrv - ok
10:43:59.0780 0x130c  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS             C:\Windows\System32\lsass.exe
10:43:59.0859 0x130c  EFS - ok
10:43:59.0955 0x130c  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:44:00.0095 0x130c  ehRecvr - ok
10:44:00.0146 0x130c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
10:44:00.0237 0x130c  ehSched - ok
10:44:00.0316 0x130c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:44:00.0379 0x130c  elxstor - ok
10:44:00.0428 0x130c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
10:44:00.0501 0x130c  ErrDev - ok
10:44:00.0638 0x130c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:44:00.0791 0x130c  EventSystem - ok
10:44:00.0838 0x130c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:44:00.0966 0x130c  exfat - ok
10:44:01.0020 0x130c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:44:01.0112 0x130c  fastfat - ok
10:44:01.0172 0x130c  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
10:44:01.0288 0x130c  Fax - ok
10:44:01.0347 0x130c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:44:01.0395 0x130c  fdc - ok
10:44:01.0456 0x130c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:44:01.0538 0x130c  fdPHost - ok
10:44:01.0579 0x130c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:44:01.0678 0x130c  FDResPub - ok
10:44:01.0742 0x130c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:44:01.0777 0x130c  FileInfo - ok
10:44:01.0816 0x130c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:44:01.0908 0x130c  Filetrace - ok
10:44:01.0946 0x130c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:44:01.0992 0x130c  flpydisk - ok
10:44:02.0055 0x130c  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:44:02.0102 0x130c  FltMgr - ok
10:44:02.0221 0x130c  [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache       C:\Windows\system32\FntCache.dll
10:44:02.0388 0x130c  FontCache - ok
10:44:02.0462 0x130c  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:44:02.0482 0x130c  FontCache3.0.0.0 - ok
10:44:02.0524 0x130c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:44:02.0549 0x130c  FsDepends - ok
10:44:02.0595 0x130c  [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:44:02.0595 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: D3E3F93D67821A2DB2B3D9FAC2DC2064, sha256: 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404
10:44:02.0618 0x130c  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
10:44:05.0107 0x130c  Detect skipped due to KSN trusted
10:44:05.0107 0x130c  Fs_Rec - ok
10:44:05.0187 0x130c  [ AE87BA80D0EC3B57126ED2CDC15B24ED, 7E0EA3CDB78054D9A4E3B5142305943F2914536D80B8FC363414C8838D51D56C ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:44:05.0224 0x130c  fvevol - ok
10:44:05.0262 0x130c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:44:05.0263 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
10:44:05.0286 0x130c  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
10:44:07.0979 0x130c  Detect skipped due to KSN trusted
10:44:07.0979 0x130c  gagp30kx - ok
10:44:08.0075 0x130c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:44:08.0076 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
10:44:08.0098 0x130c  GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
10:44:10.0563 0x130c  Detect skipped due to KSN trusted
10:44:10.0563 0x130c  GEARAspiWDM - ok
10:44:10.0626 0x130c  [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
10:44:10.0649 0x130c  GoToAssist - ok
10:44:10.0790 0x130c  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:44:10.0901 0x130c  gpsvc - ok
10:44:10.0978 0x130c  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:44:11.0002 0x130c  gupdate - ok
10:44:11.0025 0x130c  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:44:11.0044 0x130c  gupdatem - ok
10:44:11.0094 0x130c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:44:11.0094 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
10:44:11.0117 0x130c  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
10:44:13.0857 0x130c  Detect skipped due to KSN trusted
10:44:13.0857 0x130c  hcw85cir - ok
10:44:13.0927 0x130c  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:44:13.0928 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0A49913402747A0B67DE940FB42CBDBB, sha256: 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83
10:44:13.0953 0x130c  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
10:44:16.0419 0x130c  Detect skipped due to KSN trusted
10:44:16.0419 0x130c  HDAudBus - ok
10:44:16.0463 0x130c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:44:16.0464 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
10:44:16.0473 0x130c  HidBatt - detected LockedFile.Multi.Generic ( 1 )
10:44:18.0956 0x130c  Detect skipped due to KSN trusted
10:44:18.0956 0x130c  HidBatt - ok
10:44:19.0013 0x130c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:44:19.0014 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
10:44:19.0022 0x130c  HidBth - detected LockedFile.Multi.Generic ( 1 )
10:44:21.0474 0x130c  Detect skipped due to KSN trusted
10:44:21.0474 0x130c  HidBth - ok
10:44:21.0559 0x130c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:44:21.0560 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
10:44:21.0579 0x130c  HidIr - detected LockedFile.Multi.Generic ( 1 )
10:44:24.0065 0x130c  Detect skipped due to KSN trusted
10:44:24.0066 0x130c  HidIr - ok
10:44:24.0151 0x130c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
10:44:24.0238 0x130c  hidserv - ok
10:44:24.0303 0x130c  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:44:24.0303 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: B3BF6B5B50006DEF50B66306D99FCF6F, sha256: D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417
10:44:24.0325 0x130c  HidUsb - detected LockedFile.Multi.Generic ( 1 )
10:44:27.0016 0x130c  Detect skipped due to KSN trusted
10:44:27.0016 0x130c  HidUsb - ok
10:44:27.0082 0x130c  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:44:27.0165 0x130c  hkmsvc - ok
10:44:27.0243 0x130c  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:44:27.0335 0x130c  HomeGroupListener - ok
10:44:27.0389 0x130c  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:44:27.0454 0x130c  HomeGroupProvider - ok
10:44:27.0516 0x130c  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
10:44:27.0516 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886D440058F203EBA0E1825E4355914, sha256: BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070
10:44:27.0531 0x130c  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
10:44:29.0998 0x130c  Detect skipped due to KSN trusted
10:44:29.0998 0x130c  HpSAMD - ok
10:44:30.0089 0x130c  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:44:30.0089 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: CEE049CAC4EFA7F4E1E4AD014414A5D4, sha256: 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D
10:44:30.0114 0x130c  HTTP - detected LockedFile.Multi.Generic ( 1 )
10:44:32.0575 0x130c  Detect skipped due to KSN trusted
10:44:32.0575 0x130c  HTTP - ok
10:44:32.0612 0x130c  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:44:32.0612 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: F17766A19145F111856378DF337A5D79, sha256: FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62
10:44:32.0620 0x130c  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
10:44:35.0307 0x130c  Detect skipped due to KSN trusted
10:44:35.0308 0x130c  hwpolicy - ok
10:44:35.0368 0x130c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:44:35.0369 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
10:44:35.0387 0x130c  i8042prt - detected LockedFile.Multi.Generic ( 1 )
10:44:38.0105 0x130c  Detect skipped due to KSN trusted
10:44:38.0105 0x130c  i8042prt - ok
10:44:38.0192 0x130c  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:44:38.0193 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: B75E45C564E944A2657167D197AB29DA, sha256: 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24
10:44:38.0203 0x130c  iaStorV - detected LockedFile.Multi.Generic ( 1 )
10:44:40.0659 0x130c  Detect skipped due to KSN trusted
10:44:40.0659 0x130c  iaStorV - ok
10:44:40.0764 0x130c  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:44:40.0837 0x130c  idsvc - ok
10:44:41.0384 0x130c  [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:44:41.0385 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: 677AA5991026A65ADA128C4B59CF2BAD, sha256: 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00
10:44:41.0435 0x130c  igfx - detected LockedFile.Multi.Generic ( 1 )
10:44:43.0906 0x130c  Detect skipped due to KSN trusted
10:44:43.0909 0x130c  igfx - ok
10:44:43.0968 0x130c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:44:43.0968 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
10:44:43.0987 0x130c  iirsp - detected LockedFile.Multi.Generic ( 1 )
10:44:46.0735 0x130c  Detect skipped due to KSN trusted
10:44:46.0735 0x130c  iirsp - ok
10:44:46.0842 0x130c  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
10:44:47.0014 0x130c  IKEEXT - ok
10:44:47.0171 0x130c  [ 0A5CCF2A30B7ED158F616728D3268FB1, 38B5BD835EE63363CE8C80FD4384B59DC983075CE6AC98EF305F50EB3B5E62BF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:44:47.0171 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 0A5CCF2A30B7ED158F616728D3268FB1, sha256: 38B5BD835EE63363CE8C80FD4384B59DC983075CE6AC98EF305F50EB3B5E62BF
10:44:47.0183 0x130c  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
10:44:49.0932 0x130c  Detect skipped due to KSN trusted
10:44:49.0932 0x130c  IntcAzAudAddService - ok
10:44:49.0986 0x130c  [ 88A20FA54C73DED4E8DAC764E9130AE9, BBD9C8D12063F0A464FE0C48C6913A772EF5A5DCB8A00EBD37E494DCB752A5FF ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
10:44:49.0987 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IntcHdmi.sys. md5: 88A20FA54C73DED4E8DAC764E9130AE9, sha256: BBD9C8D12063F0A464FE0C48C6913A772EF5A5DCB8A00EBD37E494DCB752A5FF
10:44:49.0994 0x130c  IntcHdmiAddService - detected LockedFile.Multi.Generic ( 1 )
10:44:52.0446 0x130c  Detect skipped due to KSN trusted
10:44:52.0446 0x130c  IntcHdmiAddService - ok
10:44:52.0493 0x130c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
10:44:52.0494 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
10:44:52.0506 0x130c  intelide - detected LockedFile.Multi.Generic ( 1 )
10:44:55.0242 0x130c  Detect skipped due to KSN trusted
10:44:55.0242 0x130c  intelide - ok
10:44:55.0288 0x130c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:44:55.0288 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
10:44:55.0296 0x130c  intelppm - detected LockedFile.Multi.Generic ( 1 )
10:44:57.0762 0x130c  Detect skipped due to KSN trusted
10:44:57.0762 0x130c  intelppm - ok
10:44:57.0838 0x130c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:44:57.0931 0x130c  IPBusEnum - ok
10:44:57.0994 0x130c  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:44:57.0994 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722DD294DF62483CECAAE6E094B4D695, sha256: 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0
10:44:58.0002 0x130c  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
10:45:00.0650 0x130c  Detect skipped due to KSN trusted
10:45:00.0650 0x130c  IpFilterDriver - ok
10:45:00.0778 0x130c  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:45:00.0888 0x130c  iphlpsvc - ok
10:45:00.0925 0x130c  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:45:00.0926 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: E2B4A4494DB7CB9B89B55CA268C337C5, sha256: C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB
10:45:00.0937 0x130c  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
10:45:03.0568 0x130c  Detect skipped due to KSN trusted
10:45:03.0568 0x130c  IPMIDRV - ok
10:45:03.0636 0x130c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:45:03.0636 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
10:45:03.0644 0x130c  IPNAT - detected LockedFile.Multi.Generic ( 1 )
10:45:06.0333 0x130c  Detect skipped due to KSN trusted
10:45:06.0333 0x130c  IPNAT - ok
10:45:06.0424 0x130c  [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:45:06.0483 0x130c  iPod Service - ok
10:45:06.0527 0x130c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:45:06.0528 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
10:45:06.0536 0x130c  IRENUM - detected LockedFile.Multi.Generic ( 1 )
10:45:09.0154 0x130c  Detect skipped due to KSN trusted
10:45:09.0154 0x130c  IRENUM - ok
10:45:09.0203 0x130c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
10:45:09.0204 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
10:45:09.0220 0x130c  isapnp - detected LockedFile.Multi.Generic ( 1 )
10:45:11.0913 0x130c  Detect skipped due to KSN trusted
10:45:11.0913 0x130c  isapnp - ok
10:45:11.0971 0x130c  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:45:11.0972 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: FA4D2557DE56D45B0A346F93564BE6E1, sha256: 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C
10:45:11.0983 0x130c  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
10:45:14.0461 0x130c  Detect skipped due to KSN trusted
10:45:14.0461 0x130c  iScsiPrt - ok
10:45:14.0523 0x130c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:45:14.0523 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
10:45:14.0534 0x130c  kbdclass - detected LockedFile.Multi.Generic ( 1 )
10:45:17.0247 0x130c  Detect skipped due to KSN trusted
10:45:17.0247 0x130c  kbdclass - ok
10:45:17.0309 0x130c  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:45:17.0310 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6DEF98F8541E1B5DCEB2C822A11F7323, sha256: F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D
10:45:17.0333 0x130c  kbdhid - detected LockedFile.Multi.Generic ( 1 )
10:45:19.0956 0x130c  Detect skipped due to KSN trusted
10:45:19.0956 0x130c  kbdhid - ok
10:45:20.0004 0x130c  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso          C:\Windows\system32\lsass.exe
10:45:20.0030 0x130c  KeyIso - ok
10:45:20.0085 0x130c  [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:45:20.0086 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 4F4B5FDE429416877DE7143044582EB5, sha256: A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99
10:45:20.0093 0x130c  KSecDD - detected LockedFile.Multi.Generic ( 1 )
10:45:22.0560 0x130c  Detect skipped due to KSN trusted
10:45:22.0560 0x130c  KSecDD - ok
10:45:22.0673 0x130c  [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:45:22.0673 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 6F40465A44ECDC1731BEFAFEC5BDD03C, sha256: 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80
10:45:22.0692 0x130c  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
10:45:25.0186 0x130c  Detect skipped due to KSN trusted
10:45:25.0187 0x130c  KSecPkg - ok
10:45:25.0332 0x130c  [ EFB2614E9142FA4427CE82EE6DC0CA7B, DE67CED09EA1A3B10BF0F3B22B2675844122783AE2523CE01E0BDE2691FC684A ] KSS             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
10:45:25.0366 0x130c  KSS - ok
10:45:25.0421 0x130c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:45:25.0421 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
10:45:25.0429 0x130c  ksthunk - detected LockedFile.Multi.Generic ( 1 )
10:45:28.0120 0x130c  Detect skipped due to KSN trusted
10:45:28.0120 0x130c  ksthunk - ok
10:45:28.0194 0x130c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:45:28.0307 0x130c  KtmRm - ok
10:45:28.0401 0x130c  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:45:28.0488 0x130c  LanmanServer - ok
10:45:28.0541 0x130c  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:45:28.0629 0x130c  LanmanWorkstation - ok
10:45:28.0698 0x130c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:45:28.0699 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
10:45:28.0724 0x130c  lltdio - detected LockedFile.Multi.Generic ( 1 )
10:45:31.0498 0x130c  Detect skipped due to KSN trusted
10:45:31.0498 0x130c  lltdio - ok
10:45:31.0584 0x130c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:45:31.0676 0x130c  lltdsvc - ok
10:45:31.0750 0x130c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:45:31.0815 0x130c  lmhosts - ok
10:45:31.0867 0x130c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:45:31.0868 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
10:45:31.0878 0x130c  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
10:45:34.0663 0x130c  Detect skipped due to KSN trusted
10:45:34.0663 0x130c  LSI_FC - ok
10:45:34.0710 0x130c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:45:34.0710 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
10:45:34.0720 0x130c  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
10:45:37.0406 0x130c  Detect skipped due to KSN trusted
10:45:37.0406 0x130c  LSI_SAS - ok
10:45:37.0449 0x130c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:45:37.0450 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
10:45:37.0617 0x130c  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
10:45:40.0303 0x130c  Detect skipped due to KSN trusted
10:45:40.0303 0x130c  LSI_SAS2 - ok
10:45:40.0352 0x130c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:45:40.0352 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
10:45:40.0363 0x130c  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
10:45:42.0809 0x130c  Detect skipped due to KSN trusted
10:45:42.0809 0x130c  LSI_SCSI - ok
10:45:42.0868 0x130c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:45:42.0868 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
10:45:42.0882 0x130c  luafv - detected LockedFile.Multi.Generic ( 1 )
10:45:45.0622 0x130c  Detect skipped due to KSN trusted
10:45:45.0622 0x130c  luafv - ok
10:45:45.0704 0x130c  [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:45:45.0723 0x130c  MBAMProtector - ok
10:45:45.0887 0x130c  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
10:45:46.0012 0x130c  MBAMScheduler - ok
10:45:46.0097 0x130c  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
10:45:46.0170 0x130c  MBAMService - ok
10:45:46.0221 0x130c  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
10:45:46.0244 0x130c  MBAMSwissArmy - ok
10:45:46.0277 0x130c  [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
10:45:46.0298 0x130c  MBAMWebAccessControl - ok
10:45:46.0359 0x130c  McAPExe - ok
10:45:46.0437 0x130c  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:45:46.0488 0x130c  Mcx2Svc - ok
10:45:46.0553 0x130c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:45:46.0554 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
10:45:46.0575 0x130c  megasas - detected LockedFile.Multi.Generic ( 1 )
10:45:49.0319 0x130c  Detect skipped due to KSN trusted
10:45:49.0319 0x130c  megasas - ok
10:45:49.0365 0x130c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:45:49.0366 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
10:45:49.0376 0x130c  MegaSR - detected LockedFile.Multi.Generic ( 1 )
10:45:51.0987 0x130c  Detect skipped due to KSN trusted
10:45:51.0987 0x130c  MegaSR - ok
10:45:52.0066 0x130c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:45:52.0138 0x130c  MMCSS - ok
10:45:52.0187 0x130c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:45:52.0187 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
10:45:52.0208 0x130c  Modem - detected LockedFile.Multi.Generic ( 1 )
10:45:54.0964 0x130c  Detect skipped due to KSN trusted
10:45:54.0964 0x130c  Modem - ok
10:45:55.0007 0x130c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:45:55.0008 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
10:45:55.0019 0x130c  monitor - detected LockedFile.Multi.Generic ( 1 )
10:45:57.0473 0x130c  Detect skipped due to KSN trusted
10:45:57.0473 0x130c  monitor - ok
10:45:57.0520 0x130c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:45:57.0520 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
10:45:57.0527 0x130c  mouclass - detected LockedFile.Multi.Generic ( 1 )
10:46:00.0135 0x130c  Detect skipped due to KSN trusted
10:46:00.0135 0x130c  mouclass - ok
10:46:00.0184 0x130c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:46:00.0184 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
10:46:00.0195 0x130c  mouhid - detected LockedFile.Multi.Generic ( 1 )
10:46:02.0900 0x130c  Detect skipped due to KSN trusted
10:46:02.0900 0x130c  mouhid - ok
10:46:02.0950 0x130c  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:46:02.0951 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 791AF66C4D0E7C90A3646066386FB571, sha256: BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42
10:46:02.0959 0x130c  mountmgr - detected LockedFile.Multi.Generic ( 1 )
10:46:05.0423 0x130c  Detect skipped due to KSN trusted
10:46:05.0423 0x130c  mountmgr - ok
10:46:05.0505 0x130c  [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:46:05.0533 0x130c  MozillaMaintenance - ok
10:46:05.0574 0x130c  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
10:46:05.0575 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609D1D87649ECC19796F4D76D4C15CEA, sha256: 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00
10:46:05.0583 0x130c  mpio - detected LockedFile.Multi.Generic ( 1 )
10:46:08.0355 0x130c  Detect skipped due to KSN trusted
10:46:08.0355 0x130c  mpio - ok
10:46:08.0436 0x130c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:46:08.0437 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
10:46:08.0444 0x130c  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
10:46:10.0910 0x130c  Detect skipped due to KSN trusted
10:46:10.0910 0x130c  mpsdrv - ok
10:46:11.0000 0x130c  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:46:11.0148 0x130c  MpsSvc - ok
10:46:11.0219 0x130c  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:46:11.0219 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261BB51D96D6FCBAC20C810183C, sha256: 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D
10:46:11.0233 0x130c  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
10:46:13.0931 0x130c  Detect skipped due to KSN trusted
10:46:13.0931 0x130c  MRxDAV - ok
10:46:14.0000 0x130c  [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:46:14.0001 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 040D62A9D8AD28922632137ACDD984F2, sha256: D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594
10:46:14.0010 0x130c  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
10:46:16.0775 0x130c  Detect skipped due to KSN trusted
10:46:16.0775 0x130c  mrxsmb - ok
10:46:16.0872 0x130c  [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:46:16.0873 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: F0067552F8F9B33D7C59403AB808A3CB, sha256: 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02
10:46:16.0909 0x130c  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
10:46:19.0357 0x130c  Detect skipped due to KSN trusted
10:46:19.0357 0x130c  mrxsmb10 - ok
10:46:19.0405 0x130c  [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:46:19.0406 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 3C142D31DE9F2F193218A53FE2632051, sha256: 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75
10:46:19.0413 0x130c  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
10:46:22.0159 0x130c  Detect skipped due to KSN trusted
10:46:22.0159 0x130c  mrxsmb20 - ok
10:46:22.0208 0x130c  [ BCCF16D5FB1109162380E3E28DC9E4E5, E27253A4AD6A82A2F47FD36EC849EEBFA30538C97E1A3FF39FEFB34D3F908C9D ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
10:46:22.0209 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msahci.sys. md5: BCCF16D5FB1109162380E3E28DC9E4E5, sha256: E27253A4AD6A82A2F47FD36EC849EEBFA30538C97E1A3FF39FEFB34D3F908C9D
10:46:22.0217 0x130c  msahci - detected LockedFile.Multi.Generic ( 1 )
10:46:24.0675 0x130c  Detect skipped due to KSN trusted
10:46:24.0675 0x130c  msahci - ok
10:46:24.0740 0x130c  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
10:46:24.0741 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8D27B597229AED79430FB9DB3BCBFBD0, sha256: 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248
10:46:24.0751 0x130c  msdsm - detected LockedFile.Multi.Generic ( 1 )
10:46:27.0214 0x130c  Detect skipped due to KSN trusted
10:46:27.0214 0x130c  msdsm - ok
10:46:27.0299 0x130c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:46:27.0366 0x130c  MSDTC - ok
10:46:27.0448 0x130c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:46:27.0448 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
10:46:27.0470 0x130c  Msfs - detected LockedFile.Multi.Generic ( 1 )
10:46:30.0976 0x130c  Detect skipped due to KSN trusted
10:46:30.0976 0x130c  Msfs - ok
10:46:31.0027 0x130c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:46:31.0027 0x130c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
10:46:31.0035 0x130c  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
10:46:33.0505 0x130c  Detect skipped due to KSN trusted
10:46:33.0505 0x130c  mshidkmdf - ok
10:46:33.0556 0x130c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
10:46:33.0556 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
10:46:33.0564 0x130c  msisadrv - detected LockedFile.Multi.Generic ( 1 )
10:46:36.0322 0x130c  Detect skipped due to KSN trusted
10:46:36.0322 0x130c  msisadrv - ok
10:46:36.0404 0x130c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:46:36.0510 0x130c  MSiSCSI - ok
10:46:36.0535 0x130c  msiserver - ok
10:46:36.0616 0x130c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:46:36.0616 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
10:46:36.0624 0x130c  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
10:46:39.0365 0x130c  Detect skipped due to KSN trusted
10:46:39.0365 0x130c  MSKSSRV - ok
10:46:39.0409 0x130c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:46:39.0409 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
10:46:39.0417 0x130c  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
10:46:42.0105 0x130c  Detect skipped due to KSN trusted
10:46:42.0105 0x130c  MSPCLOCK - ok
10:46:42.0164 0x130c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:46:42.0164 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
10:46:42.0172 0x130c  MSPQM - detected LockedFile.Multi.Generic ( 1 )
10:46:44.0866 0x130c  Detect skipped due to KSN trusted
10:46:44.0866 0x130c  MSPQM - ok
10:46:44.0934 0x130c  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:46:44.0935 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 89CB141AA8616D8C6A4610FA26C60964, sha256: 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC
10:46:44.0942 0x130c  MsRPC - detected LockedFile.Multi.Generic ( 1 )
10:46:47.0633 0x130c  Detect skipped due to KSN trusted
10:46:47.0633 0x130c  MsRPC - ok
10:46:47.0741 0x130c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:46:47.0742 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
10:46:47.0750 0x130c  mssmbios - detected LockedFile.Multi.Generic ( 1 )
10:46:50.0447 0x130c  Detect skipped due to KSN trusted
10:46:50.0447 0x130c  mssmbios - ok
10:46:50.0489 0x130c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:46:50.0489 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
10:46:50.0497 0x130c  MSTEE - detected LockedFile.Multi.Generic ( 1 )
10:46:53.0118 0x130c  Detect skipped due to KSN trusted
10:46:53.0118 0x130c  MSTEE - ok
10:46:53.0165 0x130c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:46:53.0166 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
10:46:53.0173 0x130c  MTConfig - detected LockedFile.Multi.Generic ( 1 )
10:46:55.0905 0x130c  Detect skipped due to KSN trusted
10:46:55.0906 0x130c  MTConfig - ok
10:46:55.0957 0x130c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:46:55.0958 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
10:46:55.0969 0x130c  Mup - detected LockedFile.Multi.Generic ( 1 )
10:46:58.0670 0x130c  Detect skipped due to KSN trusted
10:46:58.0670 0x130c  Mup - ok
10:46:58.0778 0x130c  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
10:46:58.0971 0x130c  napagent - ok
10:46:59.0068 0x130c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:46:59.0068 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
10:46:59.0101 0x130c  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
10:47:01.0791 0x130c  Detect skipped due to KSN trusted
10:47:01.0791 0x130c  NativeWifiP - ok
10:47:01.0894 0x130c  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:47:01.0895 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: CAD515DBD07D082BB317D9928CE8962C, sha256: 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E
10:47:01.0910 0x130c  NDIS - detected LockedFile.Multi.Generic ( 1 )
10:47:04.0698 0x130c  Detect skipped due to KSN trusted
10:47:04.0698 0x130c  NDIS - ok
10:47:04.0769 0x130c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:47:04.0769 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
10:47:04.0787 0x130c  NdisCap - detected LockedFile.Multi.Generic ( 1 )
10:47:07.0484 0x130c  Detect skipped due to KSN trusted
10:47:07.0484 0x130c  NdisCap - ok
10:47:07.0652 0x130c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:47:07.0653 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
10:47:07.0668 0x130c  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
10:47:10.0304 0x130c  Detect skipped due to KSN trusted
10:47:10.0304 0x130c  NdisTapi - ok
10:47:10.0354 0x130c  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:47:10.0355 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: F105BA1E22BF1F2EE8F005D4305E4BEC, sha256: 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F
10:47:10.0366 0x130c  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
