Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slow, am I infected?


  • This topic is locked This topic is locked
9 replies to this topic

#1 annmarie1031

annmarie1031

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 April 2015 - 12:36 PM

Mod Edit: Moved to Malware Removal Logs ~~ boopme


I am using Window 7 and my computer is very slow.  It always seems like the hard drive is running.  I ran a dds.  Thanks for your help!
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17689  BrowserJavaVersion: 11.40.2
Run by Bob at 13:30:20 on 2015-04-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2030.858 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_40\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office 15\root\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_40\bin\jp2ssv.dll
BHO: <No Name>: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\program files\microsoft money\system\mnyviewer.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_16_0_0_305_ActiveX.exe -update activex
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FEAA1619-E231-471D-9ED5-C59D1FB35C6C} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\msosb.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\41.0.2272.118\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymDS.sys [2013-10-20 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymEFA.sys [2013-10-20 935512]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\bashdefs\20150309.013\BHDrvx86.sys [2015-3-9 1164504]
R1 ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\ccSetx86.sys [2013-10-20 134744]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\ipsdefs\20150410.011\IDSvix86.sys [2015-4-12 479448]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\Ironx86.sys [2013-10-20 175192]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\symnets.sys [2013-10-20 341080]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-6-4 1843896]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\ccSvcHst.exe [2013-10-20 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2015-4-4 111408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2006-1-25 472644]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-4-4 102912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\SyDvCtrl32.sys [2013-10-20 28576]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-6-3 1343400]
.
=============== Created Last 30 ================
.
2015-04-05 12:44:09 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-04-05 12:44:09 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-05 12:44:07 372736 ----a-w- c:\windows\system32\rastls.dll
2015-04-04 17:22:23 -------- d-----w- c:\program files\WinTV
2015-04-04 17:18:49 -------- d-----w- c:\windows\system32\appmgmt
2015-04-04 17:17:10 -------- d-sh--w- c:\users\bob\appdata\local\EmieBrowserModeList
2015-04-04