10:47:13.0113 0x130c  Detect skipped due to KSN trusted
10:47:13.0113 0x130c  Ndisuio - ok
10:47:13.0160 0x130c  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:47:13.0160 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 557DFAB9CA1FCB036AC77564C010DAD3, sha256: 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29
10:47:13.0176 0x130c  NdisWan - detected LockedFile.Multi.Generic ( 1 )
10:47:15.0878 0x130c  Detect skipped due to KSN trusted
10:47:15.0878 0x130c  NdisWan - ok
10:47:15.0943 0x130c  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:47:15.0944 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 659B74FB74B86228D6338D643CD3E3CF, sha256: 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80
10:47:15.0963 0x130c  NDProxy - detected LockedFile.Multi.Generic ( 1 )
10:47:18.0426 0x130c  Detect skipped due to KSN trusted
10:47:18.0426 0x130c  NDProxy - ok
10:47:18.0544 0x130c  [ DB4D44F86038A2931B06359DA2FAFD3C, 2CE561E3828ABFA3DA54EB215850E60201CB96F18C7528DF696292D57C3F0A06 ] NEOFLTR_710_18671 C:\Windows\system32\Drivers\NEOFLTR_710_18671.SYS
10:47:18.0545 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\NEOFLTR_710_18671.SYS. md5: DB4D44F86038A2931B06359DA2FAFD3C, sha256: 2CE561E3828ABFA3DA54EB215850E60201CB96F18C7528DF696292D57C3F0A06
10:47:18.0553 0x130c  NEOFLTR_710_18671 - detected LockedFile.Multi.Generic ( 1 )
10:47:21.0267 0x130c  Detect skipped due to KSN trusted
10:47:21.0268 0x130c  NEOFLTR_710_18671 - ok
10:47:21.0335 0x130c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:47:21.0335 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
10:47:21.0375 0x130c  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
10:47:24.0003 0x130c  Detect skipped due to KSN trusted
10:47:24.0003 0x130c  NetBIOS - ok
10:47:24.0085 0x130c  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:47:24.0086 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 9162B273A44AB9DCE5B44362731D062A, sha256: 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39
10:47:24.0129 0x130c  NetBT - detected LockedFile.Multi.Generic ( 1 )
10:47:26.0590 0x130c  Detect skipped due to KSN trusted
10:47:26.0590 0x130c  NetBT - ok
10:47:26.0640 0x130c  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon        C:\Windows\system32\lsass.exe
10:47:26.0674 0x130c  Netlogon - ok
10:47:26.0736 0x130c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:47:26.0874 0x130c  Netman - ok
10:47:26.0966 0x130c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:47:27.0106 0x130c  netprofm - ok
10:47:27.0173 0x130c  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:47:27.0198 0x130c  NetTcpPortSharing - ok
10:47:27.0589 0x130c  [ 4D85A450EDEF10C38882182753A49AAE, FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
10:47:27.0589 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\NETw5s64.sys. md5: 4D85A450EDEF10C38882182753A49AAE, sha256: FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC
10:47:27.0641 0x130c  NETw5s64 - detected LockedFile.Multi.Generic ( 1 )
10:47:30.0340 0x130c  Detect skipped due to KSN trusted
10:47:30.0341 0x130c  NETw5s64 - ok
10:47:30.0456 0x130c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:47:30.0457 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
10:47:30.0479 0x130c  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
10:47:32.0959 0x130c  Detect skipped due to KSN trusted
10:47:32.0959 0x130c  nfrd960 - ok
10:47:33.0078 0x130c  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:47:33.0178 0x130c  NlaSvc - ok
10:47:33.0227 0x130c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:47:33.0228 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
10:47:33.0238 0x130c  Npfs - detected LockedFile.Multi.Generic ( 1 )
10:47:35.0747 0x130c  Detect skipped due to KSN trusted
10:47:35.0747 0x130c  Npfs - ok
10:47:35.0804 0x130c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:47:35.0890 0x130c  nsi - ok
10:47:35.0932 0x130c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:47:35.0932 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
10:47:35.0941 0x130c  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
10:47:38.0725 0x130c  Detect skipped due to KSN trusted
10:47:38.0725 0x130c  nsiproxy - ok
10:47:38.0884 0x130c  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC, 2A78A36A729B271FE54A54E507EBC9AD9B9D764DBCB58AC3CBB8FC76D0075391 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:47:38.0885 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 378E0E0DFEA67D98AE6EA53ADBBD76BC, sha256: 2A78A36A729B271FE54A54E507EBC9AD9B9D764DBCB58AC3CBB8FC76D0075391
10:47:38.0898 0x130c  Ntfs - detected LockedFile.Multi.Generic ( 1 )
10:47:41.0604 0x130c  Detect skipped due to KSN trusted
10:47:41.0604 0x130c  Ntfs - ok
10:47:41.0650 0x130c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:47:41.0651 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
10:47:41.0662 0x130c  Null - detected LockedFile.Multi.Generic ( 1 )
10:47:44.0354 0x130c  Detect skipped due to KSN trusted
10:47:44.0354 0x130c  Null - ok
10:47:44.0457 0x130c  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:47:44.0457 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: A4D9C9A608A97F59307C2F2600EDC6A4, sha256: D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE
10:47:44.0474 0x130c  nvraid - detected LockedFile.Multi.Generic ( 1 )
10:47:46.0928 0x130c  Detect skipped due to KSN trusted
10:47:46.0928 0x130c  nvraid - ok
10:47:46.0999 0x130c  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:47:47.0000 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: 6C1D5F70E7A6A3FD1C90D840EDC048B9, sha256: 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77
10:47:47.0010 0x130c  nvstor - detected LockedFile.Multi.Generic ( 1 )
10:47:50.0308 0x130c  Detect skipped due to KSN trusted
10:47:50.0308 0x130c  nvstor - ok
10:47:50.0471 0x130c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
10:47:50.0472 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
10:47:50.0479 0x130c  nv_agp - detected LockedFile.Multi.Generic ( 1 )
10:47:53.0080 0x130c  Detect skipped due to KSN trusted
10:47:53.0080 0x130c  nv_agp - ok
10:47:53.0125 0x130c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
10:47:53.0125 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
10:47:53.0133 0x130c  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
10:47:55.0780 0x130c  Detect skipped due to KSN trusted
10:47:55.0780 0x130c  ohci1394 - ok
10:47:55.0864 0x130c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:47:55.0890 0x130c  ose - ok
10:47:56.0200 0x130c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:47:56.0518 0x130c  osppsvc - ok
10:47:56.0619 0x130c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:47:56.0709 0x130c  p2pimsvc - ok
10:47:56.0771 0x130c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:47:56.0866 0x130c  p2psvc - ok
10:47:57.0186 0x130c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:47:57.0187 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
10:47:57.0210 0x130c  Parport - detected LockedFile.Multi.Generic ( 1 )
10:47:59.0921 0x130c  Detect skipped due to KSN trusted
10:47:59.0921 0x130c  Parport - ok
10:47:59.0992 0x130c  [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:47:59.0993 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 90061B1ACFE8CCAA5345750FFE08D8B8, sha256: 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7
10:48:00.0008 0x130c  partmgr - detected LockedFile.Multi.Generic ( 1 )
10:48:02.0845 0x130c  Detect skipped due to KSN trusted
10:48:02.0845 0x130c  partmgr - ok
10:48:02.0904 0x130c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:48:02.0975 0x130c  PcaSvc - ok
10:48:03.0047 0x130c  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
10:48:03.0047 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pci.sys. md5: F36F6504009F2FB0DFD1B17A116AD74B, sha256: 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918
10:48:03.0055 0x130c  pci - detected LockedFile.Multi.Generic ( 1 )
10:48:05.0508 0x130c  Detect skipped due to KSN trusted
10:48:05.0508 0x130c  pci - ok
10:48:05.0603 0x130c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
10:48:05.0603 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
10:48:05.0617 0x130c  pciide - detected LockedFile.Multi.Generic ( 1 )
10:48:08.0310 0x130c  Detect skipped due to KSN trusted
10:48:08.0310 0x130c  pciide - ok
10:48:08.0371 0x130c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:48:08.0372 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
10:48:08.0379 0x130c  pcmcia - detected LockedFile.Multi.Generic ( 1 )
10:48:10.0965 0x130c  Detect skipped due to KSN trusted
10:48:10.0966 0x130c  pcmcia - ok
10:48:11.0016 0x130c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:48:11.0017 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
10:48:11.0025 0x130c  pcw - detected LockedFile.Multi.Generic ( 1 )
10:48:13.0522 0x130c  Detect skipped due to KSN trusted
10:48:13.0522 0x130c  pcw - ok
10:48:13.0617 0x130c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:48:13.0618 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
10:48:13.0643 0x130c  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
10:48:16.0271 0x130c  Detect skipped due to KSN trusted
10:48:16.0271 0x130c  PEAUTH - ok
10:48:16.0395 0x130c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:48:16.0443 0x130c  PerfHost - ok
10:48:16.0603 0x130c  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
10:48:16.0779 0x130c  pla - ok
10:48:16.0894 0x130c  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:48:16.0981 0x130c  PlugPlay - ok
10:48:17.0070 0x130c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:48:17.0114 0x130c  PNRPAutoReg - ok
10:48:17.0221 0x130c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:48:17.0261 0x130c  PNRPsvc - ok
10:48:17.0353 0x130c  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:48:17.0505 0x130c  PolicyAgent - ok
10:48:17.0610 0x130c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
10:48:17.0739 0x130c  Power - ok
10:48:17.0794 0x130c  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:48:17.0795 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 27CC19E81BA5E3403C48302127BDA717, sha256: C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40
10:48:17.0820 0x130c  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
10:48:20.0653 0x130c  Detect skipped due to KSN trusted
10:48:20.0653 0x130c  PptpMiniport - ok
10:48:20.0733 0x130c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:48:20.0733 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
10:48:20.0741 0x130c  Processor - detected LockedFile.Multi.Generic ( 1 )
10:48:23.0432 0x130c  Detect skipped due to KSN trusted
10:48:23.0432 0x130c  Processor - ok
10:48:23.0614 0x130c  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\Windows\system32\profsvc.dll
10:48:23.0695 0x130c  ProfSvc - ok
10:48:23.0736 0x130c  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:48:23.0762 0x130c  ProtectedStorage - ok
10:48:23.0825 0x130c  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:48:23.0825 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: EE992183BD8EAEFD9973F352E587A299, sha256: 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043
10:48:23.0836 0x130c  Psched - detected LockedFile.Multi.Generic ( 1 )
10:48:26.0302 0x130c  Detect skipped due to KSN trusted
10:48:26.0302 0x130c  Psched - ok
10:48:26.0414 0x130c  [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:48:26.0414 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\PxHlpa64.sys. md5: 4712CC14E720ECCCC0AA16949D18AAF1, sha256: AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262
10:48:26.0422 0x130c  PxHlpa64 - detected LockedFile.Multi.Generic ( 1 )
10:48:28.0874 0x130c  Detect skipped due to KSN trusted
10:48:28.0887 0x130c  PxHlpa64 - ok
10:48:29.0027 0x130c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:48:29.0028 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
10:48:29.0047 0x130c  ql2300 - detected LockedFile.Multi.Generic ( 1 )
10:48:31.0755 0x130c  Detect skipped due to KSN trusted
10:48:31.0755 0x130c  ql2300 - ok
10:48:31.0827 0x130c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:48:31.0828 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
10:48:31.0839 0x130c  ql40xx - detected LockedFile.Multi.Generic ( 1 )
10:48:34.0310 0x130c  Detect skipped due to KSN trusted
10:48:34.0310 0x130c  ql40xx - ok
10:48:34.0420 0x130c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:48:34.0496 0x130c  QWAVE - ok
10:48:34.0539 0x130c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:48:34.0540 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
10:48:34.0551 0x130c  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
10:48:37.0020 0x130c  Detect skipped due to KSN trusted
10:48:37.0020 0x130c  QWAVEdrv - ok
10:48:37.0067 0x130c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:48:37.0068 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
10:48:37.0082 0x130c  RasAcd - detected LockedFile.Multi.Generic ( 1 )
10:48:39.0570 0x130c  Detect skipped due to KSN trusted
10:48:39.0570 0x130c  RasAcd - ok
10:48:39.0643 0x130c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:48:39.0644 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
10:48:39.0654 0x130c  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
10:48:42.0105 0x130c  Detect skipped due to KSN trusted
10:48:42.0105 0x130c  RasAgileVpn - ok
10:48:42.0199 0x130c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:48:42.0294 0x130c  RasAuto - ok
10:48:42.0342 0x130c  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:48:42.0343 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 87A6E852A22991580D6D39ADC4790463, sha256: 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642
10:48:42.0350 0x130c  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
10:48:45.0088 0x130c  Detect skipped due to KSN trusted
10:48:45.0088 0x130c  Rasl2tp - ok
10:48:45.0154 0x130c  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
10:48:45.0269 0x130c  RasMan - ok
10:48:45.0315 0x130c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:48:45.0315 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
10:48:45.0326 0x130c  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
10:48:48.0029 0x130c  Detect skipped due to KSN trusted
10:48:48.0029 0x130c  RasPppoe - ok
10:48:48.0064 0x130c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:48:48.0065 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
10:48:48.0073 0x130c  RasSstp - detected LockedFile.Multi.Generic ( 1 )
10:48:50.0709 0x130c  Detect skipped due to KSN trusted
10:48:50.0709 0x130c  RasSstp - ok
10:48:50.0802 0x130c  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:48:50.0802 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 3BAC8142102C15D59A87757C1D41DCE5, sha256: C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C
10:48:50.0810 0x130c  rdbss - detected LockedFile.Multi.Generic ( 1 )
10:48:53.0299 0x130c  Detect skipped due to KSN trusted
10:48:53.0300 0x130c  rdbss - ok
10:48:53.0332 0x130c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:48:53.0332 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
10:48:53.0340 0x130c  rdpbus - detected LockedFile.Multi.Generic ( 1 )
10:48:55.0978 0x130c  Detect skipped due to KSN trusted
10:48:55.0978 0x130c  rdpbus - ok
10:48:56.0040 0x130c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:48:56.0041 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
10:48:56.0055 0x130c  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
10:48:58.0525 0x130c  Detect skipped due to KSN trusted
10:48:58.0525 0x130c  RDPCDD - ok
10:48:58.0581 0x130c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:48:58.0581 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
10:48:58.0596 0x130c  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
10:49:01.0071 0x130c  Detect skipped due to KSN trusted
10:49:01.0071 0x130c  RDPENCDD - ok
10:49:01.0121 0x130c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:49:01.0121 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
10:49:01.0135 0x130c  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
10:49:03.0604 0x130c  Detect skipped due to KSN trusted
10:49:03.0604 0x130c  RDPREFMP - ok
10:49:03.0656 0x130c  [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:49:03.0656 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: 447DE7E3DEA39D422C1504F245B668B1, sha256: C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909
10:49:03.0670 0x130c  RDPWD - detected LockedFile.Multi.Generic ( 1 )
10:49:06.0140 0x130c  Detect skipped due to KSN trusted
10:49:06.0140 0x130c  RDPWD - ok
10:49:06.0235 0x130c  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:49:06.0236 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 634B9A2181D98F15941236886164EC8B, sha256: 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8
10:49:06.0273 0x130c  rdyboost - detected LockedFile.Multi.Generic ( 1 )
10:49:08.0967 0x130c  Detect skipped due to KSN trusted
10:49:08.0968 0x130c  rdyboost - ok
10:49:09.0041 0x130c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:49:09.0132 0x130c  RemoteAccess - ok
10:49:09.0209 0x130c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:49:09.0312 0x130c  RemoteRegistry - ok
10:49:09.0388 0x130c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:49:09.0480 0x130c  RpcEptMapper - ok
10:49:09.0524 0x130c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:49:09.0551 0x130c  RpcLocator - ok
10:49:09.0615 0x130c  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
10:49:09.0706 0x130c  RpcSs - ok
10:49:09.0762 0x130c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:49:09.0763 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
10:49:09.0774 0x130c  rspndr - detected LockedFile.Multi.Generic ( 1 )
10:49:12.0534 0x130c  Detect skipped due to KSN trusted
10:49:12.0534 0x130c  rspndr - ok
10:49:12.0616 0x130c  [ 2DB8116D52B19216812C4E6D5D837810, 00A524FF80DE69B6B6CA767C90723E833891C006AB43E65A1F6F14C38B8F2427 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
10:49:12.0616 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 2DB8116D52B19216812C4E6D5D837810, sha256: 00A524FF80DE69B6B6CA767C90723E833891C006AB43E65A1F6F14C38B8F2427
10:49:12.0640 0x130c  RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
10:49:15.0325 0x130c  Detect skipped due to KSN trusted
10:49:15.0325 0x130c  RSUSBSTOR - ok
10:49:15.0433 0x130c  [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:49:15.0434 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: B49DC435AE3695BAC5623DD94B05732D, sha256: D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0
10:49:15.0441 0x130c  RTL8167 - detected LockedFile.Multi.Generic ( 1 )
10:49:17.0910 0x130c  Detect skipped due to KSN trusted
10:49:17.0910 0x130c  RTL8167 - ok
10:49:17.0968 0x130c  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs           C:\Windows\system32\lsass.exe
10:49:17.0992 0x130c  SamSs - ok
10:49:18.0034 0x130c  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
10:49:18.0035 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sbp2port.sys. md5: E3BBB89983DAF5622C1D50CF49F28227, sha256: 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07
10:49:18.0043 0x130c  sbp2port - detected LockedFile.Multi.Generic ( 1 )
10:49:20.0782 0x130c  Detect skipped due to KSN trusted
10:49:20.0782 0x130c  sbp2port - ok
10:49:20.0916 0x130c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:49:21.0029 0x130c  SCardSvr - ok
10:49:21.0077 0x130c  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:49:21.0078 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: C94DA20C7E3BA1DCA269BC8460D98387, sha256: E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61
10:49:21.0092 0x130c  scfilter - detected LockedFile.Multi.Generic ( 1 )
10:49:23.0718 0x130c  Detect skipped due to KSN trusted
10:49:23.0718 0x130c  scfilter - ok
10:49:23.0841 0x130c  [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule        C:\Windows\system32\schedsvc.dll
10:49:23.0980 0x130c  Schedule - ok
10:49:24.0043 0x130c  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:49:24.0114 0x130c  SCPolicySvc - ok
10:49:24.0175 0x130c  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:49:24.0251 0x130c  SDRSVC - ok
10:49:24.0476 0x130c  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
10:49:24.0567 0x130c  SDScannerService - ok
10:49:24.0740 0x130c  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:49:24.0845 0x130c  SDUpdateService - ok
10:49:24.0908 0x130c  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:49:24.0934 0x130c  SDWSCService - ok
10:49:24.0996 0x130c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:49:24.0996 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
10:49:25.0023 0x130c  secdrv - detected LockedFile.Multi.Generic ( 1 )
10:49:27.0475 0x130c  Detect skipped due to KSN trusted
10:49:27.0475 0x130c  secdrv - ok
10:49:27.0574 0x130c  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
10:49:27.0668 0x130c  seclogon - ok
10:49:27.0733 0x130c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
10:49:27.0823 0x130c  SENS - ok
10:49:27.0898 0x130c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:49:27.0967 0x130c  SensrSvc - ok
10:49:28.0000 0x130c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:49:28.0001 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
10:49:28.0008 0x130c  Serenum - detected LockedFile.Multi.Generic ( 1 )
10:49:30.0710 0x130c  Detect skipped due to KSN trusted
10:49:30.0710 0x130c  Serenum - ok
10:49:30.0754 0x130c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:49:30.0755 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
10:49:30.0763 0x130c  Serial - detected LockedFile.Multi.Generic ( 1 )
10:49:33.0221 0x130c  Detect skipped due to KSN trusted
10:49:33.0221 0x130c  Serial - ok
10:49:33.0300 0x130c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:49:33.0300 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
10:49:33.0308 0x130c  sermouse - detected LockedFile.Multi.Generic ( 1 )
10:49:35.0781 0x130c  Detect skipped due to KSN trusted
10:49:35.0781 0x130c  sermouse - ok
10:49:35.0887 0x130c  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:49:35.0964 0x130c  SessionEnv - ok
10:49:36.0007 0x130c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
10:49:36.0008 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
10:49:36.0015 0x130c  sffdisk - detected LockedFile.Multi.Generic ( 1 )
10:49:38.0635 0x130c  Detect skipped due to KSN trusted
10:49:38.0635 0x130c  sffdisk - ok
10:49:38.0687 0x130c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:49:38.0688 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
10:49:38.0698 0x130c  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
10:49:41.0408 0x130c  Detect skipped due to KSN trusted
10:49:41.0408 0x130c  sffp_mmc - ok
10:49:41.0488 0x130c  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
10:49:41.0488 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_sd.sys. md5: 178298F767FE638C9FEDCBDEF58BB5E4, sha256: 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7
10:49:41.0500 0x130c  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
10:49:44.0182 0x130c  Detect skipped due to KSN trusted
10:49:44.0182 0x130c  sffp_sd - ok
10:49:44.0239 0x130c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:49:44.0240 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
10:49:44.0248 0x130c  sfloppy - detected LockedFile.Multi.Generic ( 1 )
10:49:46.0931 0x130c  Detect skipped due to KSN trusted
10:49:46.0931 0x130c  sfloppy - ok
10:49:47.0075 0x130c  [ 74EC60E20516AAA573BE74F31175270F, 35A68231368DEE46FEF2A4E30BFAAC38F093FC5A362A7491ED38BDE11F0FC356 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:49:47.0188 0x130c  SftService - ok
10:49:47.0276 0x130c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:49:47.0372 0x130c  SharedAccess - ok
10:49:47.0444 0x130c  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:49:47.0532 0x130c  ShellHWDetection - ok
10:49:47.0586 0x130c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:49:47.0586 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
10:49:47.0597 0x130c  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
10:49:50.0068 0x130c  Detect skipped due to KSN trusted
10:49:50.0068 0x130c  SiSRaid2 - ok
10:49:50.0120 0x130c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:49:50.0120 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
10:49:50.0132 0x130c  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
10:49:52.0740 0x130c  Detect skipped due to KSN trusted
10:49:52.0740 0x130c  SiSRaid4 - ok
10:49:52.0825 0x130c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:49:52.0825 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
10:49:52.0836 0x130c  Smb - detected LockedFile.Multi.Generic ( 1 )
10:49:55.0528 0x130c  Detect skipped due to KSN trusted
10:49:55.0528 0x130c  Smb - ok
10:49:55.0619 0x130c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:49:55.0670 0x130c  SNMPTRAP - ok
10:49:55.0731 0x130c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:49:55.0731 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
10:49:55.0739 0x130c  spldr - detected LockedFile.Multi.Generic ( 1 )
10:49:58.0436 0x130c  Detect skipped due to KSN trusted
10:49:58.0436 0x130c  spldr - ok
10:49:58.0556 0x130c  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\Windows\System32\spoolsv.exe
10:49:58.0664 0x130c  Spooler - ok
10:49:58.0889 0x130c  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
10:49:59.0168 0x130c  sppsvc - ok
10:49:59.0252 0x130c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:49:59.0343 0x130c  sppuinotify - ok
10:49:59.0422 0x130c  [ D630B6F2E8379B6F10DC16E82A426552, 9F7949B11BCEF55B38119ED45BD92117A8551BEC8A2BCD88EA89707C48120F1B ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
10:49:59.0446 0x130c  sprtsvc_DellSupportCenter - ok
10:49:59.0518 0x130c  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:49:59.0518 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 2408C0366D96BCDF63E8F1C78E4A29C5, sha256: 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016
10:49:59.0536 0x130c  srv - detected LockedFile.Multi.Generic ( 1 )
10:50:02.0230 0x130c  Detect skipped due to KSN trusted
10:50:02.0230 0x130c  srv - ok
10:50:02.0319 0x130c  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:50:02.0319 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: 76548F7B818881B47D8D1AE1BE9C11F8, sha256: 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C
10:50:02.0326 0x130c  srv2 - detected LockedFile.Multi.Generic ( 1 )
10:50:04.0958 0x130c  Detect skipped due to KSN trusted
10:50:04.0959 0x130c  srv2 - ok
10:50:04.0997 0x130c  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:50:04.0997 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 0AF6E19D39C70844C5CAA8FB0183C36E, sha256: 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD
10:50:05.0005 0x130c  srvnet - detected LockedFile.Multi.Generic ( 1 )
10:50:07.0763 0x130c  Detect skipped due to KSN trusted
10:50:07.0763 0x130c  srvnet - ok
10:50:07.0843 0x130c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:50:07.0948 0x130c  SSDPSRV - ok
10:50:08.0012 0x130c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:50:08.0108 0x130c  SstpSvc - ok
10:50:08.0172 0x130c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:50:08.0172 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
10:50:08.0194 0x130c  stexstor - detected LockedFile.Multi.Generic ( 1 )
10:50:10.0663 0x130c  Detect skipped due to KSN trusted
10:50:10.0663 0x130c  stexstor - ok
10:50:10.0748 0x130c  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
10:50:10.0843 0x130c  stisvc - ok
10:50:10.0908 0x130c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:50:10.0908 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
10:50:10.0925 0x130c  swenum - detected LockedFile.Multi.Generic ( 1 )
10:50:13.0623 0x130c  Detect skipped due to KSN trusted
10:50:13.0623 0x130c  swenum - ok
10:50:13.0707 0x130c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:50:13.0816 0x130c  swprv - ok
10:50:13.0873 0x130c  [ 52EB25BD8AB4E331028C48B178441B36, 72A907F447ADB4EF307A06D2BC1052BB2F3ED0F10DC13391DB8B43665F81FD74 ] sxuptp          C:\Windows\system32\DRIVERS\sxuptp.sys
10:50:13.0874 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sxuptp.sys. md5: 52EB25BD8AB4E331028C48B178441B36, sha256: 72A907F447ADB4EF307A06D2BC1052BB2F3ED0F10DC13391DB8B43665F81FD74
10:50:13.0881 0x130c  sxuptp - detected LockedFile.Multi.Generic ( 1 )
10:50:16.0631 0x130c  Detect skipped due to KSN trusted
10:50:16.0631 0x130c  sxuptp - ok
10:50:16.0706 0x130c  [ 1657B7442D5CE30533F5C4317716B468, 31C1C6D529F555FE6936F8765B262269364BDA2C6726AF70CA8BB148F4E5A56A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:50:16.0707 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 1657B7442D5CE30533F5C4317716B468, sha256: 31C1C6D529F555FE6936F8765B262269364BDA2C6726AF70CA8BB148F4E5A56A
10:50:16.0734 0x130c  SynTP - detected LockedFile.Multi.Generic ( 1 )
10:50:19.0422 0x130c  Detect skipped due to KSN trusted
10:50:19.0423 0x130c  SynTP - ok
10:50:19.0570 0x130c  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
10:50:19.0742 0x130c  SysMain - ok
10:50:19.0809 0x130c  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:50:19.0872 0x130c  TabletInputService - ok
10:50:19.0965 0x130c  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:50:20.0082 0x130c  TapiSrv - ok
10:50:20.0149 0x130c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
10:50:20.0223 0x130c  TBS - ok
10:50:20.0383 0x130c  [ 624C5B3AA4C99B3184BB922D9ECE3FF0, DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:50:20.0383 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 624C5B3AA4C99B3184BB922D9ECE3FF0, sha256: DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E
10:50:20.0411 0x130c  Tcpip - detected LockedFile.Multi.Generic ( 1 )
10:50:23.0101 0x130c  Detect skipped due to KSN trusted
10:50:23.0101 0x130c  Tcpip - ok
10:50:23.0256 0x130c  [ 624C5B3AA4C99B3184BB922D9ECE3FF0, DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:50:23.0256 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 624C5B3AA4C99B3184BB922D9ECE3FF0, sha256: DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E
10:50:23.0285 0x130c  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
10:50:23.0285 0x130c  Detect skipped due to KSN trusted
10:50:23.0285 0x130c  TCPIP6 - ok
10:50:23.0347 0x130c  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:50:23.0347 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 76D078AF6F587B162D50210F761EB9ED, sha256: 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9
10:50:23.0355 0x130c  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
10:50:26.0045 0x130c  Detect skipped due to KSN trusted
10:50:26.0045 0x130c  tcpipreg - ok
10:50:26.0122 0x130c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:50:26.0122 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
10:50:26.0130 0x130c  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
10:50:28.0580 0x130c  Detect skipped due to KSN trusted
10:50:28.0580 0x130c  TDPIPE - ok
10:50:28.0673 0x130c  [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:50:28.0673 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 7518F7BCFD4B308ABC9192BACAF6C970, sha256: CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB
10:50:28.0681 0x130c  TDTCP - detected LockedFile.Multi.Generic ( 1 )
10:50:31.0364 0x130c  Detect skipped due to KSN trusted
10:50:31.0364 0x130c  TDTCP - ok
10:50:31.0407 0x130c  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:50:31.0408 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: 079125C4B17B01FCAEEBCE0BCB290C0F, sha256: B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437
10:50:31.0416 0x130c  tdx - detected LockedFile.Multi.Generic ( 1 )
10:50:33.0870 0x130c  Detect skipped due to KSN trusted
10:50:33.0870 0x130c  tdx - ok
10:50:33.0935 0x130c  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:50:33.0935 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\termdd.sys. md5: C448651339196C0E869A355171875522, sha256: C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4
10:50:33.0943 0x130c  TermDD - detected LockedFile.Multi.Generic ( 1 )
10:50:36.0413 0x130c  Detect skipped due to KSN trusted
10:50:36.0413 0x130c  TermDD - ok
10:50:36.0504 0x130c  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
10:50:36.0641 0x130c  TermService - ok
10:50:36.0710 0x130c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:50:36.0767 0x130c  Themes - ok
10:50:36.0824 0x130c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:50:36.0895 0x130c  THREADORDER - ok
10:50:36.0964 0x130c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:50:37.0063 0x130c  TrkWks - ok
10:50:37.0160 0x130c  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:50:37.0220 0x130c  TrustedInstaller - ok
10:50:37.0279 0x130c  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:50:37.0280 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 61B96C26131E37B24E93327A0BD1FB95, sha256: 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF
10:50:37.0293 0x130c  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
10:50:39.0743 0x130c  Detect skipped due to KSN trusted
10:50:39.0743 0x130c  tssecsrv - ok
10:50:39.0818 0x130c  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:50:39.0818 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3836171A2CDF3AF8EF10856DB9835A70, sha256: 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2
10:50:39.0826 0x130c  tunnel - detected LockedFile.Multi.Generic ( 1 )
10:50:42.0316 0x130c  Detect skipped due to KSN trusted
10:50:42.0316 0x130c  tunnel - ok
10:50:42.0399 0x130c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:50:42.0400 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
10:50:42.0410 0x130c  uagp35 - detected LockedFile.Multi.Generic ( 1 )
10:50:45.0363 0x130c  Detect skipped due to KSN trusted
10:50:45.0363 0x130c  uagp35 - ok
10:50:45.0433 0x130c  [ 31BA4A33AFAB6A69EA092B18017F737F, CD19290394D20CCCCD186C80A682000D3A1187ABCB292753402C88C6FB83AB7F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:50:45.0434 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: 31BA4A33AFAB6A69EA092B18017F737F, sha256: CD19290394D20CCCCD186C80A682000D3A1187ABCB292753402C88C6FB83AB7F
10:50:45.0441 0x130c  udfs - detected LockedFile.Multi.Generic ( 1 )
10:50:48.0135 0x130c  Detect skipped due to KSN trusted
10:50:48.0135 0x130c  udfs - ok
10:50:48.0234 0x130c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:50:48.0286 0x130c  UI0Detect - ok
10:50:48.0345 0x130c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
10:50:48.0345 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
10:50:48.0353 0x130c  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
10:50:51.0677 0x130c  Detect skipped due to KSN trusted
10:50:51.0677 0x130c  uliagpkx - ok
10:50:51.0735 0x130c  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:50:51.0736 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: EAB6C35E62B1B0DB0D1B48B671D3A117, sha256: E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0
10:50:51.0744 0x130c  umbus - detected LockedFile.Multi.Generic ( 1 )
10:50:54.0206 0x130c  Detect skipped due to KSN trusted
10:50:54.0206 0x130c  umbus - ok
10:50:54.0273 0x130c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:50:54.0273 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
10:50:54.0281 0x130c  UmPass - detected LockedFile.Multi.Generic ( 1 )
10:50:56.0742 0x130c  Detect skipped due to KSN trusted
10:50:56.0742 0x130c  UmPass - ok
10:50:56.0836 0x130c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:50:56.0953 0x130c  upnphost - ok
10:50:57.0036 0x130c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:50:57.0036 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: 5C3BE22E485B9BF11FCEFDC676C728D0, sha256: F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A
10:50:57.0044 0x130c  USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
10:50:59.0683 0x130c  Detect skipped due to KSN trusted
10:50:59.0683 0x130c  USBAAPL64 - ok
10:50:59.0726 0x130c  [ 537A4E03D7103C12D42DFD8FFDB5BDC9, 4E6F43A27E629C9769FAEF305BDCD3D7EDBEE1A98B919AF95CF045407A4297D6 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:50:59.0727 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 537A4E03D7103C12D42DFD8FFDB5BDC9, sha256: 4E6F43A27E629C9769FAEF305BDCD3D7EDBEE1A98B919AF95CF045407A4297D6
10:50:59.0734 0x130c  usbccgp - detected LockedFile.Multi.Generic ( 1 )
10:51:02.0199 0x130c  Detect skipped due to KSN trusted
10:51:02.0200 0x130c  usbccgp - ok
10:51:02.0254 0x130c  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
10:51:02.0255 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
10:51:02.0267 0x130c  usbcir - detected LockedFile.Multi.Generic ( 1 )
10:51:04.0739 0x130c  Detect skipped due to KSN trusted
10:51:04.0739 0x130c  usbcir - ok
10:51:04.0806 0x130c  [ FBB21EBE49F6D560DB37AC25FBC68E66, 0F7B2F9BB4062FE24698FF6E5738E83B7FDA9E7FDE9206BEF18C8818627FF2CC ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:51:04.0806 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: FBB21EBE49F6D560DB37AC25FBC68E66, sha256: 0F7B2F9BB4062FE24698FF6E5738E83B7FDA9E7FDE9206BEF18C8818627FF2CC
10:51:04.0815 0x130c  usbehci - detected LockedFile.Multi.Generic ( 1 )
10:51:07.0553 0x130c  Detect skipped due to KSN trusted
10:51:07.0553 0x130c  usbehci - ok
10:51:07.0665 0x130c  [ 6B7A8A99C4A459E73C286A6763EA24CC, 3A8D6AE1D970AAEC4E08B76DB1B2C06AC003AF4F50339416072973E89F660EE2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:51:07.0665 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 6B7A8A99C4A459E73C286A6763EA24CC, sha256: 3A8D6AE1D970AAEC4E08B76DB1B2C06AC003AF4F50339416072973E89F660EE2
10:51:07.0675 0x130c  usbhub - detected LockedFile.Multi.Generic ( 1 )
10:51:10.0312 0x130c  Detect skipped due to KSN trusted
10:51:10.0312 0x130c  usbhub - ok
10:51:10.0359 0x130c  [ 8C88AA7617B4CBC2E4BED61D26B33A27, 4575F0DDFF68C5632CBB7BE93A66FFEDD85BD4D4AEE79C44B2EDA4F8642C6EBF ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:51:10.0360 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 8C88AA7617B4CBC2E4BED61D26B33A27, sha256: 4575F0DDFF68C5632CBB7BE93A66FFEDD85BD4D4AEE79C44B2EDA4F8642C6EBF
10:51:10.0367 0x130c  usbohci - detected LockedFile.Multi.Generic ( 1 )
10:51:12.0826 0x130c  Detect skipped due to KSN trusted
10:51:12.0826 0x130c  usbohci - ok
10:51:12.0934 0x130c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:51:12.0935 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
10:51:12.0942 0x130c  usbprint - detected LockedFile.Multi.Generic ( 1 )
10:51:15.0626 0x130c  Detect skipped due to KSN trusted
10:51:15.0626 0x130c  usbprint - ok
10:51:15.0694 0x130c  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:51:15.0694 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0, sha256: 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42
10:51:15.0703 0x130c  usbscan - detected LockedFile.Multi.Generic ( 1 )
10:51:18.0331 0x130c  Detect skipped due to KSN trusted
10:51:18.0331 0x130c  usbscan - ok
10:51:18.0413 0x130c  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:51:18.0413 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: F39983647BC1F3E6100778DDFE9DCE29, sha256: 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B
10:51:18.0420 0x130c  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
10:51:20.0874 0x130c  Detect skipped due to KSN trusted
10:51:20.0874 0x130c  USBSTOR - ok
10:51:20.0948 0x130c  [ 0B5B3B2DF3FD1709618ACFA50B8392B0, 19F040A16C86C475DD33D935E6244593EC73FF9F8C872BC060DDD8AE4F3EDB55 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:51:20.0949 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 0B5B3B2DF3FD1709618ACFA50B8392B0, sha256: 19F040A16C86C475DD33D935E6244593EC73FF9F8C872BC060DDD8AE4F3EDB55
10:51:20.0957 0x130c  usbuhci - detected LockedFile.Multi.Generic ( 1 )
10:51:23.0653 0x130c  Detect skipped due to KSN trusted
10:51:23.0653 0x130c  usbuhci - ok
10:51:23.0734 0x130c  [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:51:23.0734 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbvideo.sys. md5: 7CB8C573C6E4A2714402CC0A36EAB4FE, sha256: FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B
10:51:23.0756 0x130c  usbvideo - detected LockedFile.Multi.Generic ( 1 )
10:51:26.0444 0x130c  Detect skipped due to KSN trusted
10:51:26.0444 0x130c  usbvideo - ok
10:51:26.0709 0x130c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:51:26.0798 0x130c  UxSms - ok
10:51:26.0858 0x130c  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc        C:\Windows\system32\lsass.exe
10:51:26.0883 0x130c  VaultSvc - ok
10:51:26.0940 0x130c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
10:51:26.0941 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
10:51:26.0949 0x130c  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
10:51:29.0633 0x130c  Detect skipped due to KSN trusted
10:51:29.0633 0x130c  vdrvroot - ok
10:51:29.0713 0x130c  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
10:51:29.0795 0x130c  vds - ok
10:51:29.0855 0x130c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:51:29.0855 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
10:51:29.0869 0x130c  vga - detected LockedFile.Multi.Generic ( 1 )
10:51:32.0333 0x130c  Detect skipped due to KSN trusted
10:51:32.0333 0x130c  vga - ok
10:51:32.0368 0x130c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:51:32.0368 0x130c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
10:51:32.0382 0x130c  VgaSave - detected LockedFile.Multi.Generic ( 1 )
10:51:35.0072 0x130c  Detect skipped due to KSN trusted
10:51:35.0072 0x130c  VgaSave - ok
10:51:35.0126 0x130c  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
10:51:35.0127 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: C82E748660F62A242B2DFAC1442F22A4, sha256: 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E
10:51:35.0137 0x130c  vhdmp - detected LockedFile.Multi.Generic ( 1 )
10:51:37.0770 0x130c  Detect skipped due to KSN trusted
10:51:37.0770 0x130c  vhdmp - ok
10:51:37.0829 0x130c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
10:51:37.0830 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
10:51:37.0838 0x130c  viaide - detected LockedFile.Multi.Generic ( 1 )
10:51:40.0598 0x130c  Detect skipped due to KSN trusted
10:51:40.0598 0x130c  viaide - ok
10:51:40.0667 0x130c  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
10:51:40.0667 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, sha256: 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2
10:51:40.0675 0x130c  volmgr - detected LockedFile.Multi.Generic ( 1 )
10:51:43.0401 0x130c  Detect skipped due to KSN trusted
10:51:43.0401 0x130c  volmgr - ok
10:51:43.0504 0x130c  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:51:43.0505 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: 99B0CBB569CA79ACAED8C91461D765FB, sha256: 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B
10:51:43.0524 0x130c  volmgrx - detected LockedFile.Multi.Generic ( 1 )
10:51:45.0999 0x130c  Detect skipped due to KSN trusted
10:51:45.0999 0x130c  volmgrx - ok
10:51:46.0060 0x130c  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
10:51:46.0061 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58F82EED8CA24B461441F9C3E4F0BF5C, sha256: 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C
10:51:46.0069 0x130c  volsnap - detected LockedFile.Multi.Generic ( 1 )
10:51:48.0545 0x130c  Detect skipped due to KSN trusted
10:51:48.0545 0x130c  volsnap - ok
10:51:48.0593 0x130c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:51:48.0594 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
10:51:48.0604 0x130c  vsmraid - detected LockedFile.Multi.Generic ( 1 )
10:51:51.0081 0x130c  Detect skipped due to KSN trusted
10:51:51.0081 0x130c  vsmraid - ok
10:51:51.0225 0x130c  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
10:51:51.0373 0x130c  VSS - ok
10:51:51.0433 0x130c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:51:51.0433 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
10:51:51.0480 0x130c  vwifibus - detected LockedFile.Multi.Generic ( 1 )
10:51:55.0125 0x130c  Detect skipped due to KSN trusted
10:51:55.0125 0x130c  vwifibus - ok
10:51:55.0180 0x130c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:51:55.0181 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
10:51:55.0191 0x130c  vwififlt - detected LockedFile.Multi.Generic ( 1 )
10:52:03.0069 0x130c  Detect skipped due to KSN trusted
10:52:03.0069 0x130c  vwififlt - ok
10:52:03.0164 0x130c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:52:03.0284 0x130c  W32Time - ok
10:52:03.0356 0x130c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:52:03.0356 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
10:52:03.0375 0x130c  WacomPen - detected LockedFile.Multi.Generic ( 1 )
10:52:06.0068 0x130c  Detect skipped due to KSN trusted
10:52:06.0068 0x130c  WacomPen - ok
10:52:06.0219 0x130c  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:52:06.0220 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
10:52:06.0231 0x130c  WANARP - detected LockedFile.Multi.Generic ( 1 )
10:52:08.0850 0x130c  Detect skipped due to KSN trusted
10:52:08.0850 0x130c  WANARP - ok
10:52:08.0900 0x130c  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:52:08.0900 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
10:52:08.0911 0x130c  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
10:52:08.0911 0x130c  Detect skipped due to KSN trusted
10:52:08.0911 0x130c  Wanarpv6 - ok
10:52:09.0027 0x130c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:52:09.0125 0x130c  WatAdminSvc - ok
10:52:09.0235 0x130c  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
10:52:09.0389 0x130c  wbengine - ok
10:52:09.0454 0x130c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:52:09.0510 0x130c  WbioSrvc - ok
10:52:09.0590 0x130c  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:52:09.0689 0x130c  wcncsvc - ok
10:52:09.0728 0x130c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:52:09.0765 0x130c  WcsPlugInService - ok
10:52:09.0808 0x130c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:52:09.0809 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
10:52:09.0827 0x130c  Wd - detected LockedFile.Multi.Generic ( 1 )
10:52:12.0516 0x130c  Detect skipped due to KSN trusted
10:52:12.0516 0x130c  Wd - ok
10:52:12.0632 0x130c  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:52:12.0632 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
10:52:12.0641 0x130c  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
10:52:15.0114 0x130c  Detect skipped due to KSN trusted
10:52:15.0115 0x130c  Wdf01000 - ok
10:52:15.0214 0x130c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:52:15.0278 0x130c  WdiServiceHost - ok
10:52:15.0310 0x130c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:52:15.0350 0x130c  WdiSystemHost - ok
10:52:15.0430 0x130c  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\Windows\System32\webclnt.dll
10:52:15.0524 0x130c  WebClient - ok
10:52:15.0590 0x130c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:52:15.0702 0x130c  Wecsvc - ok
10:52:15.0782 0x130c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:52:15.0885 0x130c  wercplsupport - ok
10:52:15.0952 0x130c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:52:16.0023 0x130c  WerSvc - ok
10:52:16.0053 0x130c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:52:16.0053 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
10:52:16.0075 0x130c  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
10:52:18.0763 0x130c  Detect skipped due to KSN trusted
10:52:18.0763 0x130c  WfpLwf - ok
10:52:18.0832 0x130c  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
10:52:18.0833 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wimfltr.sys. md5: B14EF15BD757FA488F9C970EEE9C0D35, sha256: F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794
10:52:18.0844 0x130c  WimFltr - detected LockedFile.Multi.Generic ( 1 )
10:52:21.0531 0x130c  Detect skipped due to KSN trusted
10:52:21.0531 0x130c  WimFltr - ok
10:52:21.0585 0x130c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:52:21.0586 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
10:52:21.0596 0x130c  WIMMount - detected LockedFile.Multi.Generic ( 1 )
10:52:24.0290 0x130c  Detect skipped due to KSN trusted
10:52:24.0290 0x130c  WIMMount - ok
10:52:24.0361 0x130c  WinDefend - ok
10:52:24.0421 0x130c  WinHttpAutoProxySvc - ok
10:52:24.0515 0x130c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:52:24.0614 0x130c  Winmgmt - ok
10:52:24.0780 0x130c  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:52:25.0010 0x130c  WinRM - ok
10:52:25.0133 0x130c  [ 4D52C872018AF7E18D078978DCC3F6F2, 046A0E56091120950422F8A83C8126682AAF0BBA97CF18DF0D0D4D59D01A4F28 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:52:25.0133 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: 4D52C872018AF7E18D078978DCC3F6F2, sha256: 046A0E56091120950422F8A83C8126682AAF0BBA97CF18DF0D0D4D59D01A4F28
10:52:25.0147 0x130c  WinUsb - detected LockedFile.Multi.Generic ( 1 )
10:52:27.0604 0x130c  Detect skipped due to KSN trusted
10:52:27.0604 0x130c  WinUsb - ok
10:52:27.0728 0x130c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:52:27.0822 0x130c  Wlansvc - ok
10:52:27.0874 0x130c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:52:27.0874 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
10:52:27.0882 0x130c  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
10:52:30.0566 0x130c  Detect skipped due to KSN trusted
10:52:30.0566 0x130c  WmiAcpi - ok
10:52:30.0762 0x130c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:52:30.0840 0x130c  wmiApSrv - ok
10:52:30.0942 0x130c  WMPNetworkSvc - ok
10:52:30.0998 0x130c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:52:31.0033 0x130c  WPCSvc - ok
10:52:31.0078 0x130c  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:52:31.0130 0x130c  WPDBusEnum - ok
10:52:31.0180 0x130c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:52:31.0180 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
10:52:31.0199 0x130c  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
10:52:33.0894 0x130c  Detect skipped due to KSN trusted
10:52:33.0895 0x130c  ws2ifsl - ok
10:52:33.0961 0x130c  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:52:34.0034 0x130c  wscsvc - ok
10:52:34.0061 0x130c  WSearch - ok
10:52:34.0256 0x130c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:52:34.0412 0x130c  wuauserv - ok
10:52:34.0481 0x130c  [ C63907207B837A5C05CF6D1606AA0008, 48EA50875C40B8451F1D0A4961B6886448C4EEBBA4EE0C24D9EBB9B635CDB4DB ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:52:34.0481 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: C63907207B837A5C05CF6D1606AA0008, sha256: 48EA50875C40B8451F1D0A4961B6886448C4EEBBA4EE0C24D9EBB9B635CDB4DB
10:52:34.0489 0x130c  WudfPf - detected LockedFile.Multi.Generic ( 1 )
10:52:37.0094 0x130c  Detect skipped due to KSN trusted
10:52:37.0094 0x130c  WudfPf - ok
10:52:37.0208 0x130c  [ D885A873D733020F8B9B9FF4B1666158, 57C0A8CC7F92E149EA42E2BA7CDAA84887AB3030EBDAB46D2D44BFA7CAD98678 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:52:37.0209 0x130c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: D885A873D733020F8B9B9FF4B1666158, sha256: 57C0A8CC7F92E149EA42E2BA7CDAA84887AB3030EBDAB46D2D44BFA7CAD98678
10:52:37.0216 0x130c  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
10:52:39.0685 0x130c  Detect skipped due to KSN trusted
10:52:39.0685 0x130c  WUDFRd - ok
10:52:39.0772 0x130c  [ 27B9BEE5AAC00139E3A3AF5D6227A0DC, 6287D44DDBA8481EFD785B4FB75FDE7639273BED4CAB433EA74B8C05F6E9B330 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:52:39.0843 0x130c  wudfsvc - ok
10:52:39.0915 0x130c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:52:39.0994 0x130c  WwanSvc - ok
10:52:40.0055 0x130c  ================ Scan global ===============================
10:52:40.0126 0x130c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:52:40.0171 0x130c  [ 0CB6EBF4B461A6043353C570BD72A1E1, B6DA0AE56A7DC373F60CA1EF69E4D55E6F2EEB0D62AB78D555C5F85EB389A356 ] C:\Windows\system32\winsrv.dll
10:52:40.0217 0x130c  [ 0CB6EBF4B461A6043353C570BD72A1E1, B6DA0AE56A7DC373F60CA1EF69E4D55E6F2EEB0D62AB78D555C5F85EB389A356 ] C:\Windows\system32\winsrv.dll
10:52:40.0247 0x130c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:52:40.0277 0x130c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:52:40.0304 0x130c  [ Global ] - ok
10:52:40.0304 0x130c  ================ Scan MBR ==================================
10:52:40.0322 0x130c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:52:40.0716 0x130c  \Device\Harddisk0\DR0 - ok
10:52:40.0717 0x130c  ================ Scan VBR ==================================
10:52:40.0750 0x130c  [ 2F176BF609765158BA9A8F1B8AF6F626 ] \Device\Harddisk0\DR0\Partition1
10:52:40.0753 0x130c  \Device\Harddisk0\DR0\Partition1 - ok
10:52:40.0768 0x130c  [ C9EBD8F87B06A9553AB3B59674084104 ] \Device\Harddisk0\DR0\Partition2
10:52:40.0799 0x130c  \Device\Harddisk0\DR0\Partition2 - ok
10:52:40.0799 0x130c  ================ Scan generic autorun ======================
10:52:40.0825 0x130c  SynTPEnh - ok
10:52:41.0229 0x130c  [ 883259F529BCC4FA6B7B092AF2041A44, 0C90906A18FA275160E440C867DF786714A47E3945CAA0031D06963A8AB7F907 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:52:41.0708 0x130c  RtHDVCpl - ok
10:52:41.0781 0x130c  [ B69A01794D44C769C2575AE75E2EB31F, CE19EEA3F738A5F2A2C43EB6699AACB21D798B9649D744FB983868FB3E58E7C1 ] C:\Windows\system32\igfxpers.exe
10:52:41.0823 0x130c  Persistence - ok
10:52:41.0853 0x130c  [ 0BBFE08ECCE8A209D07C3B68D63FC293, 0374316F3586D191437F5A54F9A322B3F68002652920477DBCFD48EF049E6F21 ] C:\Windows\system32\igfxtray.exe
10:52:41.0877 0x130c  IgfxTray - ok
10:52:41.0912 0x130c  [ 2F16207A65B62001FC73E6798D0B8F2A, 44B3B7E0ED654480EE6CB238976FCDC745BE3EFD7CDC71B262146A4CE63731CD ] C:\Windows\system32\hkcmd.exe
10:52:41.0955 0x130c  HotKeysCmds - ok
10:52:42.0000 0x130c  [ 1F5A26DF97C33CD24A8ED4D4A1FF1348, 4A6E75D4F5F6CB6CDC92F5281B64B7F81F28B0FDDF38EAD95735982E5F64A6A1 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
10:52:42.0020 0x130c  PDVDDXSrv - ok
10:52:42.0022 0x130c  mcui_exe - ok
10:52:42.0159 0x130c  [ 9808FB2DD54BDF03EC605881F71C8D64, 5A10B1FF7048C9746E4E9DDA7D0D9F3C649F5CC3C88F2BDA6E2467F661935DA4 ] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
10:52:42.0277 0x130c  InstaLAN - ok
10:52:42.0318 0x130c  [ 0647EF247A5D0402E74FE89F5F6A8A11, 2DD529CFC058535900883AA51BCDEAC68182AED0EFB7B98E222249C3BEAD4F36 ] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
10:52:42.0371 0x130c  Desktop Disc Tool - ok
10:52:42.0398 0x130c  [ 00D1FB0073B4A8BD2989EA8FF4CC792B, 001A26FF51BF6BABF6325983F512CF8D84CADEE1CA36F166A41702D94C1B0841 ] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
10:52:42.0420 0x130c  DellSupportCenter - ok
10:52:42.0480 0x130c  [ 80B62FF105908EC9E4B072AFB1CFC824, B124F309CB42167D59097DB3346487A26D431EC05694CECF19F0C5938312B3E8 ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
10:52:42.0534 0x130c  Dell Webcam Central - detected UnsignedFile.Multi.Generic ( 1 )
10:52:44.0986 0x130c  Detect skipped due to KSN trusted
10:52:44.0986 0x130c  Dell Webcam Central - ok
10:52:45.0081 0x130c  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
10:52:45.0098 0x130c  APSDaemon - ok
10:52:45.0155 0x130c  [ 1CED9838255264E6F0C1BA8465167ABB, 40DA9531672A2BE9B4D856D5C07D9AA8BE8FC28EECE496BC2FEB7D357D3E0289 ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
10:52:45.0195 0x130c  ConnectionCenter - ok
10:52:45.0265 0x130c  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10:52:45.0293 0x130c  SunJavaUpdateSched - ok
10:52:45.0362 0x130c  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
10:52:45.0426 0x130c  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
10:52:48.0056 0x130c  Detect skipped due to KSN trusted
10:52:48.0057 0x130c  QuickTime Task - ok
10:52:48.0107 0x130c  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
10:52:48.0131 0x130c  iTunesHelper - ok
10:52:48.0358 0x130c  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
10:52:48.0543 0x130c  SDTray - ok
10:52:48.0685 0x130c  [ EABCB3EBAB22B981A09DBC1E65D05E96, 9980D2ADF2CB726DC6832A7D8697605608C3C8121DC631134735386A402896A8 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
10:52:48.0752 0x130c  "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" - detected UnsignedFile.Multi.Generic ( 1 )
10:52:51.0444 0x130c  Detect skipped due to KSN trusted
10:52:51.0444 0x130c  "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" - ok
10:52:51.0574 0x130c  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:52:51.0698 0x130c  Sidebar - ok
10:52:51.0732 0x130c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:52:51.0789 0x130c  mctadmin - ok
10:52:51.0871 0x130c  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:52:51.0949 0x130c  Sidebar - ok
10:52:51.0964 0x130c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:52:51.0997 0x130c  mctadmin - ok
10:52:52.0016 0x130c  MobileDocuments - ok
10:52:52.0035 0x130c  [ 096407F0CB75519F4DBFBA5BB413187B, 9F7A13FA6DA2B2FE58B69AD94DA372DA0C73918C1E3C57D1BC8F7662875C7CBD ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
10:52:52.0054 0x130c  ApplePhotoStreams - ok
10:52:52.0076 0x130c  [ CA595FA53E6C797EC1AB43AFB4B4F183, A0A7DDD2ECA97D6533DF908861C000B69C327184F4FFC7C4D971AE4651AD337F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
10:52:52.0094 0x130c  iCloudServices - ok
10:52:52.0225 0x130c  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
10:52:52.0245 0x130c  Google Update - ok
10:52:52.0374 0x130c  [ EFB2614E9142FA4427CE82EE6DC0CA7B, DE67CED09EA1A3B10BF0F3B22B2675844122783AE2523CE01E0BDE2691FC684A ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
10:52:52.0400 0x130c  KSS - ok
10:52:52.0557 0x130c  [ 6A9ED136D386414EA6E0C8B53641AC57, E8B200FF991F9F6247FC0F78838A86C2F00F5CEA3B4C5D784575E215B5DD0142 ] C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
10:52:52.0756 0x130c  Best Buy pc app - detected UnsignedFile.Multi.Generic ( 1 )
10:52:55.0211 0x130c  Best Buy pc app ( UnsignedFile.Multi.Generic ) - warning
10:52:58.0197 0x130c  FlashPlayerUpdate - ok
10:52:58.0198 0x130c  Waiting for KSN requests completion. In queue: 8
10:52:59.0262 0x130c  Win FW state via NFP2: enabled
10:53:01.0773 0x130c  ============================================================
10:53:01.0773 0x130c  Scan finished
10:53:01.0773 0x130c  ============================================================
10:53:01.0790 0x104c  Detected object count: 2
10:53:01.0790 0x104c  Actual detected object count: 2
10:53:23.0512 0x104c  ab6bf9c35ccd084 ( Rootkit.Win32.Necurs.gen ) - skipped by user
10:53:23.0516 0x104c  ab6bf9c35ccd084 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
10:53:23.0517 0x104c  Best Buy pc app ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:23.0517 0x104c  Best Buy pc app ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 28 January 2015 - 01:11 PM

OK, please go ahead:

Step 1

Start TDSStdsskiller.pngiller.exe again with administrator privileges.

  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat ab6bf9c35ccd084 (and only for that!) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 28 January 2015 - 03:55 PM

13:44:15.0297 0x1604  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:44:20.0962 0x1604  ============================================================
13:44:20.0962 0x1604  Current date / time: 2015/01/28 13:44:20.0962
13:44:20.0962 0x1604  SystemInfo:
13:44:20.0963 0x1604  
13:44:20.0963 0x1604  OS Version: 6.1.7600 ServicePack: 0.0
13:44:20.0963 0x1604  Product type: Workstation
13:44:20.0963 0x1604  ComputerName: STEPH-PC
13:44:20.0963 0x1604  UserName: Stephanie
13:44:20.0963 0x1604  Windows directory: C:\Windows
13:44:20.0963 0x1604  System windows directory: C:\Windows
13:44:20.0963 0x1604  Running under WOW64
13:44:20.0963 0x1604  Processor architecture: Intel x64
13:44:20.0963 0x1604  Number of processors: 2
13:44:20.0963 0x1604  Page size: 0x1000
13:44:20.0963 0x1604  Boot type: Normal boot
13:44:20.0963 0x1604  ============================================================
13:44:23.0007 0x1604  KLMD registered as C:\Windows\system32\drivers\28460993.sys
13:44:29.0729 0x1604  System UUID: {ECA7C01B-F4B2-CCC4-7527-18BD16210A09}
13:44:30.0268 0x1604  !crdlk
13:44:30.0275 0x1604  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
13:44:30.0302 0x1604  ============================================================
13:44:30.0302 0x1604  \Device\Harddisk0\DR0:
13:44:30.0306 0x1604  MBR partitions:
13:44:30.0306 0x1604  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
13:44:30.0306 0x1604  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236AFAB0
13:44:30.0306 0x1604  ============================================================
13:44:30.0323 0x1604  C: <-> \Device\Harddisk0\DR0\Partition2
13:44:30.0323 0x1604  ============================================================
13:44:30.0323 0x1604  Initialize success
13:44:30.0323 0x1604  ============================================================
13:44:40.0165 0x16c4  ============================================================
13:44:40.0165 0x16c4  Scan started
13:44:40.0165 0x16c4  Mode: Manual; SigCheck; TDLFS; 
13:44:40.0165 0x16c4  ============================================================
13:44:40.0165 0x16c4  KSN ping started
13:44:43.0007 0x16c4  KSN ping finished: true
13:44:44.0308 0x16c4  ================ Scan system memory ========================
13:44:44.0308 0x16c4  System memory - ok
13:44:44.0309 0x16c4  ================ Scan services =============================
13:44:44.0513 0x16c4  [ 969C91060CBB5D17CB8440B5F78B4C51, 9B5754DDACA15B11DB4D22B0473360C72CFA854AD4AD57546AF3B3C63AAE7759 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
13:44:44.0612 0x16c4  1394ohci - ok
13:44:44.0640 0x16c4  Suspicious service (NoAccess): ab6bf9c35ccd084
13:44:44.0694 0x16c4  [ 1F4AD48685B9CB32648B04DD4A43E64E, 3AE77CDD7196EF9C3CE454B030FE549D26D86108D70590EBA203B48F1250F9EA ] ab6bf9c35ccd084 C:\Windows\System32\Drivers\ab6bf9c35ccd084.sys
13:44:44.0694 0x16c4  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\ab6bf9c35ccd084.sys. md5: 1F4AD48685B9CB32648B04DD4A43E64E, sha256: 3AE77CDD7196EF9C3CE454B030FE549D26D86108D70590EBA203B48F1250F9EA
13:44:44.0737 0x16c4  ab6bf9c35ccd084 - detected Rootkit.Win32.Necurs.gen ( 0 )
13:44:47.0579 0x16c4  ab6bf9c35ccd084 ( Rootkit.Win32.Necurs.gen ) - infected
13:44:47.0579 0x16c4  Force sending object to P2P due to detect: ab6bf9c35ccd084
13:44:50.0277 0x16c4  Object send P2P result: true
13:44:52.0869 0x16c4  [ 794FF35015209B9D44F1360C42C9776D, 4CF2C3968A4A3A5211BAD5F6D9E7A70C18FAE0BF57F45413711AB0C974C419EA ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
13:44:52.0904 0x16c4  ACPI - ok
13:44:52.0960 0x16c4  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
13:44:52.0987 0x16c4  AcpiPmi - ok
13:44:53.0127 0x16c4  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:44:53.0152 0x16c4  AdobeARMservice - ok
13:44:53.0223 0x16c4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:44:53.0265 0x16c4  adp94xx - ok
13:44:53.0306 0x16c4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:44:53.0341 0x16c4  adpahci - ok
13:44:53.0383 0x16c4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:44:53.0411 0x16c4  adpu320 - ok
13:44:53.0486 0x16c4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:44:53.0552 0x16c4  AeLookupSvc - ok
13:44:53.0615 0x16c4  [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2, BBB1FB1A80D9641CB7965A75B8CB8094F0876E9631A93E6BDCC53A016EB48D05 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:44:53.0658 0x16c4  AERTFilters - ok
13:44:53.0738 0x16c4  [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD             C:\Windows\system32\drivers\afd.sys
13:44:53.0784 0x16c4  AFD - ok
13:44:53.0927 0x16c4  [ 4F2688F7399DC9A8C3078887E359095E, 773F851D26855689AB43F6D4ACC5F832321C45BDA3A1B321F390DDF41B99590C ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
13:44:53.0968 0x16c4  AffinegyService - ok
13:44:54.0009 0x16c4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
13:44:54.0033 0x16c4  agp440 - ok
13:44:54.0085 0x16c4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:44:54.0111 0x16c4  ALG - ok
13:44:54.0156 0x16c4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
13:44:54.0188 0x16c4  aliide - ok
13:44:54.0251 0x16c4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
13:44:54.0271 0x16c4  amdide - ok
13:44:54.0310 0x16c4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:44:54.0355 0x16c4  AmdK8 - ok
13:44:54.0397 0x16c4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:44:54.0423 0x16c4  AmdPPM - ok
13:44:54.0472 0x16c4  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:44:54.0496 0x16c4  amdsata - ok
13:44:54.0538 0x16c4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:44:54.0566 0x16c4  amdsbs - ok
13:44:54.0604 0x16c4  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:44:54.0626 0x16c4  amdxata - ok
13:44:54.0695 0x16c4  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
13:44:54.0733 0x16c4  AppID - ok
13:44:54.0775 0x16c4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:44:54.0837 0x16c4  AppIDSvc - ok
13:44:54.0894 0x16c4  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
13:44:54.0918 0x16c4  Appinfo - ok
13:44:55.0048 0x16c4  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:44:55.0066 0x16c4  Apple Mobile Device - ok
13:44:55.0103 0x16c4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:44:55.0127 0x16c4  arc - ok
13:44:55.0152 0x16c4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:44:55.0177 0x16c4  arcsas - ok
13:44:55.0217 0x16c4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:44:55.0284 0x16c4  AsyncMac - ok
13:44:55.0324 0x16c4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
13:44:55.0348 0x16c4  atapi - ok
13:44:55.0422 0x16c4  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:44:55.0518 0x16c4  AudioEndpointBuilder - ok
13:44:55.0586 0x16c4  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:44:55.0680 0x16c4  AudioSrv - ok
13:44:55.0740 0x16c4  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:44:55.0776 0x16c4  AxInstSV - ok
13:44:55.0842 0x16c4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:44:55.0900 0x16c4  b06bdrv - ok
13:44:55.0943 0x16c4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:44:55.0990 0x16c4  b57nd60a - ok
13:44:56.0054 0x16c4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:44:56.0082 0x16c4  BDESVC - ok
13:44:56.0132 0x16c4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:44:56.0196 0x16c4  Beep - ok
13:44:56.0269 0x16c4  [ 9BB84C554D7429F0A2CDF4EA1836F233, 36E5D815C752B726028D8EE4A49997226C6F259FF7E07DA8C6A115F697426231 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
13:44:56.0285 0x16c4  Belkin Local Backup Service - detected UnsignedFile.Multi.Generic ( 1 )
13:44:58.0987 0x16c4  Detect skipped due to KSN trusted
13:44:58.0987 0x16c4  Belkin Local Backup Service - ok
13:44:59.0059 0x16c4  [ E62A04D615A8CAC83601E1F07C010D3C, BA9E08EE979C3898DF573B61514B3EAA6E5DAAA182DA3618BFA1BD94ABDA0266 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
13:44:59.0069 0x16c4  Belkin Network USB Helper - detected UnsignedFile.Multi.Generic ( 1 )
13:45:01.0539 0x16c4  Detect skipped due to KSN trusted
13:45:01.0539 0x16c4  Belkin Network USB Helper - ok
13:45:01.0671 0x16c4  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
13:45:01.0785 0x16c4  BFE - ok
13:45:01.0875 0x16c4  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
13:45:01.0985 0x16c4  BITS - ok
13:45:02.0026 0x16c4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:45:02.0054 0x16c4  blbdrive - ok
13:45:02.0139 0x16c4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:45:02.0177 0x16c4  Bonjour Service - ok
13:45:02.0226 0x16c4  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:45:02.0254 0x16c4  bowser - ok
13:45:02.0311 0x16c4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:45:02.0342 0x16c4  BrFiltLo - ok
13:45:02.0370 0x16c4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:45:02.0396 0x16c4  BrFiltUp - ok
13:45:02.0463 0x16c4  [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser         C:\Windows\System32\browser.dll
13:45:02.0492 0x16c4  Browser - ok
13:45:02.0535 0x16c4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:45:02.0575 0x16c4  Brserid - ok
13:45:02.0609 0x16c4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:45:02.0640 0x16c4  BrSerWdm - ok
13:45:02.0673 0x16c4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:45:02.0699 0x16c4  BrUsbMdm - ok
13:45:02.0725 0x16c4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:45:02.0753 0x16c4  BrUsbSer - ok
13:45:02.0786 0x16c4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:45:02.0815 0x16c4  BTHMODEM - ok
13:45:02.0897 0x16c4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:45:02.0964 0x16c4  bthserv - ok
13:45:03.0004 0x16c4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:45:03.0071 0x16c4  cdfs - ok
13:45:03.0117 0x16c4  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:45:03.0147 0x16c4  cdrom - ok
13:45:03.0194 0x16c4  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:45:03.0263 0x16c4  CertPropSvc - ok
13:45:03.0299 0x16c4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:45:03.0326 0x16c4  circlass - ok
13:45:03.0392 0x16c4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:45:03.0428 0x16c4  CLFS - ok
13:45:03.0535 0x16c4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:45:03.0556 0x16c4  clr_optimization_v2.0.50727_32 - ok
13:45:03.0617 0x16c4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:45:03.0640 0x16c4  clr_optimization_v2.0.50727_64 - ok
13:45:03.0723 0x16c4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:45:03.0746 0x16c4  clr_optimization_v4.0.30319_32 - ok
13:45:03.0796 0x16c4  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:45:03.0817 0x16c4  clr_optimization_v4.0.30319_64 - ok
13:45:03.0864 0x16c4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:45:03.0887 0x16c4  CmBatt - ok
13:45:03.0936 0x16c4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
13:45:03.0958 0x16c4  cmdide - ok
13:45:04.0032 0x16c4  [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG             C:\Windows\system32\Drivers\cng.sys
13:45:04.0083 0x16c4  CNG - ok
13:45:04.0135 0x16c4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:45:04.0157 0x16c4  Compbatt - ok
13:45:04.0199 0x16c4  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:45:04.0234 0x16c4  CompositeBus - ok
13:45:04.0264 0x16c4  COMSysApp - ok
13:45:04.0299 0x16c4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:45:04.0319 0x16c4  crcdisk - ok
13:45:04.0393 0x16c4  [ F02786B66375292E58C8777082D4396D, EE7BCD10C014A16A06619EFD47226FAA1460A67CD7687EA8C38D63C71DBCD51B ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:45:04.0438 0x16c4  CryptSvc - ok
13:45:04.0506 0x16c4  [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:45:04.0533 0x16c4  CtClsFlt - ok
13:45:04.0615 0x16c4  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:45:04.0705 0x16c4  DcomLaunch - ok
13:45:04.0770 0x16c4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:45:04.0845 0x16c4  defragsvc - ok
13:45:04.0924 0x16c4  [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:45:04.0956 0x16c4  DfsC - ok
13:45:05.0024 0x16c4  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:45:05.0071 0x16c4  Dhcp - ok
13:45:05.0120 0x16c4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:45:05.0187 0x16c4  discache - ok
13:45:05.0250 0x16c4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:45:05.0273 0x16c4  Disk - ok
13:45:05.0337 0x16c4  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:45:05.0370 0x16c4  Dnscache - ok
13:45:05.0436 0x16c4  [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
13:45:05.0458 0x16c4  DockLoginService - detected UnsignedFile.Multi.Generic ( 1 )
13:45:07.0915 0x16c4  Detect skipped due to KSN trusted
13:45:07.0915 0x16c4  DockLoginService - ok
13:45:07.0975 0x16c4  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:45:08.0059 0x16c4  dot3svc - ok
13:45:08.0113 0x16c4  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
13:45:08.0185 0x16c4  DPS - ok
13:45:08.0226 0x16c4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:45:08.0268 0x16c4  drmkaud - ok
13:45:08.0363 0x16c4  [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:45:08.0427 0x16c4  DXGKrnl - ok
13:45:08.0503 0x16c4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:45:08.0574 0x16c4  EapHost - ok
13:45:08.0779 0x16c4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:45:08.0964 0x16c4  ebdrv - ok
13:45:09.0044 0x16c4  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS             C:\Windows\System32\lsass.exe
13:45:09.0083 0x16c4  EFS - ok
13:45:09.0183 0x16c4  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:45:09.0239 0x16c4  ehRecvr - ok
13:45:09.0286 0x16c4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:45:09.0316 0x16c4  ehSched - ok
13:45:09.0380 0x16c4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:45:09.0421 0x16c4  elxstor - ok
13:45:09.0451 0x16c4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
13:45:09.0473 0x16c4  ErrDev - ok
13:45:09.0586 0x16c4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:45:09.0667 0x16c4  EventSystem - ok
13:45:09.0713 0x16c4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:45:09.0783 0x16c4  exfat - ok
13:45:09.0826 0x16c4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:45:09.0897 0x16c4  fastfat - ok
13:45:09.0970 0x16c4  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
13:45:10.0025 0x16c4  Fax - ok
13:45:10.0056 0x16c4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:45:10.0081 0x16c4  fdc - ok
13:45:10.0132 0x16c4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:45:10.0198 0x16c4  fdPHost - ok
13:45:10.0231 0x16c4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:45:10.0297 0x16c4  FDResPub - ok
13:45:10.0351 0x16c4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:45:10.0373 0x16c4  FileInfo - ok
13:45:10.0410 0x16c4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:45:10.0477 0x16c4  Filetrace - ok
13:45:10.0507 0x16c4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:45:10.0530 0x16c4  flpydisk - ok
13:45:10.0580 0x16c4  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:45:10.0611 0x16c4  FltMgr - ok
13:45:10.0723 0x16c4  [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache       C:\Windows\system32\FntCache.dll
13:45:10.0800 0x16c4  FontCache - ok
13:45:10.0879 0x16c4  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:45:10.0897 0x16c4  FontCache3.0.0.0 - ok
13:45:10.0934 0x16c4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:45:10.0958 0x16c4  FsDepends - ok
13:45:11.0008 0x16c4  [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:45:11.0030 0x16c4  Fs_Rec - ok
13:45:11.0091 0x16c4  [ AE87BA80D0EC3B57126ED2CDC15B24ED, 7E0EA3CDB78054D9A4E3B5142305943F2914536D80B8FC363414C8838D51D56C ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:45:11.0124 0x16c4  fvevol - ok
13:45:11.0167 0x16c4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:45:11.0190 0x16c4  gagp30kx - ok
13:45:11.0265 0x16c4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:45:11.0283 0x16c4  GEARAspiWDM - ok
13:45:11.0336 0x16c4  [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:45:11.0352 0x16c4  GoToAssist - ok
13:45:11.0441 0x16c4  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:45:11.0511 0x16c4  gpsvc - ok
13:45:11.0579 0x16c4  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:45:11.0598 0x16c4  gupdate - ok
13:45:11.0628 0x16c4  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:45:11.0649 0x16c4  gupdatem - ok
13:45:11.0687 0x16c4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:45:11.0754 0x16c4  hcw85cir - ok
13:45:11.0811 0x16c4  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:45:11.0864 0x16c4  HDAudBus - ok
13:45:11.0916 0x16c4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:45:11.0959 0x16c4  HidBatt - ok
13:45:12.0024 0x16c4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:45:12.0121 0x16c4  HidBth - ok
13:45:12.0210 0x16c4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:45:12.0261 0x16c4  HidIr - ok
13:45:12.0317 0x16c4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:45:12.0399 0x16c4  hidserv - ok
13:45:12.0444 0x16c4  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:45:12.0490 0x16c4  HidUsb - ok
13:45:12.0558 0x16c4  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:45:12.0624 0x16c4  hkmsvc - ok
13:45:12.0686 0x16c4  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:45:12.0719 0x16c4  HomeGroupListener - ok
13:45:12.0766 0x16c4  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:45:12.0797 0x16c4  HomeGroupProvider - ok
13:45:12.0836 0x16c4  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
13:45:12.0861 0x16c4  HpSAMD - ok
13:45:12.0932 0x16c4  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:45:13.0064 0x16c4  HTTP - ok
13:45:13.0110 0x16c4  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:45:13.0149 0x16c4  hwpolicy - ok
13:45:13.0210 0x16c4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:45:13.0256 0x16c4  i8042prt - ok
13:45:13.0323 0x16c4  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:45:13.0372 0x16c4  iaStorV - ok
13:45:13.0475 0x16c4  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:45:13.0527 0x16c4  idsvc - ok
13:45:14.0048 0x16c4  [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:45:14.0780 0x16c4  igfx - ok
13:45:14.0858 0x16c4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:45:14.0880 0x16c4  iirsp - ok
13:45:14.0974 0x16c4  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
13:45:15.0077 0x16c4  IKEEXT - ok
13:45:15.0251 0x16c4  [ 0A5CCF2A30B7ED158F616728D3268FB1, 38B5BD835EE63363CE8C80FD4384B59DC983075CE6AC98EF305F50EB3B5E62BF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:45:15.0377 0x16c4  IntcAzAudAddService - ok
13:45:15.0414 0x16c4  [ 88A20FA54C73DED4E8DAC764E9130AE9, BBD9C8D12063F0A464FE0C48C6913A772EF5A5DCB8A00EBD37E494DCB752A5FF ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
13:45:15.0498 0x16c4  IntcHdmiAddService - ok
13:45:15.0547 0x16c4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
13:45:15.0568 0x16c4  intelide - ok
13:45:15.0599 0x16c4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:45:15.0650 0x16c4  intelppm - ok
13:45:15.0717 0x16c4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:45:15.0798 0x16c4  IPBusEnum - ok
13:45:15.0857 0x16c4  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:45:15.0925 0x16c4  IpFilterDriver - ok
13:45:16.0010 0x16c4  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:45:16.0114 0x16c4  iphlpsvc - ok
13:45:16.0140 0x16c4  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:45:16.0181 0x16c4  IPMIDRV - ok
13:45:16.0252 0x16c4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:45:16.0347 0x16c4  IPNAT - ok
13:45:16.0545 0x16c4  [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:45:16.0588 0x16c4  iPod Service - ok
13:45:16.0629 0x16c4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:45:16.0662 0x16c4  IRENUM - ok
13:45:16.0706 0x16c4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
13:45:16.0730 0x16c4  isapnp - ok
13:45:16.0776 0x16c4  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:45:16.0808 0x16c4  iScsiPrt - ok
13:45:16.0858 0x16c4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:45:16.0881 0x16c4  kbdclass - ok
13:45:16.0924 0x16c4  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:45:16.0984 0x16c4  kbdhid - ok
13:45:17.0030 0x16c4  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso          C:\Windows\system32\lsass.exe
13:45:17.0056 0x16c4  KeyIso - ok
13:45:17.0110 0x16c4  [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:45:17.0141 0x16c4  KSecDD - ok
13:45:17.0183 0x16c4  [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:45:17.0211 0x16c4  KSecPkg - ok
13:45:17.0292 0x16c4  [ EFB2614E9142FA4427CE82EE6DC0CA7B, DE67CED09EA1A3B10BF0F3B22B2675844122783AE2523CE01E0BDE2691FC684A ] KSS             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
13:45:17.0322 0x16c4  KSS - ok
13:45:17.0354 0x16c4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:45:17.0442 0x16c4  ksthunk - ok
13:45:17.0527 0x16c4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:45:17.0609 0x16c4  KtmRm - ok
13:45:17.0688 0x16c4  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:45:17.0725 0x16c4  LanmanServer - ok
13:45:17.0778 0x16c4  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:45:17.0846 0x16c4  LanmanWorkstation - ok
13:45:17.0909 0x16c4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:45:17.0993 0x16c4  lltdio - ok
13:45:18.0071 0x16c4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:45:18.0147 0x16c4  lltdsvc - ok
13:45:18.0190 0x16c4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:45:18.0256 0x16c4  lmhosts - ok
13:45:18.0314 0x16c4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:45:18.0357 0x16c4  LSI_FC - ok
13:45:18.0401 0x16c4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:45:18.0427 0x16c4  LSI_SAS - ok
13:45:18.0460 0x16c4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:45:18.0484 0x16c4  LSI_SAS2 - ok
13:45:18.0517 0x16c4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:45:18.0543 0x16c4  LSI_SCSI - ok
13:45:18.0584 0x16c4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:45:18.0686 0x16c4  luafv - ok
13:45:18.0761 0x16c4  [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:45:18.0780 0x16c4  MBAMProtector - ok
13:45:18.0911 0x16c4  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
13:45:19.0004 0x16c4  MBAMScheduler - ok
13:45:19.0089 0x16c4  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
13:45:19.0152 0x16c4  MBAMService - ok
13:45:19.0214 0x16c4  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:45:19.0238 0x16c4  MBAMSwissArmy - ok
13:45:19.0272 0x16c4  [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:45:19.0291 0x16c4  MBAMWebAccessControl - ok
13:45:19.0344 0x16c4  McAPExe - ok
13:45:19.0424 0x16c4  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:45:19.0454 0x16c4  Mcx2Svc - ok
13:45:19.0505 0x16c4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:45:19.0529 0x16c4  megasas - ok
13:45:19.0576 0x16c4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:45:19.0620 0x16c4  MegaSR - ok
13:45:19.0712 0x16c4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:45:19.0780 0x16c4  MMCSS - ok
13:45:19.0824 0x16c4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:45:19.0908 0x16c4  Modem - ok
13:45:19.0949 0x16c4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:45:19.0995 0x16c4  monitor - ok
13:45:20.0052 0x16c4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:45:20.0075 0x16c4  mouclass - ok
13:45:20.0117 0x16c4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:45:20.0174 0x16c4  mouhid - ok
13:45:20.0211 0x16c4  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:45:20.0238 0x16c4  mountmgr - ok
13:45:20.0316 0x16c4  [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:45:20.0344 0x16c4  MozillaMaintenance - ok
13:45:20.0385 0x16c4  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
13:45:20.0414 0x16c4  mpio - ok
13:45:20.0466 0x16c4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:45:20.0531 0x16c4  mpsdrv - ok
13:45:20.0622 0x16c4  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:45:20.0724 0x16c4  MpsSvc - ok
13:45:20.0786 0x16c4  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:45:20.0860 0x16c4  MRxDAV - ok
13:45:20.0924 0x16c4  [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:45:21.0015 0x16c4  mrxsmb - ok
13:45:21.0086 0x16c4  [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:45:21.0169 0x16c4  mrxsmb10 - ok
13:45:21.0223 0x16c4  [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:45:21.0276 0x16c4  mrxsmb20 - ok
13:45:21.0338 0x16c4  [ BCCF16D5FB1109162380E3E28DC9E4E5, E27253A4AD6A82A2F47FD36EC849EEBFA30538C97E1A3FF39FEFB34D3F908C9D ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
13:45:21.0359 0x16c4  msahci - ok
13:45:21.0409 0x16c4  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
13:45:21.0456 0x16c4  msdsm - ok
13:45:21.0512 0x16c4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:45:21.0546 0x16c4  MSDTC - ok
13:45:21.0609 0x16c4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:45:21.0679 0x16c4  Msfs - ok
13:45:21.0721 0x16c4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:45:21.0799 0x16c4  mshidkmdf - ok
13:45:21.0851 0x16c4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
13:45:21.0884 0x16c4  msisadrv - ok
13:45:21.0992 0x16c4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:45:22.0064 0x16c4  MSiSCSI - ok
13:45:22.0090 0x16c4  msiserver - ok
13:45:22.0155 0x16c4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:45:22.0236 0x16c4  MSKSSRV - ok
13:45:22.0274 0x16c4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:45:22.0356 0x16c4  MSPCLOCK - ok
13:45:22.0412 0x16c4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:45:22.0493 0x16c4  MSPQM - ok
13:45:22.0551 0x16c4  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:45:22.0598 0x16c4  MsRPC - ok
13:45:22.0656 0x16c4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:45:22.0677 0x16c4  mssmbios - ok
13:45:22.0710 0x16c4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:45:22.0792 0x16c4  MSTEE - ok
13:45:22.0829 0x16c4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:45:22.0871 0x16c4  MTConfig - ok
13:45:22.0934 0x16c4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:45:22.0960 0x16c4  Mup - ok
13:45:23.0030 0x16c4  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
13:45:23.0118 0x16c4  napagent - ok
13:45:23.0179 0x16c4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:45:23.0270 0x16c4  NativeWifiP - ok
13:45:23.0370 0x16c4  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:45:23.0451 0x16c4  NDIS - ok
13:45:23.0484 0x16c4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:45:23.0550 0x16c4  NdisCap - ok
13:45:23.0588 0x16c4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:45:23.0675 0x16c4  NdisTapi - ok
13:45:23.0731 0x16c4  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:45:23.0830 0x16c4  Ndisuio - ok
13:45:23.0879 0x16c4  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:45:23.0953 0x16c4  NdisWan - ok
13:45:23.0987 0x16c4  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:45:24.0076 0x16c4  NDProxy - ok
13:45:24.0157 0x16c4  [ DB4D44F86038A2931B06359DA2FAFD3C, 2CE561E3828ABFA3DA54EB215850E60201CB96F18C7528DF696292D57C3F0A06 ] NEOFLTR_710_18671 C:\Windows\system32\Drivers\NEOFLTR_710_18671.SYS
13:45:24.0181 0x16c4  NEOFLTR_710_18671 - ok
13:45:24.0220 0x16c4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:45:24.0304 0x16c4  NetBIOS - ok
13:45:24.0376 0x16c4  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:45:24.0497 0x16c4  NetBT - ok
13:45:24.0544 0x16c4  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon        C:\Windows\system32\lsass.exe
13:45:24.0567 0x16c4  Netlogon - ok
13:45:24.0648 0x16c4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:45:24.0729 0x16c4  Netman - ok
13:45:24.0801 0x16c4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:45:24.0887 0x16c4  netprofm - ok
13:45:24.0945 0x16c4  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:45:24.0967 0x16c4  NetTcpPortSharing - ok
13:45:25.0349 0x16c4  [ 4D85A450EDEF10C38882182753A49AAE, FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
13:45:25.0853 0x16c4  NETw5s64 - ok
13:45:25.0926 0x16c4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:45:25.0951 0x16c4  nfrd960 - ok
13:45:26.0031 0x16c4  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:45:26.0109 0x16c4  NlaSvc - ok
13:45:26.0154 0x16c4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:45:26.0237 0x16c4  Npfs - ok
13:45:26.0288 0x16c4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:45:26.0358 0x16c4  nsi - ok
13:45:26.0392 0x16c4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:45:26.0481 0x16c4  nsiproxy - ok
13:45:26.0615 0x16c4  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC, 2A78A36A729B271FE54A54E507EBC9AD9B9D764DBCB58AC3CBB8FC76D0075391 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:45:26.0738 0x16c4  Ntfs - ok
13:45:26.0781 0x16c4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:45:26.0863 0x16c4  Null - ok
13:45:26.0929 0x16c4  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:45:26.0962 0x16c4  nvraid - ok
13:45:27.0005 0x16c4  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:45:27.0035 0x16c4  nvstor - ok
13:45:27.0077 0x16c4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
13:45:27.0103 0x16c4  nv_agp - ok
13:45:27.0139 0x16c4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:45:27.0190 0x16c4  ohci1394 - ok
13:45:27.0271 0x16c4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:45:27.0293 0x16c4  ose - ok
13:45:27.0616 0x16c4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:45:27.0855 0x16c4  osppsvc - ok
13:45:27.0962 0x16c4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:45:28.0003 0x16c4  p2pimsvc - ok
13:45:28.0063 0x16c4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:45:28.0106 0x16c4  p2psvc - ok
13:45:28.0149 0x16c4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:45:28.0176 0x16c4  Parport - ok
13:45:28.0239 0x16c4  [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:45:28.0264 0x16c4  partmgr - ok
13:45:28.0315 0x16c4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:45:28.0355 0x16c4  PcaSvc - ok
13:45:28.0404 0x16c4  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
13:45:28.0435 0x16c4  pci - ok
13:45:28.0481 0x16c4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
13:45:28.0503 0x16c4  pciide - ok
13:45:28.0543 0x16c4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:45:28.0580 0x16c4  pcmcia - ok
13:45:28.0617 0x16c4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:45:28.0641 0x16c4  pcw - ok
13:45:28.0717 0x16c4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:45:28.0842 0x16c4  PEAUTH - ok
13:45:28.0984 0x16c4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:45:29.0010 0x16c4  PerfHost - ok
13:45:29.0152 0x16c4  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
13:45:29.0285 0x16c4  pla - ok
13:45:29.0382 0x16c4  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:45:29.0425 0x16c4  PlugPlay - ok
13:45:29.0494 0x16c4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:45:29.0520 0x16c4  PNRPAutoReg - ok
13:45:29.0578 0x16c4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:45:29.0615 0x16c4  PNRPsvc - ok
13:45:29.0694 0x16c4  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:45:29.0783 0x16c4  PolicyAgent - ok
13:45:29.0885 0x16c4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:45:29.0964 0x16c4  Power - ok
13:45:30.0015 0x16c4  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:45:30.0103 0x16c4  PptpMiniport - ok
13:45:30.0169 0x16c4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:45:30.0212 0x16c4  Processor - ok
13:45:30.0287 0x16c4  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\Windows\system32\profsvc.dll
13:45:30.0319 0x16c4  ProfSvc - ok
13:45:30.0360 0x16c4  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:45:30.0383 0x16c4  ProtectedStorage - ok
13:45:30.0446 0x16c4  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:45:30.0539 0x16c4  Psched - ok
13:45:30.0597 0x16c4  [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:45:30.0617 0x16c4  PxHlpa64 - ok
13:45:30.0743 0x16c4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:45:30.0877 0x16c4  ql2300 - ok
13:45:30.0918 0x16c4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:45:30.0944 0x16c4  ql40xx - ok
13:45:31.0012 0x16c4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:45:31.0060 0x16c4  QWAVE - ok
13:45:31.0096 0x16c4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:45:31.0128 0x16c4  QWAVEdrv - ok
13:45:31.0174 0x16c4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:45:31.0238 0x16c4  RasAcd - ok
13:45:31.0284 0x16c4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:45:31.0351 0x16c4  RasAgileVpn - ok
13:45:31.0397 0x16c4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:45:31.0465 0x16c4  RasAuto - ok
13:45:31.0491 0x16c4  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:45:31.0587 0x16c4  Rasl2tp - ok
13:45:31.0660 0x16c4  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
13:45:31.0739 0x16c4  RasMan - ok
13:45:31.0782 0x16c4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:45:31.0869 0x16c4  RasPppoe - ok
13:45:31.0913 0x16c4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:45:31.0999 0x16c4  RasSstp - ok
13:45:32.0061 0x16c4  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:45:32.0165 0x16c4  rdbss - ok
13:45:32.0206 0x16c4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:45:32.0271 0x16c4  rdpbus - ok
13:45:32.0327 0x16c4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:45:32.0419 0x16c4  RDPCDD - ok
13:45:32.0479 0x16c4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:45:32.0565 0x16c4  RDPENCDD - ok
13:45:32.0634 0x16c4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:45:32.0717 0x16c4  RDPREFMP - ok
13:45:32.0778 0x16c4  [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:45:32.0849 0x16c4  RDPWD - ok
13:45:32.0930 0x16c4  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:45:32.0963 0x16c4  rdyboost - ok
13:45:33.0041 0x16c4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:45:33.0108 0x16c4  RemoteAccess - ok
13:45:33.0168 0x16c4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:45:33.0237 0x16c4  RemoteRegistry - ok
13:45:33.0306 0x16c4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:45:33.0377 0x16c4  RpcEptMapper - ok
13:45:33.0417 0x16c4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:45:33.0441 0x16c4  RpcLocator - ok
13:45:33.0509 0x16c4  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
13:45:33.0601 0x16c4  RpcSs - ok
13:45:33.0643 0x16c4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:45:33.0729 0x16c4  rspndr - ok
13:45:33.0798 0x16c4  [ 2DB8116D52B19216812C4E6D5D837810, 00A524FF80DE69B6B6CA767C90723E833891C006AB43E65A1F6F14C38B8F2427 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
13:45:33.0841 0x16c4  RSUSBSTOR - ok
13:45:33.0912 0x16c4  [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:45:34.0010 0x16c4  RTL8167 - ok
13:45:34.0065 0x16c4  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs           C:\Windows\system32\lsass.exe
13:45:34.0087 0x16c4  SamSs - ok
13:45:34.0131 0x16c4  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
13:45:34.0158 0x16c4  sbp2port - ok
13:45:34.0224 0x16c4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:45:34.0297 0x16c4  SCardSvr - ok
13:45:34.0338 0x16c4  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:45:34.0423 0x16c4  scfilter - ok
13:45:34.0542 0x16c4  [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule        C:\Windows\system32\schedsvc.dll
13:45:34.0622 0x16c4  Schedule - ok
13:45:34.0676 0x16c4  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:45:34.0739 0x16c4  SCPolicySvc - ok
13:45:34.0792 0x16c4  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:45:34.0824 0x16c4  SDRSVC - ok
13:45:34.0984 0x16c4  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
13:45:35.0076 0x16c4  SDScannerService - ok
13:45:35.0229 0x16c4  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:45:35.0334 0x16c4  SDUpdateService - ok
13:45:35.0379 0x16c4  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
13:45:35.0403 0x16c4  SDWSCService - ok
13:45:35.0459 0x16c4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:45:35.0521 0x16c4  secdrv - ok
13:45:35.0583 0x16c4  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
13:45:35.0649 0x16c4  seclogon - ok
13:45:35.0774 0x16c4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:45:35.0840 0x16c4  SENS - ok
13:45:35.0914 0x16c4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:45:35.0941 0x16c4  SensrSvc - ok
13:45:35.0983 0x16c4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:45:36.0032 0x16c4  Serenum - ok
13:45:36.0089 0x16c4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:45:36.0117 0x16c4  Serial - ok
13:45:36.0160 0x16c4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:45:36.0204 0x16c4  sermouse - ok
13:45:36.0305 0x16c4  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:45:36.0374 0x16c4  SessionEnv - ok
13:45:36.0410 0x16c4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
13:45:36.0469 0x16c4  sffdisk - ok
13:45:36.0498 0x16c4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:45:36.0520 0x16c4  sffp_mmc - ok
13:45:36.0550 0x16c4  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
13:45:36.0595 0x16c4  sffp_sd - ok
13:45:36.0637 0x16c4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:45:36.0684 0x16c4  sfloppy - ok
13:45:36.0849 0x16c4  [ 74EC60E20516AAA573BE74F31175270F, 35A68231368DEE46FEF2A4E30BFAAC38F093FC5A362A7491ED38BDE11F0FC356 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:45:36.0933 0x16c4  SftService - ok
13:45:37.0000 0x16c4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:45:37.0084 0x16c4  SharedAccess - ok
13:45:37.0144 0x16c4  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:45:37.0193 0x16c4  ShellHWDetection - ok
13:45:37.0236 0x16c4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:45:37.0260 0x16c4  SiSRaid2 - ok
13:45:37.0288 0x16c4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:45:37.0313 0x16c4  SiSRaid4 - ok
13:45:37.0360 0x16c4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:45:37.0455 0x16c4  Smb - ok
13:45:37.0554 0x16c4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:45:37.0582 0x16c4  SNMPTRAP - ok
13:45:37.0624 0x16c4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:45:37.0647 0x16c4  spldr - ok
13:45:37.0728 0x16c4  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\Windows\System32\spoolsv.exe
13:45:37.0781 0x16c4  Spooler - ok
13:45:38.0003 0x16c4  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
13:45:38.0209 0x16c4  sppsvc - ok
13:45:38.0283 0x16c4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:45:38.0352 0x16c4  sppuinotify - ok
13:45:38.0428 0x16c4  [ D630B6F2E8379B6F10DC16E82A426552, 9F7949B11BCEF55B38119ED45BD92117A8551BEC8A2BCD88EA89707C48120F1B ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
13:45:38.0451 0x16c4  sprtsvc_DellSupportCenter - ok
13:45:38.0535 0x16c4  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:45:38.0640 0x16c4  srv - ok
13:45:38.0697 0x16c4  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:45:38.0766 0x16c4  srv2 - ok
13:45:38.0818 0x16c4  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:45:38.0867 0x16c4  srvnet - ok
13:45:38.0927 0x16c4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:45:39.0000 0x16c4  SSDPSRV - ok
13:45:39.0039 0x16c4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:45:39.0105 0x16c4  SstpSvc - ok
13:45:39.0157 0x16c4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:45:39.0178 0x16c4  stexstor - ok
13:45:39.0272 0x16c4  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
13:45:39.0331 0x16c4  stisvc - ok
13:45:39.0376 0x16c4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:45:39.0398 0x16c4  swenum - ok
13:45:39.0463 0x16c4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:45:39.0550 0x16c4  swprv - ok
13:45:39.0638 0x16c4  [ 52EB25BD8AB4E331028C48B178441B36, 72A907F447ADB4EF307A06D2BC1052BB2F3ED0F10DC13391DB8B43665F81FD74 ] sxuptp          C:\Windows\system32\DRIVERS\sxuptp.sys
13:45:39.0679 0x16c4  sxuptp - ok
13:45:39.0759 0x16c4  [ 1657B7442D5CE30533F5C4317716B468, 31C1C6D529F555FE6936F8765B262269364BDA2C6726AF70CA8BB148F4E5A56A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:45:39.0797 0x16c4  SynTP - ok
13:45:39.0960 0x16c4  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
13:45:40.0080 0x16c4  SysMain - ok
13:45:40.0151 0x16c4  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:45:40.0186 0x16c4  TabletInputService - ok
13:45:40.0258 0x16c4  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:45:40.0338 0x16c4  TapiSrv - ok
13:45:40.0384 0x16c4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:45:40.0451 0x16c4  TBS - ok
13:45:40.0610 0x16c4  [ 624C5B3AA4C99B3184BB922D9ECE3FF0, DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:45:40.0740 0x16c4  Tcpip - ok
13:45:40.0878 0x16c4  [ 624C5B3AA4C99B3184BB922D9ECE3FF0, DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:45:40.0980 0x16c4  TCPIP6 - ok
13:45:41.0053 0x16c4  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:45:41.0116 0x16c4  tcpipreg - ok
13:45:41.0177 0x16c4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:45:41.0215 0x16c4  TDPIPE - ok
13:45:41.0269 0x16c4  [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:45:41.0332 0x16c4  TDTCP - ok
13:45:41.0370 0x16c4  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:45:41.0462 0x16c4  tdx - ok
13:45:41.0505 0x16c4  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:45:41.0531 0x16c4  TermDD - ok
13:45:41.0608 0x16c4  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
13:45:41.0707 0x16c4  TermService - ok
13:45:41.0774 0x16c4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:45:41.0808 0x16c4  Themes - ok
13:45:41.0847 0x16c4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:45:41.0910 0x16c4  THREADORDER - ok
13:45:41.0970 0x16c4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:45:42.0039 0x16c4  TrkWks - ok
13:45:42.0141 0x16c4  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:45:42.0175 0x16c4  TrustedInstaller - ok
13:45:42.0224 0x16c4  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:45:42.0310 0x16c4  tssecsrv - ok
13:45:42.0375 0x16c4  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:45:42.0460 0x16c4  tunnel - ok
13:45:42.0505 0x16c4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:45:42.0530 0x16c4  uagp35 - ok
13:45:42.0602 0x16c4  [ 31BA4A33AFAB6A69EA092B18017F737F, CD19290394D20CCCCD186C80A682000D3A1187ABCB292753402C88C6FB83AB7F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:45:42.0695 0x16c4  udfs - ok
13:45:42.0778 0x16c4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:45:42.0806 0x16c4  UI0Detect - ok
13:45:42.0856 0x16c4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
13:45:42.0880 0x16c4  uliagpkx - ok
13:45:42.0924 0x16c4  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:45:42.0964 0x16c4  umbus - ok
13:45:43.0008 0x16c4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:45:43.0055 0x16c4  UmPass - ok
13:45:43.0139 0x16c4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:45:43.0219 0x16c4  upnphost - ok
13:45:43.0273 0x16c4  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:45:43.0346 0x16c4  USBAAPL64 - ok
13:45:43.0397 0x16c4  [ 537A4E03D7103C12D42DFD8FFDB5BDC9, 4E6F43A27E629C9769FAEF305BDCD3D7EDBEE1A98B919AF95CF045407A4297D6 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:45:43.0462 0x16c4  usbccgp - ok
13:45:43.0500 0x16c4  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
13:45:43.0568 0x16c4  usbcir - ok
13:45:43.0607 0x16c4  [ FBB21EBE49F6D560DB37AC25FBC68E66, 0F7B2F9BB4062FE24698FF6E5738E83B7FDA9E7FDE9206BEF18C8818627FF2CC ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:45:43.0658 0x16c4  usbehci - ok
13:45:43.0729 0x16c4  [ 6B7A8A99C4A459E73C286A6763EA24CC, 3A8D6AE1D970AAEC4E08B76DB1B2C06AC003AF4F50339416072973E89F660EE2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:45:43.0801 0x16c4  usbhub - ok
13:45:43.0841 0x16c4  [ 8C88AA7617B4CBC2E4BED61D26B33A27, 4575F0DDFF68C5632CBB7BE93A66FFEDD85BD4D4AEE79C44B2EDA4F8642C6EBF ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:45:43.0887 0x16c4  usbohci - ok
13:45:43.0933 0x16c4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:45:43.0980 0x16c4  usbprint - ok
13:45:44.0045 0x16c4  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:45:44.0095 0x16c4  usbscan - ok
13:45:44.0165 0x16c4  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:45:44.0235 0x16c4  USBSTOR - ok
13:45:44.0272 0x16c4  [ 0B5B3B2DF3FD1709618ACFA50B8392B0, 19F040A16C86C475DD33D935E6244593EC73FF9F8C872BC060DDD8AE4F3EDB55 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:45:44.0295 0x16c4  usbuhci - ok
13:45:44.0351 0x16c4  [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:45:44.0418 0x16c4  usbvideo - ok
13:45:44.0474 0x16c4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:45:44.0540 0x16c4  UxSms - ok
13:45:44.0590 0x16c4  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc        C:\Windows\system32\lsass.exe
13:45:44.0615 0x16c4  VaultSvc - ok
13:45:44.0660 0x16c4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
13:45:44.0683 0x16c4  vdrvroot - ok
13:45:44.0747 0x16c4  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
13:45:44.0799 0x16c4  vds - ok
13:45:44.0839 0x16c4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:45:44.0869 0x16c4  vga - ok
13:45:44.0904 0x16c4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:45:44.0987 0x16c4  VgaSave - ok
13:45:45.0070 0x16c4  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
13:45:45.0102 0x16c4  vhdmp - ok
13:45:45.0157 0x16c4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
13:45:45.0180 0x16c4  viaide - ok
13:45:45.0211 0x16c4  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
13:45:45.0240 0x16c4  volmgr - ok
13:45:45.0291 0x16c4  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:45:45.0349 0x16c4  volmgrx - ok
13:45:45.0411 0x16c4  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
13:45:45.0457 0x16c4  volsnap - ok
13:45:45.0501 0x16c4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:45:45.0537 0x16c4  vsmraid - ok
13:45:45.0681 0x16c4  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
13:45:45.0805 0x16c4  VSS - ok
13:45:45.0858 0x16c4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:45:45.0926 0x16c4  vwifibus - ok
13:45:46.0103 0x16c4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:45:46.0104 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
13:45:46.0160 0x16c4  vwififlt - detected LockedFile.Multi.Generic ( 1 )
13:45:48.0643 0x16c4  Detect skipped due to KSN trusted
13:45:48.0643 0x16c4  vwififlt - ok
13:45:48.0926 0x16c4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:45:49.0021 0x16c4  W32Time - ok
13:45:49.0092 0x16c4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:45:49.0093 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
13:45:49.0100 0x16c4  WacomPen - detected LockedFile.Multi.Generic ( 1 )
13:45:51.0863 0x16c4  Detect skipped due to KSN trusted
13:45:51.0863 0x16c4  WacomPen - ok
13:45:51.0931 0x16c4  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:45:51.0931 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
13:45:51.0942 0x16c4  WANARP - detected LockedFile.Multi.Generic ( 1 )
13:45:54.0642 0x16c4  Detect skipped due to KSN trusted
13:45:54.0642 0x16c4  WANARP - ok
13:45:54.0694 0x16c4  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:45:54.0695 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
13:45:54.0704 0x16c4  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
13:45:54.0704 0x16c4  Detect skipped due to KSN trusted
13:45:54.0704 0x16c4  Wanarpv6 - ok
13:45:54.0819 0x16c4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:45:54.0896 0x16c4  WatAdminSvc - ok
13:45:55.0000 0x16c4  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
13:45:55.0097 0x16c4  wbengine - ok
13:45:55.0165 0x16c4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:45:55.0207 0x16c4  WbioSrvc - ok
13:45:55.0278 0x16c4  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:45:55.0330 0x16c4  wcncsvc - ok
13:45:55.0367 0x16c4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:45:55.0410 0x16c4  WcsPlugInService - ok
13:45:55.0451 0x16c4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:45:55.0452 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
13:45:55.0466 0x16c4  Wd - detected LockedFile.Multi.Generic ( 1 )
13:45:58.0219 0x16c4  Detect skipped due to KSN trusted
13:45:58.0219 0x16c4  Wd - ok
13:45:58.0333 0x16c4  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:45:58.0334 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
13:45:58.0342 0x16c4  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
13:46:00.0973 0x16c4  Detect skipped due to KSN trusted
13:46:00.0973 0x16c4  Wdf01000 - ok
13:46:01.0068 0x16c4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:46:01.0121 0x16c4  WdiServiceHost - ok
13:46:01.0183 0x16c4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:46:01.0220 0x16c4  WdiSystemHost - ok
13:46:01.0283 0x16c4  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\Windows\System32\webclnt.dll
13:46:01.0379 0x16c4  WebClient - ok
13:46:01.0452 0x16c4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:46:01.0563 0x16c4  Wecsvc - ok
13:46:01.0801 0x16c4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:46:01.0893 0x16c4  wercplsupport - ok
13:46:01.0955 0x16c4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:46:02.0023 0x16c4  WerSvc - ok
13:46:02.0069 0x16c4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:46:02.0069 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
13:46:02.0094 0x16c4  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
13:46:04.0567 0x16c4  Detect skipped due to KSN trusted
13:46:04.0567 0x16c4  WfpLwf - ok
13:46:04.0620 0x16c4  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
13:46:04.0621 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wimfltr.sys. md5: B14EF15BD757FA488F9C970EEE9C0D35, sha256: F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794
13:46:04.0631 0x16c4  WimFltr - detected LockedFile.Multi.Generic ( 1 )
13:46:07.0400 0x16c4  Detect skipped due to KSN trusted
13:46:07.0400 0x16c4  WimFltr - ok
13:46:07.0463 0x16c4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:46:07.0464 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
13:46:07.0474 0x16c4  WIMMount - detected LockedFile.Multi.Generic ( 1 )
13:46:09.0939 0x16c4  Detect skipped due to KSN trusted
13:46:09.0939 0x16c4  WIMMount - ok
13:46:09.0993 0x16c4  WinDefend - ok
13:46:10.0048 0x16c4  WinHttpAutoProxySvc - ok
13:46:10.0133 0x16c4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:46:10.0237 0x16c4  Winmgmt - ok
13:46:10.0401 0x16c4  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:46:10.0614 0x16c4  WinRM - ok
13:46:10.0749 0x16c4  [ 4D52C872018AF7E18D078978DCC3F6F2, 046A0E56091120950422F8A83C8126682AAF0BBA97CF18DF0D0D4D59D01A4F28 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:46:10.0749 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: 4D52C872018AF7E18D078978DCC3F6F2, sha256: 046A0E56091120950422F8A83C8126682AAF0BBA97CF18DF0D0D4D59D01A4F28
13:46:10.0759 0x16c4  WinUsb - detected LockedFile.Multi.Generic ( 1 )
13:46:13.0235 0x16c4  Detect skipped due to KSN trusted
13:46:13.0235 0x16c4  WinUsb - ok
13:46:13.0445 0x16c4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:46:13.0520 0x16c4  Wlansvc - ok
13:46:13.0558 0x16c4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:46:13.0559 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
13:46:13.0566 0x16c4  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
13:46:16.0176 0x16c4  Detect skipped due to KSN trusted
13:46:16.0176 0x16c4  WmiAcpi - ok
13:46:16.0237 0x16c4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:46:16.0289 0x16c4  wmiApSrv - ok
13:46:16.0359 0x16c4  WMPNetworkSvc - ok
13:46:16.0399 0x16c4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:46:16.0433 0x16c4  WPCSvc - ok
13:46:16.0479 0x16c4  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:46:16.0531 0x16c4  WPDBusEnum - ok
13:46:16.0665 0x16c4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:46:16.0666 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
13:46:16.0676 0x16c4  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
13:46:19.0134 0x16c4  Detect skipped due to KSN trusted
13:46:19.0134 0x16c4  ws2ifsl - ok
13:46:19.0215 0x16c4  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:46:19.0287 0x16c4  wscsvc - ok
13:46:19.0314 0x16c4  WSearch - ok
13:46:19.0504 0x16c4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:46:19.0660 0x16c4  wuauserv - ok
13:46:19.0732 0x16c4  [ C63907207B837A5C05CF6D1606AA0008, 48EA50875C40B8451F1D0A4961B6886448C4EEBBA4EE0C24D9EBB9B635CDB4DB ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:46:19.0733 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: C63907207B837A5C05CF6D1606AA0008, sha256: 48EA50875C40B8451F1D0A4961B6886448C4EEBBA4EE0C24D9EBB9B635CDB4DB
13:46:19.0741 0x16c4  WudfPf - detected LockedFile.Multi.Generic ( 1 )
13:46:22.0386 0x16c4  Detect skipped due to KSN trusted
13:46:22.0386 0x16c4  WudfPf - ok
13:46:22.0454 0x16c4  [ D885A873D733020F8B9B9FF4B1666158, 57C0A8CC7F92E149EA42E2BA7CDAA84887AB3030EBDAB46D2D44BFA7CAD98678 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:46:22.0454 0x16c4  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: D885A873D733020F8B9B9FF4B1666158, sha256: 57C0A8CC7F92E149EA42E2BA7CDAA84887AB3030EBDAB46D2D44BFA7CAD98678
13:46:22.0462 0x16c4  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
13:46:25.0070 0x16c4  Detect skipped due to KSN trusted
13:46:25.0070 0x16c4  WUDFRd - ok
13:46:25.0155 0x16c4  [ 27B9BEE5AAC00139E3A3AF5D6227A0DC, 6287D44DDBA8481EFD785B4FB75FDE7639273BED4CAB433EA74B8C05F6E9B330 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:46:25.0195 0x16c4  wudfsvc - ok
13:46:25.0249 0x16c4  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:46:25.0321 0x16c4  WwanSvc - ok
13:46:25.0374 0x16c4  ================ Scan global ===============================
13:46:25.0437 0x16c4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:46:25.0482 0x16c4  [ 0CB6EBF4B461A6043353C570BD72A1E1, B6DA0AE56A7DC373F60CA1EF69E4D55E6F2EEB0D62AB78D555C5F85EB389A356 ] C:\Windows\system32\winsrv.dll
13:46:25.0516 0x16c4  [ 0CB6EBF4B461A6043353C570BD72A1E1, B6DA0AE56A7DC373F60CA1EF69E4D55E6F2EEB0D62AB78D555C5F85EB389A356 ] C:\Windows\system32\winsrv.dll
13:46:25.0549 0x16c4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:46:25.0580 0x16c4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:46:25.0594 0x16c4  [ Global ] - ok
13:46:25.0595 0x16c4  ================ Scan MBR ==================================
13:46:25.0609 0x16c4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:46:25.0994 0x16c4  \Device\Harddisk0\DR0 - ok
13:46:25.0995 0x16c4  ================ Scan VBR ==================================
13:46:26.0028 0x16c4  [ 2F176BF609765158BA9A8F1B8AF6F626 ] \Device\Harddisk0\DR0\Partition1
13:46:26.0031 0x16c4  \Device\Harddisk0\DR0\Partition1 - ok
13:46:26.0054 0x16c4  [ C9EBD8F87B06A9553AB3B59674084104 ] \Device\Harddisk0\DR0\Partition2
13:46:26.0102 0x16c4  \Device\Harddisk0\DR0\Partition2 - ok
13:46:26.0102 0x16c4  ================ Scan generic autorun ======================
13:46:26.0127 0x16c4  SynTPEnh - ok
13:46:26.0515 0x16c4  [ 883259F529BCC4FA6B7B092AF2041A44, 0C90906A18FA275160E440C867DF786714A47E3945CAA0031D06963A8AB7F907 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:46:26.0957 0x16c4  RtHDVCpl - ok
13:46:27.0018 0x16c4  [ B69A01794D44C769C2575AE75E2EB31F, CE19EEA3F738A5F2A2C43EB6699AACB21D798B9649D744FB983868FB3E58E7C1 ] C:\Windows\system32\igfxpers.exe
13:46:27.0062 0x16c4  Persistence - ok
13:46:27.0090 0x16c4  [ 0BBFE08ECCE8A209D07C3B68D63FC293, 0374316F3586D191437F5A54F9A322B3F68002652920477DBCFD48EF049E6F21 ] C:\Windows\system32\igfxtray.exe
13:46:27.0111 0x16c4  IgfxTray - ok
13:46:27.0157 0x16c4  [ 2F16207A65B62001FC73E6798D0B8F2A, 44B3B7E0ED654480EE6CB238976FCDC745BE3EFD7CDC71B262146A4CE63731CD ] C:\Windows\system32\hkcmd.exe
13:46:27.0198 0x16c4  HotKeysCmds - ok
13:46:27.0236 0x16c4  [ 1F5A26DF97C33CD24A8ED4D4A1FF1348, 4A6E75D4F5F6CB6CDC92F5281B64B7F81F28B0FDDF38EAD95735982E5F64A6A1 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
13:46:27.0257 0x16c4  PDVDDXSrv - ok
13:46:27.0259 0x16c4  mcui_exe - ok
13:46:27.0400 0x16c4  [ 9808FB2DD54BDF03EC605881F71C8D64, 5A10B1FF7048C9746E4E9DDA7D0D9F3C649F5CC3C88F2BDA6E2467F661935DA4 ] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
13:46:27.0526 0x16c4  InstaLAN - ok
13:46:27.0569 0x16c4  [ 0647EF247A5D0402E74FE89F5F6A8A11, 2DD529CFC058535900883AA51BCDEAC68182AED0EFB7B98E222249C3BEAD4F36 ] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
13:46:27.0614 0x16c4  Desktop Disc Tool - ok
13:46:27.0644 0x16c4  [ 00D1FB0073B4A8BD2989EA8FF4CC792B, 001A26FF51BF6BABF6325983F512CF8D84CADEE1CA36F166A41702D94C1B0841 ] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
13:46:27.0666 0x16c4  DellSupportCenter - ok
13:46:27.0717 0x16c4  [ 80B62FF105908EC9E4B072AFB1CFC824, B124F309CB42167D59097DB3346487A26D431EC05694CECF19F0C5938312B3E8 ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
13:46:27.0768 0x16c4  Dell Webcam Central - detected UnsignedFile.Multi.Generic ( 1 )
13:46:30.0459 0x16c4  Detect skipped due to KSN trusted
13:46:30.0460 0x16c4  Dell Webcam Central - ok
13:46:30.0599 0x16c4  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:46:30.0616 0x16c4  APSDaemon - ok
13:46:30.0680 0x16c4  [ 1CED9838255264E6F0C1BA8465167ABB, 40DA9531672A2BE9B4D856D5C07D9AA8BE8FC28EECE496BC2FEB7D357D3E0289 ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
13:46:30.0723 0x16c4  ConnectionCenter - ok
13:46:30.0783 0x16c4  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:46:30.0818 0x16c4  SunJavaUpdateSched - ok
13:46:30.0896 0x16c4  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
13:46:30.0950 0x16c4  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
13:46:33.0629 0x16c4  Detect skipped due to KSN trusted
13:46:33.0629 0x16c4  QuickTime Task - ok
13:46:33.0743 0x16c4  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:46:33.0764 0x16c4  iTunesHelper - ok
13:46:33.0961 0x16c4  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
13:46:34.0198 0x16c4  SDTray - ok
13:46:34.0266 0x16c4  [ EABCB3EBAB22B981A09DBC1E65D05E96, 9980D2ADF2CB726DC6832A7D8697605608C3C8121DC631134735386A402896A8 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
13:46:34.0335 0x16c4  "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" - detected UnsignedFile.Multi.Generic ( 1 )
13:46:36.0788 0x16c4  Detect skipped due to KSN trusted
13:46:36.0789 0x16c4  "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" - ok
13:46:36.0880 0x16c4  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:46:37.0002 0x16c4  Sidebar - ok
13:46:37.0032 0x16c4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:46:37.0091 0x16c4  mctadmin - ok
13:46:37.0169 0x16c4  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:46:37.0246 0x16c4  Sidebar - ok
13:46:37.0258 0x16c4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:46:37.0292 0x16c4  mctadmin - ok
13:46:37.0312 0x16c4  MobileDocuments - ok
13:46:37.0331 0x16c4  [ 096407F0CB75519F4DBFBA5BB413187B, 9F7A13FA6DA2B2FE58B69AD94DA372DA0C73918C1E3C57D1BC8F7662875C7CBD ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
13:46:37.0352 0x16c4  ApplePhotoStreams - ok
13:46:37.0372 0x16c4  [ CA595FA53E6C797EC1AB43AFB4B4F183, A0A7DDD2ECA97D6533DF908861C000B69C327184F4FFC7C4D971AE4651AD337F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
13:46:37.0389 0x16c4  iCloudServices - ok
13:46:37.0537 0x16c4  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
13:46:37.0558 0x16c4  Google Update - ok
13:46:37.0613 0x16c4  [ EFB2614E9142FA4427CE82EE6DC0CA7B, DE67CED09EA1A3B10BF0F3B22B2675844122783AE2523CE01E0BDE2691FC684A ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
13:46:37.0640 0x16c4  KSS - ok
13:46:37.0708 0x16c4  [ 6A9ED136D386414EA6E0C8B53641AC57, E8B200FF991F9F6247FC0F78838A86C2F00F5CEA3B4C5D784575E215B5DD0142 ] C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
13:46:37.0743 0x16c4  Best Buy pc app - detected UnsignedFile.Multi.Generic ( 1 )
13:46:40.0499 0x16c4  Best Buy pc app ( UnsignedFile.Multi.Generic ) - warning
13:46:40.0499 0x16c4  Force sending object to P2P due to detect: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
13:46:43.0212 0x16c4  Object send P2P result: true
13:46:45.0817 0x16c4  FlashPlayerUpdate - ok
13:46:45.0855 0x16c4  Win FW state via NFP2: enabled
13:46:48.0388 0x16c4  ============================================================
13:46:48.0388 0x16c4  Scan finished
13:46:48.0388 0x16c4  ============================================================
13:46:48.0406 0x16bc  Detected object count: 2
13:46:48.0406 0x16bc  Actual detected object count: 2
13:49:12.0576 0x16bc  C:\Windows\System32\Drivers\ab6bf9c35ccd084.sys - copied to quarantine
13:49:12.0615 0x16bc  HKLM\SYSTEM\ControlSet001\services\ab6bf9c35ccd084 - will be deleted on reboot
13:49:12.0695 0x16bc  HKLM\SYSTEM\ControlSet002\services\ab6bf9c35ccd084 - will be deleted on reboot
13:49:13.0237 0x16bc  C:\Windows\System32\Drivers\ab6bf9c35ccd084.sys - will be deleted on reboot
13:49:13.0237 0x16bc  ab6bf9c35ccd084 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
13:49:13.0238 0x16bc  Best Buy pc app ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:13.0238 0x16bc  Best Buy pc app ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:13.0874 0x16bc  KLMD registered as C:\Windows\system32\drivers\84320473.sys
13:49:24.0624 0x1608  Deinitialize success


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 28 January 2015 - 03:59 PM

OK,
 
next steps are:

Step 1

Download mbar.PNGMalwarebytes Anti-Rootkit to your Desktop.
  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
mbar.gif


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 28 January 2015 - 04:48 PM

****Mbar-Log*******
 
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.01.28.10
  rootkit: v2015.01.14.01
 
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Stephanie :: STEPH-PC [administrator]
 
1/28/2015 2:29:26 PM
mbar-log-2015-01-28 (14-29-26).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 383826
Time elapsed: 15 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
*****System-log*******
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.296000 GHz
Memory total: 3079610368, free: 1613197312
 
Downloaded database version: v2015.01.28.10
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.296000 GHz
Memory total: 3079610368, free: 1765212160
 
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
     01/28/2015 14:29:07
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\system32\Drivers\NEOFLTR_710_18671.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\sxuptp.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.01.28.10
  rootkit: v2015.01.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002f38740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002f38190, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002f38740, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002d45060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FE098249
 
Partition information:
 
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848  Numsec = 30720000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 30926848  Numsec = 594213552
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


#8 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 28 January 2015 - 04:55 PM

*****FRST****

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Stephanie (administrator) on STEPH-PC on 28-01-2015 14:49:19
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available profiles: Stephanie & Guest)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7970848 2009-07-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2011-03-15] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-13] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [Google Update] => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-29] (Google Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
SearchScopes: HKLM -> {D3E3B50F-2A74-4269-B4A8-4ED4DEA87E6A} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\l8bp2ncg.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2621610626-3318039025-3462326288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2621610626-3318039025-3462326288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: 9efe12fc8e7b41dc917eb9341daa31e0 - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\l8bp2ncg.default\Extensions\{9efe12fc-8e7b-41dc-917e-b9341daa31e0} [2015-01-19]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=M60C049FB-FC9F-488B-9FBA-AB7606423497&SearchSource=55&CUI=&UM=8&UP=SPBBC1B80E-D206-45D5-A77E-9F1E0BBEB2B4&SSPV=
CHR StartupUrls: Default -> "hxxp://www.animalpak.com/"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-19]
CHR Extension: (YouTube) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Cast) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Netflix) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-01-02]
CHR Extension: (Pandora) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-12-30]
CHR Extension: (Google Sheets) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 NEOFLTR_710_18671; C:\Windows\system32\Drivers\NEOFLTR_710_18671.SYS [99664 2011-06-23] (Juniper Networks)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 14:49 - 2015-01-28 14:49 - 00000000 ____D () C:\Users\Stephanie\Downloads\FRST-OlderVersion
2015-01-28 14:22 - 2015-01-28 14:46 - 00000000 ____D () C:\Users\Stephanie\Desktop\mbar
2015-01-28 14:18 - 2015-01-28 14:18 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Stephanie\Downloads\mbar-1.08.3.1004 (1).exe
2015-01-28 13:49 - 2015-01-28 13:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-28 12:33 - 2015-01-28 12:33 - 00000000 __SHD () C:\found.000
2015-01-28 10:41 - 2015-01-28 10:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Stephanie\Desktop\tdsskiller.exe
2015-01-27 20:36 - 2015-01-28 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 03:02 - 2015-01-26 03:02 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-26 03:02 - 2015-01-26 03:02 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-26 03:02 - 2015-01-26 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-26 03:02 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-26 03:00 - 2015-01-26 03:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Stephanie\Downloads\spybot-2.4(1).exe
2015-01-26 02:57 - 2015-01-26 02:57 - 00000637 _____ () C:\Users\Stephanie\Desktop\JRT.txt
2015-01-26 00:19 - 2015-01-26 00:22 - 621283886 _____ () C:\Users\Stephanie\Downloads\Hirens.BootCD.15.2.zip
2015-01-21 21:26 - 2015-01-21 21:26 - 00013888 _____ () C:\Users\Stephanie\Desktop\attach.txt
2015-01-21 21:26 - 2015-01-21 21:25 - 00022829 _____ () C:\Users\Stephanie\Desktop\dds.txt
2015-01-21 21:24 - 2015-01-21 21:24 - 00688992 ____R (Swearware) C:\Users\Stephanie\Downloads\dds.com
2015-01-21 15:59 - 2015-01-21 16:00 - 00852520 _____ () C:\Users\Stephanie\Downloads\SecurityCheck(1).exe
2015-01-21 15:59 - 2015-01-21 15:59 - 00852520 _____ () C:\Users\Stephanie\Downloads\SecurityCheck.exe
2015-01-21 15:33 - 2015-01-28 14:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 15:23 - 2015-01-21 15:23 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Stephanie\Downloads\mbar-1.08.3.1004.exe
2015-01-21 15:13 - 2015-01-26 02:01 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-01-21 15:13 - 2015-01-21 15:13 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-21 15:10 - 2015-01-21 15:11 - 00753184 _____ () C:\Users\Stephanie\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-21 14:47 - 2015-01-21 14:47 - 01707939 _____ (Thisisu) C:\Users\Stephanie\Desktop\JRT(1).exe
2015-01-21 14:34 - 2015-01-21 14:34 - 00032585 _____ () C:\Users\Stephanie\Downloads\Result.txt
2015-01-21 14:31 - 2015-01-21 14:32 - 00401920 _____ (Farbar) C:\Users\Stephanie\Downloads\MiniToolBox.exe
2015-01-21 04:28 - 2015-01-21 04:28 - 00001479 _____ () C:\Users\Stephanie\Desktop\Install Kaspersky Internet Security version 15.0.1.415.lnk
2015-01-21 03:57 - 2015-01-27 20:38 - 00027097 _____ () C:\Users\Stephanie\Downloads\Addition.txt
2015-01-21 03:55 - 2015-01-28 14:49 - 02130432 _____ (Farbar) C:\Users\Stephanie\Downloads\FRST64.exe
2015-01-21 03:55 - 2015-01-28 14:49 - 00022216 _____ () C:\Users\Stephanie\Downloads\FRST.txt
2015-01-21 03:55 - 2015-01-28 14:49 - 00000000 ____D () C:\FRST
2015-01-20 22:05 - 2015-01-20 22:05 - 01707939 _____ (Thisisu) C:\Users\Stephanie\Downloads\JRT.exe
2015-01-20 22:05 - 2015-01-20 22:05 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:53 - 2015-01-21 15:08 - 00000000 ____D () C:\AdwCleaner
2015-01-20 21:52 - 2015-01-20 21:53 - 02186752 _____ () C:\Users\Stephanie\Downloads\adwcleaner_4.108.exe
2015-01-20 21:39 - 2015-01-21 04:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-20 21:36 - 2015-01-20 21:38 - 196444992 _____ (Kaspersky Lab) C:\Users\Stephanie\Downloads\kts15.0.2.361en_7225.exe
2015-01-20 19:47 - 2015-01-20 19:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-20 19:46 - 2015-01-28 01:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 19:45 - 2015-01-26 03:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 19:44 - 2015-01-20 19:44 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Stephanie\Downloads\spybot-2.4.exe
2015-01-20 17:11 - 2015-01-20 17:11 - 00001079 _____ () C:\Users\Stephanie\Desktop\Kaspersky Security Scan.lnk
2015-01-20 17:11 - 2015-01-20 17:11 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-01-20 17:11 - 2015-01-20 17:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-20 17:11 - 2015-01-20 17:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-20 17:10 - 2015-01-20 17:10 - 00364640 _____ (Kaspersky Lab) C:\Users\Stephanie\Downloads\kss12.0.1.808_6398_6399.exe
2015-01-19 12:49 - 2015-01-28 14:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 12:49 - 2015-01-19 12:49 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 12:49 - 2015-01-19 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 12:48 - 2015-01-28 14:28 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 12:48 - 2015-01-19 12:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Stephanie\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 12:48 - 2015-01-19 12:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 12:48 - 2015-01-19 12:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 12:48 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-19 12:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 12:47 - 2015-01-20 22:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 12:47 - 2015-01-19 12:47 - 04637504 _____ (AVG Technologies) C:\Users\Stephanie\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-19 12:47 - 2015-01-19 12:47 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\MFAData
2015-01-19 12:38 - 2015-01-19 12:38 - 00280768 _____ () C:\Windows\Minidump\011915-27003-01.dmp
2015-01-16 15:02 - 2015-01-16 15:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\58E9643A-E035-1D45-8F80-8495C365477F
2015-01-16 14:57 - 2015-01-16 14:57 - 00001730 _____ () C:\ProgramData\tempimage.bmp
2015-01-14 20:50 - 2015-01-14 20:50 - 00613057 _____ (CMI Limited) C:\Users\Stephanie\AppData\Local\nsb1C32.tmp
2015-01-14 20:25 - 2015-01-15 19:06 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-01-14 20:21 - 2015-01-16 17:33 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-14 20:18 - 2015-01-19 13:14 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.31
2015-01-14 20:18 - 2015-01-14 20:21 - 00000000 ____D () C:\9c041e6f2524c08fd30c6883be
2015-01-14 20:18 - 2015-01-14 20:18 - 00000537 _____ () C:\Windows\KB893803v2.log
2015-01-10 17:49 - 2014-06-20 10:38 - 00072128 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2015-01-10 17:49 - 2014-06-20 10:23 - 00523792 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2015-01-10 17:49 - 2014-06-20 10:20 - 00181704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-01-10 17:40 - 2015-01-10 17:40 - 00282392 _____ () C:\Windows\Minidump\011015-25568-01.dmp
2014-12-29 22:03 - 2015-01-28 14:08 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA.job
2014-12-29 22:03 - 2015-01-26 00:20 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core.job
2014-12-29 22:03 - 2014-12-29 22:03 - 00880784 _____ (Google Inc.) C:\Users\Stephanie\Downloads\chromecastinstaller.exe
2014-12-29 22:03 - 2014-12-29 22:03 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA
2014-12-29 22:03 - 2014-12-29 22:03 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core
2014-12-29 22:03 - 2014-12-29 22:03 - 00001226 _____ () C:\Users\Stephanie\Desktop\Chromecast.lnk
2014-12-29 22:03 - 2014-12-29 22:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-29 22:02 - 2015-01-28 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-29 22:02 - 2015-01-25 16:47 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-29 22:01 - 2015-01-28 14:26 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 22:01 - 2015-01-28 14:06 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 22:01 - 2014-12-29 22:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Google
2014-12-29 22:01 - 2014-12-29 22:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 22:01 - 2014-12-29 22:01 - 00880784 _____ (Google Inc.) C:\Users\Stephanie\Downloads\ChromeSetup.exe
2014-12-29 22:01 - 2014-12-29 22:01 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-29 22:01 - 2014-12-29 22:01 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 14:34 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 14:34 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 14:32 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 14:29 - 2009-07-14 00:10 - 01194245 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 14:27 - 2010-10-18 12:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-28 14:26 - 2010-12-08 19:17 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\SoftThinks
2015-01-28 14:26 - 2010-10-18 12:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-28 14:26 - 2010-10-18 12:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-28 14:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 14:26 - 2009-07-13 23:51 - 00113122 _____ () C:\Windows\setupact.log
2015-01-28 11:37 - 2013-07-31 17:56 - 00000000 ____D () C:\Users\Guest
2015-01-28 11:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 10:42 - 2010-12-11 10:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E212FC62-636C-45CD-A2CC-9F08A31E0036}
2015-01-28 10:39 - 2010-12-08 19:17 - 00000000 ____D () C:\Users\Stephanie
2015-01-26 02:13 - 2010-10-18 13:52 - 00468132 _____ () C:\Windows\PFRO.log
2015-01-21 15:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-20 22:02 - 2012-04-30 09:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 17:19 - 2011-02-02 23:01 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-20 17:19 - 2011-02-02 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-19 13:39 - 2010-10-18 12:28 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-19 13:34 - 2010-12-08 18:22 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Deployment
2015-01-19 13:23 - 2010-10-18 12:21 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-19 13:23 - 2010-10-18 12:21 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-19 13:22 - 2010-10-18 14:45 - 00000000 ____D () C:\Windows\Panther
2015-01-19 13:11 - 2012-12-01 12:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-19 12:38 - 2010-12-18 21:47 - 351547093 _____ () C:\Windows\MEMORY.DMP
2015-01-19 12:38 - 2010-12-18 21:47 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:31 - 2011-11-27 16:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-14 20:30 - 2014-08-29 17:09 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2015-01-14 20:50 - 2015-01-14 20:50 - 0613057 _____ (CMI Limited) C:\Users\Stephanie\AppData\Local\nsb1C32.tmp
2011-02-02 23:05 - 2011-02-02 23:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-01-16 14:57 - 2015-01-16 14:57 - 0001730 _____ () C:\ProgramData\tempimage.bmp
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2015-01-26 04:35
 
==================== End Of Log ============================
 
 
 
******Addition******
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Stephanie at 2015-01-28 14:50:31
Running from C:\Users\Stephanie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.33.1 - Citrix Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.2 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Idle Crawler (HKLM-x32\...\58E9643A-E035-1D45-8F80-8495C365477F) (Version: 125.0.0.472 - EUROHAUTE LTD) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Juniper Networks Cache Cleaner 6.5.0 (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Juniper_Networks_Cache_Cleaner 6.5.0) (Version: 6.5.0.15551 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Neoteris_Host_Checker) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Juniper_Setup_Client) (Version: 7.1.3.11013 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5894 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 5.1 (HKLM-x32\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.1.112 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
19-01-2015 12:53:29 Installed AVG 2015
19-01-2015 12:57:37 Removed AVG 2015
19-01-2015 13:16:16 Installed AVG 2015
19-01-2015 13:17:27 Installed AVG 2015
19-01-2015 13:20:12 Removed AVG 2015
19-01-2015 13:28:10 Installed AVG 2015
19-01-2015 13:29:19 Installed AVG 2015
19-01-2015 13:31:29 Removed AVG 2015
19-01-2015 13:38:33 Removed Live! Cam Avatar Creator
19-01-2015 13:57:41 Installed AVG 2015
19-01-2015 13:58:18 Installed AVG 2015
19-01-2015 13:59:58 Removed AVG 2015
20-01-2015 17:01:03 Installed AVG 2015
20-01-2015 17:01:36 Installed AVG 2015
20-01-2015 17:03:43 Removed AVG 2015
20-01-2015 21:33:46 Installed AVG 2015
20-01-2015 21:35:34 Installed AVG 2015
20-01-2015 21:38:39 Removed AVG 2015
21-01-2015 15:52:55 Malwarebytes Anti-Rootkit Restore Point
26-01-2015 04:43:06 Windows Defender Checkpoint
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14BD26DE-78B4-4562-AE05-7963054D454D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {34737022-323D-47B3-BE7D-4B2F578930F9} - \Microsoft\Windows\Maintenance\Update IC No Task File <==== ATTENTION
Task: {40080923-F81A-4A48-A42F-B378806BC5B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6FFAC60E-FF0D-4133-A938-FB2005E5BA43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: {79F5B4A7-ADB9-46F3-83F2-8CD5C22DF5AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8B5FDC8D-7D70-4578-B2DE-337678715B13} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A8C26F27-FFAE-4811-8A8C-D6E951D4A40B} - \Runner IC No Task File <==== ATTENTION
Task: {B5CAC6CE-A519-4D0C-A7CB-6BCCDAAF6659} - System32\Tasks\{71527019-0641-4467-8891-35710E16FF63} => pcalua.exe -a C:\Users\STEPHA~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B742AC82-BFD3-4761-8E5D-F35F4BD6B3A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: {C0CF1972-CA86-4095-81BE-D659D8F5834D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: {CF61CE16-37C4-4BEA-BE75-E26BAA8F480C} - System32\Tasks\{18EA1A13-EEB6-41DD-9E5A-F23E503BB1E6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2011-01-26] (Skype Technologies S.A.)
Task: {E5D025D3-535F-4C42-AEEB-19265009F637} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F9CA12A7-E90E-4A83-A855-575D8FF33CFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD601485-27C9-404D-BAD8-DD12CFD66112} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-13 14:42 - 2011-04-19 15:31 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2012-08-13 14:42 - 2010-02-09 14:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2010-10-18 12:23 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-06-16 16:17 - 2012-06-16 16:17 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\f27d7b63f6006c9768f7256ca9403386\VistaBridgeLibrary.ni.dll
2009-10-15 03:10 - 2009-10-15 03:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-08-13 14:42 - 2011-04-19 15:31 - 00150016 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2012-08-13 14:41 - 2012-01-17 14:09 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-26 03:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-26 03:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-26 03:02 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-26 03:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-26 03:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-10-18 12:23 - 2011-08-01 12:55 - 00132416 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-10-18 12:23 - 2011-08-01 12:54 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-10-18 12:23 - 2011-08-01 12:55 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2014-06-15 23:40 - 2014-06-15 23:40 - 02124256 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 07422144 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 02453696 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00192704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00794816 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2012-08-13 14:40 - 2010-08-22 19:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2012-08-13 14:40 - 2010-08-22 19:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2012-08-13 14:40 - 2010-08-22 19:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2012-08-13 14:40 - 2010-08-22 19:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2012-08-13 14:40 - 2010-08-22 18:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2012-08-13 14:41 - 2012-01-17 13:27 - 00669696 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2015-01-25 16:47 - 2015-01-20 22:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-25 16:47 - 2015-01-20 22:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-25 16:47 - 2015-01-20 22:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48975169.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48975169.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2621610626-3318039025-3462326288-500 - Administrator - Disabled)
Guest (S-1-5-21-2621610626-3318039025-3462326288-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2621610626-3318039025-3462326288-1002 - Limited - Enabled)
Stephanie (S-1-5-21-2621610626-3318039025-3462326288-1000 - Administrator - Enabled) => C:\Users\Stephanie
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2015 01:42:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2411042
 
Error: (01/28/2015 01:42:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2411042
 
Error: (01/28/2015 01:42:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 01:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2410044
 
Error: (01/28/2015 01:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2410044
 
Error: (01/28/2015 01:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 01:42:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2409046
 
Error: (01/28/2015 01:42:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2409046
 
Error: (01/28/2015 01:42:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 01:42:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2408032
 
 
System errors:
=============
Error: (01/28/2015 02:27:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 02:26:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 02:26:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 02:26:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 02:26:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 02:26:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 02:26:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 02:26:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 02:26:23 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee AP Service service depends the following service: mfevtp. This service might not be installed.
 
Error: (01/28/2015 02:26:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (01/28/2015 01:42:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2411042
 
Error: (01/28/2015 01:42:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2411042
 
Error: (01/28/2015 01:42:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 01:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2410044
 
Error: (01/28/2015 01:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2410044
 
Error: (01/28/2015 01:42:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 01:42:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2409046
 
Error: (01/28/2015 01:42:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2409046
 
Error: (01/28/2015 01:42:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 01:42:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2408032
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-09-13 21:18:38.217
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\43360e.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-13 21:18:38.057
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\43360e.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU U4100 @ 1.30GHz
Percentage of memory in use: 44%
Total physical RAM: 2936.95 MB
Available physical RAM: 1622.45 MB
Total Pagefile: 5872 MB
Available Pagefile: 3879.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:218.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FE098249)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 28 January 2015 - 05:13 PM

:rip: Necurs...
 
:notanangel:


Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Idle Crawler

  • Reboot your computer.

Step 2

warning.gif No resident protection warning

Always have one (and no more than one!) Antivirus program, as the resident protection is absolutely a must-have on any Windows! Please install one of them:

 

Step 3


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 28 January 2015 - 10:11 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9d9c93b747507548a20f268dd1dcf43e
# engine=22197
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-28 11:19:40
# local_time=2015-01-28 06:19:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 0 6194791 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 174030630 0 0
# scanned=212460
# found=10
# cleaned=0
# scan_time=6976
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan" ac=I fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=5D1620E50CE2809C5A27F70270E0CB6447992461 ft=1 fh=e2d3d6285cf7ee70 vn="a variant of Win64/TrojanDownloader.Necurs.G trojan" ac=I fn="C:\TDSSKiller_Quarantine\28.01.2015_13.44.20\necurs0000\svc0000\tsk0000.dta"
sh=0AF4F72212C153B3C218F29DD9D06A47B09D7707 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Guest\AppData\Local\Temp\jar_cache3216722908807267405.tmp"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC potentially unwanted application" ac=I fn="C:\Users\Stephanie\AppData\Local\nsb1C32.tmp"
sh=A8898D611272E11110F94A4BAAB520C0B089F45D ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\l8bp2ncg.default\cache2\entries\4717910E56AC275694DA1C64C8CF4960B73C39A6"
sh=D6E616167D9684B9F4CA8E52D50A0E3F77A81083 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\l8bp2ncg.default\cache2\entries\AFB99564DBFE302097BBAABC5240294BC2A68780"
sh=A088DCA5012C0277BEFD81FC28FCD674CDA1AD64 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\l8bp2ncg.default\cache2\entries\C04E51FCC21993AF6E8A7BB3CA4C69E6EEC87A4C"
sh=8B47F8F9C0CB46B01F19259C99F08D57223581C9 ft=0 fh=0000000000000000 vn="Win32/PSWTool.KonBoot.A potentially unsafe application" ac=I fn="C:\Users\Stephanie\Downloads\Hirens.BootCD.15.2.zip"


#11 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 28 January 2015 - 10:14 PM

******Addition******

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Stephanie at 2015-01-28 20:13:03
Running from C:\Users\Stephanie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.33.1 - Citrix Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.2 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dropbox (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Juniper Networks Cache Cleaner 6.5.0 (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Juniper_Networks_Cache_Cleaner 6.5.0) (Version: 6.5.0.15551 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Neoteris_Host_Checker) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.1.0.18671 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Juniper_Setup_Client) (Version: 7.1.3.11013 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5894 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 5.1 (HKLM-x32\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.1.112 - Skype Technologies S.A.)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
20-01-2015 17:03:43 Removed AVG 2015
20-01-2015 21:33:46 Installed AVG 2015
20-01-2015 21:35:34 Installed AVG 2015
20-01-2015 21:38:39 Removed AVG 2015
21-01-2015 15:52:55 Malwarebytes Anti-Rootkit Restore Point
26-01-2015 04:43:06 Windows Defender Checkpoint
28-01-2015 16:09:27 avast! antivirus system restore point
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2FDA3BB7-BE0B-42D5-9C88-47E1FD9E008B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-28] (AVAST Software)
Task: {3F618D32-8461-4A98-B8D7-0C0574728B45} - System32\Tasks\avastBCLRestartS-1-5-21-2621610626-3318039025-3462326288-1000 => Chrome.exe 
Task: {6FFAC60E-FF0D-4133-A938-FB2005E5BA43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: {8B5FDC8D-7D70-4578-B2DE-337678715B13} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B5CAC6CE-A519-4D0C-A7CB-6BCCDAAF6659} - System32\Tasks\{71527019-0641-4467-8891-35710E16FF63} => pcalua.exe -a C:\Users\STEPHA~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B742AC82-BFD3-4761-8E5D-F35F4BD6B3A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: {C0CF1972-CA86-4095-81BE-D659D8F5834D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: {CF61CE16-37C4-4BEA-BE75-E26BAA8F480C} - System32\Tasks\{18EA1A13-EEB6-41DD-9E5A-F23E503BB1E6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2011-01-26] (Skype Technologies S.A.)
Task: {E5D025D3-535F-4C42-AEEB-19265009F637} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F9CA12A7-E90E-4A83-A855-575D8FF33CFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD601485-27C9-404D-BAD8-DD12CFD66112} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-13 14:42 - 2011-04-19 15:31 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2012-08-13 14:42 - 2010-02-09 14:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2010-10-18 12:23 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-06-16 16:17 - 2012-06-16 16:17 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\f27d7b63f6006c9768f7256ca9403386\VistaBridgeLibrary.ni.dll
2009-10-15 03:10 - 2009-10-15 03:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-08-13 14:42 - 2011-04-19 15:31 - 00150016 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2012-08-13 14:41 - 2012-01-17 14:09 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-18 12:23 - 2011-08-01 12:55 - 00132416 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-10-18 12:23 - 2011-08-01 12:54 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-10-18 12:23 - 2011-08-01 12:55 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2012-08-13 14:40 - 2010-08-22 19:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2012-08-13 14:40 - 2010-08-22 19:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2012-08-13 14:40 - 2010-08-22 19:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2012-08-13 14:40 - 2010-08-22 19:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2012-08-13 14:40 - 2010-08-22 18:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2012-08-13 14:41 - 2012-01-17 13:27 - 00669696 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2015-01-28 16:11 - 2015-01-28 16:11 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012800\algo.dll
2015-01-28 16:11 - 2015-01-28 16:11 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-25 16:47 - 2015-01-20 22:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-25 16:47 - 2015-01-20 22:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-25 16:47 - 2015-01-20 22:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48975169.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48975169.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2621610626-3318039025-3462326288-500 - Administrator - Disabled)
Guest (S-1-5-21-2621610626-3318039025-3462326288-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2621610626-3318039025-3462326288-1002 - Limited - Enabled)
Stephanie (S-1-5-21-2621610626-3318039025-3462326288-1000 - Administrator - Enabled) => C:\Users\Stephanie
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2015 08:10:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (01/28/2015 08:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1956299
 
Error: (01/28/2015 08:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1956299
 
Error: (01/28/2015 08:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 08:09:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1955254
 
Error: (01/28/2015 08:09:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1955254
 
Error: (01/28/2015 08:09:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 08:09:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1954256
 
Error: (01/28/2015 08:09:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1954256
 
Error: (01/28/2015 08:09:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/28/2015 08:09:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 08:09:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 08:09:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 08:09:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 08:09:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 08:09:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 07:37:01 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/28/2015 04:23:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
 
Error: (01/28/2015 04:23:23 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (01/28/2015 04:23:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
 
 
Microsoft Office Sessions:
=========================
Error: (01/28/2015 08:10:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (01/28/2015 08:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1956299
 
Error: (01/28/2015 08:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1956299
 
Error: (01/28/2015 08:09:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 08:09:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1955254
 
Error: (01/28/2015 08:09:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1955254
 
Error: (01/28/2015 08:09:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2015 08:09:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1954256
 
Error: (01/28/2015 08:09:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1954256
 
Error: (01/28/2015 08:09:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-09-13 21:18:38.217
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\43360e.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-13 21:18:38.057
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\43360e.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU U4100 @ 1.30GHz
Percentage of memory in use: 57%
Total physical RAM: 2936.95 MB
Available physical RAM: 1234.36 MB
Total Pagefile: 5872 MB
Available Pagefile: 3879.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:221.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FE098249)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
******FRST*******
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Stephanie (administrator) on STEPH-PC on 28-01-2015 20:11:51
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available profiles: Stephanie & Guest)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7970848 2009-07-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2011-03-15] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2015-01-28] (AVAST Software)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-13] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [Google Update] => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-29] (Google Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
SearchScopes: HKLM -> {D3E3B50F-2A74-4269-B4A8-4ED4DEA87E6A} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\l8bp2ncg.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2621610626-3318039025-3462326288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2621610626-3318039025-3462326288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: 9efe12fc8e7b41dc917eb9341daa31e0 - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\l8bp2ncg.default\Extensions\{9efe12fc-8e7b-41dc-917e-b9341daa31e0} [2015-01-19]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-28]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=M60C049FB-FC9F-488B-9FBA-AB7606423497&SearchSource=55&CUI=&UM=8&UP=SPBBC1B80E-D206-45D5-A77E-9F1E0BBEB2B4&SSPV=
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-19]
CHR Extension: (YouTube) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Cast) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Netflix) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-01-02]
CHR Extension: (Pandora) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-12-30]
CHR Extension: (Google Sheets) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avast Online Security) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-28] (AVAST Software)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-28] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-28] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-28] ()
R1 NEOFLTR_710_18671; C:\Windows\system32\Drivers\NEOFLTR_710_18671.SYS [99664 2011-06-23] (Juniper Networks)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 16:24 - 2015-01-28 16:24 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-28 16:23 - 2015-01-28 16:25 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Dropbox
2015-01-28 16:20 - 2015-01-28 16:20 - 00003286 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2621610626-3318039025-3462326288-1000
2015-01-28 16:16 - 2015-01-28 16:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-28 16:15 - 2015-01-28 16:16 - 02347384 _____ (ESET) C:\Users\Stephanie\Downloads\esetsmartinstaller_enu.exe
2015-01-28 16:15 - 2015-01-28 16:15 - 00000085 _____ () C:\Windows\wininit.ini
2015-01-28 16:13 - 2015-01-28 16:13 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\AVAST Software
2015-01-28 16:12 - 2015-01-28 16:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-28 16:12 - 2015-01-28 16:12 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-28 16:12 - 2015-01-28 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-28 16:11 - 2015-01-28 16:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-28 16:11 - 2015-01-28 16:12 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1422479545606
2015-01-28 16:11 - 2015-01-28 16:11 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-28 16:11 - 2015-01-28 16:11 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1422479547556
2015-01-28 16:11 - 2015-01-28 16:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-28 16:11 - 2015-01-28 16:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-28 16:09 - 2015-01-28 16:09 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-28 16:08 - 2015-01-28 16:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-28 16:08 - 2015-01-28 16:08 - 05006864 _____ (AVAST Software) C:\Users\Stephanie\Downloads\avast_free_antivirus_setup_online.exe
2015-01-28 14:49 - 2015-01-28 14:49 - 00000000 ____D () C:\Users\Stephanie\Downloads\FRST-OlderVersion
2015-01-28 14:18 - 2015-01-28 14:18 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Stephanie\Downloads\mbar-1.08.3.1004 (1).exe
2015-01-28 13:49 - 2015-01-28 13:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-28 12:33 - 2015-01-28 12:33 - 00000000 __SHD () C:\found.000
2015-01-27 20:36 - 2015-01-28 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 03:00 - 2015-01-26 03:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Stephanie\Downloads\spybot-2.4(1).exe
2015-01-26 00:19 - 2015-01-26 00:22 - 621283886 _____ () C:\Users\Stephanie\Downloads\Hirens.BootCD.15.2.zip
2015-01-21 21:24 - 2015-01-21 21:24 - 00688992 ____R (Swearware) C:\Users\Stephanie\Downloads\dds.com
2015-01-21 15:59 - 2015-01-21 16:00 - 00852520 _____ () C:\Users\Stephanie\Downloads\SecurityCheck(1).exe
2015-01-21 15:59 - 2015-01-21 15:59 - 00852520 _____ () C:\Users\Stephanie\Downloads\SecurityCheck.exe
2015-01-21 15:33 - 2015-01-28 14:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 15:23 - 2015-01-21 15:23 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Stephanie\Downloads\mbar-1.08.3.1004.exe
2015-01-21 15:13 - 2015-01-26 02:01 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-01-21 15:13 - 2015-01-21 15:13 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-21 14:34 - 2015-01-21 14:34 - 00032585 _____ () C:\Users\Stephanie\Downloads\Result.txt
2015-01-21 14:31 - 2015-01-21 14:32 - 00401920 _____ (Farbar) C:\Users\Stephanie\Downloads\MiniToolBox.exe
2015-01-21 03:57 - 2015-01-28 14:51 - 00027760 _____ () C:\Users\Stephanie\Downloads\Addition.txt
2015-01-21 03:55 - 2015-01-28 20:12 - 00022726 _____ () C:\Users\Stephanie\Downloads\FRST.txt
2015-01-21 03:55 - 2015-01-28 20:11 - 00000000 ____D () C:\FRST
2015-01-21 03:55 - 2015-01-28 14:49 - 02130432 _____ (Farbar) C:\Users\Stephanie\Downloads\FRST64.exe
2015-01-20 22:05 - 2015-01-20 22:05 - 01707939 _____ (Thisisu) C:\Users\Stephanie\Downloads\JRT.exe
2015-01-20 22:05 - 2015-01-20 22:05 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:53 - 2015-01-21 15:08 - 00000000 ____D () C:\AdwCleaner
2015-01-20 21:52 - 2015-01-20 21:53 - 02186752 _____ () C:\Users\Stephanie\Downloads\adwcleaner_4.108.exe
2015-01-20 21:39 - 2015-01-21 04:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-20 21:36 - 2015-01-20 21:38 - 196444992 _____ (Kaspersky Lab) C:\Users\Stephanie\Downloads\kts15.0.2.361en_7225.exe
2015-01-20 19:47 - 2015-01-20 19:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-20 19:46 - 2015-01-28 16:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 19:45 - 2015-01-28 16:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 19:44 - 2015-01-20 19:44 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Stephanie\Downloads\spybot-2.4.exe
2015-01-20 17:10 - 2015-01-20 17:10 - 00364640 _____ (Kaspersky Lab) C:\Users\Stephanie\Downloads\kss12.0.1.808_6398_6399.exe
2015-01-19 12:48 - 2015-01-19 12:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Stephanie\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 12:48 - 2015-01-19 12:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 12:47 - 2015-01-20 22:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 12:47 - 2015-01-19 12:47 - 04637504 _____ (AVG Technologies) C:\Users\Stephanie\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-19 12:47 - 2015-01-19 12:47 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\MFAData
2015-01-19 12:38 - 2015-01-19 12:38 - 00280768 _____ () C:\Windows\Minidump\011915-27003-01.dmp
2015-01-16 14:57 - 2015-01-16 14:57 - 00001730 _____ () C:\ProgramData\tempimage.bmp
2015-01-14 20:50 - 2015-01-14 20:50 - 00613057 _____ (CMI Limited) C:\Users\Stephanie\AppData\Local\nsb1C32.tmp
2015-01-14 20:25 - 2015-01-15 19:06 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-01-14 20:21 - 2015-01-16 17:33 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-14 20:18 - 2015-01-19 13:14 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.31
2015-01-14 20:18 - 2015-01-14 20:21 - 00000000 ____D () C:\9c041e6f2524c08fd30c6883be
2015-01-14 20:18 - 2015-01-14 20:18 - 00000537 _____ () C:\Windows\KB893803v2.log
2015-01-10 17:49 - 2014-06-20 10:38 - 00072128 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2015-01-10 17:49 - 2014-06-20 10:23 - 00523792 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2015-01-10 17:49 - 2014-06-20 10:20 - 00181704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-01-10 17:40 - 2015-01-10 17:40 - 00282392 _____ () C:\Windows\Minidump\011015-25568-01.dmp
2014-12-29 22:03 - 2015-01-28 20:09 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA.job
2014-12-29 22:03 - 2015-01-26 00:20 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core.job
2014-12-29 22:03 - 2014-12-29 22:03 - 00880784 _____ (Google Inc.) C:\Users\Stephanie\Downloads\chromecastinstaller.exe
2014-12-29 22:03 - 2014-12-29 22:03 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA
2014-12-29 22:03 - 2014-12-29 22:03 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core
2014-12-29 22:03 - 2014-12-29 22:03 - 00001226 _____ () C:\Users\Stephanie\Desktop\Chromecast.lnk
2014-12-29 22:03 - 2014-12-29 22:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-29 22:02 - 2015-01-28 17:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-29 22:02 - 2015-01-28 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-29 22:01 - 2015-01-28 20:09 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 22:01 - 2015-01-28 16:06 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 22:01 - 2014-12-29 22:03 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Google
2014-12-29 22:01 - 2014-12-29 22:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 22:01 - 2014-12-29 22:01 - 00880784 _____ (Google Inc.) C:\Users\Stephanie\Downloads\ChromeSetup.exe
2014-12-29 22:01 - 2014-12-29 22:01 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-29 22:01 - 2014-12-29 22:01 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 20:10 - 2009-07-14 00:10 - 01241321 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 16:15 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 16:15 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 16:13 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 16:07 - 2010-12-08 19:17 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\SoftThinks
2015-01-28 16:07 - 2010-10-18 12:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-28 16:07 - 2010-10-18 12:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-28 16:07 - 2010-10-18 12:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-28 16:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 16:06 - 2009-07-13 23:51 - 00113178 _____ () C:\Windows\setupact.log
2015-01-28 16:04 - 2013-07-31 17:56 - 00000000 ____D () C:\Users\Guest
2015-01-28 11:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 10:42 - 2010-12-11 10:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E212FC62-636C-45CD-A2CC-9F08A31E0036}
2015-01-28 10:39 - 2010-12-08 19:17 - 00000000 ____D () C:\Users\Stephanie
2015-01-26 02:13 - 2010-10-18 13:52 - 00468132 _____ () C:\Windows\PFRO.log
2015-01-21 15:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-20 17:19 - 2011-02-02 23:01 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-20 17:19 - 2011-02-02 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-19 13:39 - 2010-10-18 12:28 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-19 13:34 - 2010-12-08 18:22 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Deployment
2015-01-19 13:23 - 2010-10-18 12:21 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-19 13:23 - 2010-10-18 12:21 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-19 13:22 - 2010-10-18 14:45 - 00000000 ____D () C:\Windows\Panther
2015-01-19 13:11 - 2012-12-01 12:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-19 12:38 - 2010-12-18 21:47 - 351547093 _____ () C:\Windows\MEMORY.DMP
2015-01-19 12:38 - 2010-12-18 21:47 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:31 - 2011-11-27 16:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-14 20:30 - 2014-08-29 17:09 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2015-01-14 20:50 - 2015-01-14 20:50 - 0613057 _____ (CMI Limited) C:\Users\Stephanie\AppData\Local\nsb1C32.tmp
2011-02-02 23:05 - 2011-02-02 23:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-01-16 14:57 - 2015-01-16 14:57 - 0001730 _____ () C:\ProgramData\tempimage.bmp
 
Some content of TEMP:
====================
C:\Users\Stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptqptov.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2015-01-26 04:35
 
==================== End Of Log ============================


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 29 January 2015 - 06:59 AM

Hi,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.16KB   2 downloads

After the Reboot:

Step 2


frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

Edited by deeprybka, 29 January 2015 - 07:03 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 29 January 2015 - 10:45 AM

*****FIXLOG******

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Stephanie at 2015-01-29 08:32:51 Run:1
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available profiles: Stephanie & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-2621610626-3318039025-3462326288-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Hosts: 
C:\Program Files\Adware-Removal-Tool
C:\Users\Stephanie\AppData\Local\nsb1C32.tmp
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
CreateRestorePoint:
EmptyTemp:
*****************
 
Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
Hosts was reset successfully.
C:\Program Files\Adware-Removal-Tool => Moved successfully.
C:\Users\Stephanie\AppData\Local\nsb1C32.tmp => Moved successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid= => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL deleted successfully.
 
The operation completed successfully.
Restore point was successfully created.
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 08:37:38 ====


#14 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 29 January 2015 - 10:47 AM

******FRST******

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Stephanie (administrator) on STEPH-PC on 29-01-2015 08:45:59
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available profiles: Stephanie & Guest)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7970848 2009-07-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2011-03-15] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-28] (AVAST Software)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-13] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2621610626-3318039025-3462326288-1000\...\Run: [Google Update] => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-29] (Google Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
SearchScopes: HKLM -> {D3E3B50F-2A74-4269-B4A8-4ED4DEA87E6A} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\l8bp2ncg.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2621610626-3318039025-3462326288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2621610626-3318039025-3462326288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Stephanie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: 9efe12fc8e7b41dc917eb9341daa31e0 - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\l8bp2ncg.default\Extensions\{9efe12fc-8e7b-41dc-917e-b9341daa31e0} [2015-01-19]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-19]
CHR Extension: (YouTube) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Cast) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Netflix) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-01-02]
CHR Extension: (Pandora) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-12-30]
CHR Extension: (Google Sheets) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avast Online Security) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-28]
CHR Extension: (Google Wallet) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-28] (AVAST Software)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-28] ()
R1 NEOFLTR_710_18671; C:\Windows\system32\Drivers\NEOFLTR_710_18671.SYS [99664 2011-06-23] (Juniper Networks)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 16:24 - 2015-01-28 16:24 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-28 16:23 - 2015-01-28 16:25 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Dropbox
2015-01-28 16:20 - 2015-01-28 16:20 - 00003286 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2621610626-3318039025-3462326288-1000
2015-01-28 16:16 - 2015-01-28 16:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-28 16:15 - 2015-01-28 16:16 - 02347384 _____ (ESET) C:\Users\Stephanie\Downloads\esetsmartinstaller_enu.exe
2015-01-28 16:15 - 2015-01-28 16:15 - 00000085 _____ () C:\Windows\wininit.ini
2015-01-28 16:13 - 2015-01-28 16:13 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\AVAST Software
2015-01-28 16:12 - 2015-01-28 16:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-28 16:12 - 2015-01-28 16:12 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-28 16:12 - 2015-01-28 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-28 16:11 - 2015-01-28 16:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-28 16:11 - 2015-01-28 16:12 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-28 16:11 - 2015-01-28 16:11 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-28 16:11 - 2015-01-28 16:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-28 16:11 - 2015-01-28 16:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-28 16:09 - 2015-01-28 16:09 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-28 16:08 - 2015-01-28 16:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-28 16:08 - 2015-01-28 16:08 - 05006864 _____ (AVAST Software) C:\Users\Stephanie\Downloads\avast_free_antivirus_setup_online.exe
2015-01-28 14:49 - 2015-01-28 14:49 - 00000000 ____D () C:\Users\Stephanie\Downloads\FRST-OlderVersion
2015-01-28 14:18 - 2015-01-28 14:18 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Stephanie\Downloads\mbar-1.08.3.1004 (1).exe
2015-01-28 13:49 - 2015-01-28 13:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-28 12:33 - 2015-01-28 12:33 - 00000000 __SHD () C:\found.000
2015-01-27 20:36 - 2015-01-28 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 03:00 - 2015-01-26 03:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Stephanie\Downloads\spybot-2.4(1).exe
2015-01-26 00:19 - 2015-01-26 00:22 - 621283886 _____ () C:\Users\Stephanie\Downloads\Hirens.BootCD.15.2.zip
2015-01-21 21:24 - 2015-01-21 21:24 - 00688992 ____R (Swearware) C:\Users\Stephanie\Downloads\dds.com
2015-01-21 15:59 - 2015-01-21 16:00 - 00852520 _____ () C:\Users\Stephanie\Downloads\SecurityCheck(1).exe
2015-01-21 15:59 - 2015-01-21 15:59 - 00852520 _____ () C:\Users\Stephanie\Downloads\SecurityCheck.exe
2015-01-21 15:33 - 2015-01-28 14:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 15:23 - 2015-01-21 15:23 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Stephanie\Downloads\mbar-1.08.3.1004.exe
2015-01-21 15:13 - 2015-01-26 02:01 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-01-21 14:34 - 2015-01-21 14:34 - 00032585 _____ () C:\Users\Stephanie\Downloads\Result.txt
2015-01-21 14:31 - 2015-01-21 14:32 - 00401920 _____ (Farbar) C:\Users\Stephanie\Downloads\MiniToolBox.exe
2015-01-21 03:57 - 2015-01-28 20:13 - 00028359 _____ () C:\Users\Stephanie\Downloads\Addition.txt
2015-01-21 03:55 - 2015-01-29 08:46 - 00000000 ____D () C:\FRST
2015-01-21 03:55 - 2015-01-29 08:45 - 00021537 _____ () C:\Users\Stephanie\Downloads\FRST.txt
2015-01-21 03:55 - 2015-01-28 14:49 - 02130432 _____ (Farbar) C:\Users\Stephanie\Downloads\FRST64.exe
2015-01-20 22:05 - 2015-01-20 22:05 - 01707939 _____ (Thisisu) C:\Users\Stephanie\Downloads\JRT.exe
2015-01-20 22:05 - 2015-01-20 22:05 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:53 - 2015-01-21 15:08 - 00000000 ____D () C:\AdwCleaner
2015-01-20 21:52 - 2015-01-20 21:53 - 02186752 _____ () C:\Users\Stephanie\Downloads\adwcleaner_4.108.exe
2015-01-20 21:39 - 2015-01-21 04:25 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-20 21:36 - 2015-01-20 21:38 - 196444992 _____ (Kaspersky Lab) C:\Users\Stephanie\Downloads\kts15.0.2.361en_7225.exe
2015-01-20 19:47 - 2015-01-20 19:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-20 19:46 - 2015-01-28 16:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 19:45 - 2015-01-29 08:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 19:44 - 2015-01-20 19:44 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Stephanie\Downloads\spybot-2.4.exe
2015-01-20 17:10 - 2015-01-20 17:10 - 00364640 _____ (Kaspersky Lab) C:\Users\Stephanie\Downloads\kss12.0.1.808_6398_6399.exe
2015-01-19 12:48 - 2015-01-19 12:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Stephanie\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 12:48 - 2015-01-19 12:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 12:47 - 2015-01-20 22:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 12:47 - 2015-01-19 12:47 - 04637504 _____ (AVG Technologies) C:\Users\Stephanie\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-19 12:47 - 2015-01-19 12:47 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\MFAData
2015-01-19 12:38 - 2015-01-19 12:38 - 00280768 _____ () C:\Windows\Minidump\011915-27003-01.dmp
2015-01-16 14:57 - 2015-01-16 14:57 - 00001730 _____ () C:\ProgramData\tempimage.bmp
2015-01-14 20:25 - 2015-01-15 19:06 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-01-14 20:21 - 2015-01-16 17:33 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-14 20:18 - 2015-01-19 13:14 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.31
2015-01-14 20:18 - 2015-01-14 20:21 - 00000000 ____D () C:\9c041e6f2524c08fd30c6883be
2015-01-14 20:18 - 2015-01-14 20:18 - 00000537 _____ () C:\Windows\KB893803v2.log
2015-01-10 17:49 - 2014-06-20 10:38 - 00072128 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2015-01-10 17:49 - 2014-06-20 10:23 - 00523792 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2015-01-10 17:49 - 2014-06-20 10:20 - 00181704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2015-01-10 17:40 - 2015-01-10 17:40 - 00282392 _____ () C:\Windows\Minidump\011015-25568-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 08:45 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 08:42 - 2014-12-29 22:01 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 08:42 - 2010-12-08 19:17 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\SoftThinks
2015-01-29 08:42 - 2010-10-18 12:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-29 08:42 - 2010-10-18 12:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-29 08:42 - 2010-10-18 12:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-29 08:39 - 2010-10-18 13:52 - 00473922 _____ () C:\Windows\PFRO.log
2015-01-29 08:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 08:39 - 2009-07-13 23:51 - 00113234 _____ () C:\Windows\setupact.log
2015-01-29 08:38 - 2009-07-14 00:10 - 01289441 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 08:29 - 2014-12-29 22:03 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000UA.job
2015-01-29 08:29 - 2014-12-29 22:01 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 22:08 - 2014-12-29 22:03 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2621610626-3318039025-3462326288-1000Core.job
2015-01-28 21:08 - 2010-12-11 10:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E212FC62-636C-45CD-A2CC-9F08A31E0036}
2015-01-28 17:16 - 2014-12-29 22:02 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-28 16:15 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 16:15 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 16:04 - 2013-07-31 17:56 - 00000000 ____D () C:\Users\Guest
2015-01-28 11:37 - 2014-12-29 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-28 11:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 10:39 - 2010-12-08 19:17 - 00000000 ____D () C:\Users\Stephanie
2015-01-21 15:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-01-20 17:19 - 2011-02-02 23:01 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-20 17:19 - 2011-02-02 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-19 13:39 - 2010-10-18 12:28 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-19 13:34 - 2010-12-08 18:22 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Deployment
2015-01-19 13:23 - 2010-10-18 12:21 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-19 13:23 - 2010-10-18 12:21 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-19 13:22 - 2010-10-18 14:45 - 00000000 ____D () C:\Windows\Panther
2015-01-19 13:11 - 2012-12-01 12:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-19 12:38 - 2010-12-18 21:47 - 351547093 _____ () C:\Windows\MEMORY.DMP
2015-01-19 12:38 - 2010-12-18 21:47 - 00000000 ____D () C:\Windows\Minidump
2015-01-15 19:31 - 2011-11-27 16:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-14 20:30 - 2014-08-29 17:09 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2011-02-02 23:05 - 2011-02-02 23:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-01-16 14:57 - 2015-01-16 14:57 - 0001730 _____ () C:\ProgramData\tempimage.bmp
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 04:35
 
==================== End Of Log ============================


#15 daniel0311

daniel0311
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 29 January 2015 - 10:48 AM

The computer seems to be running quite a bit better. From what I can tell as of now, the popups and redirects are gone. Hopefully this got it fixed!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users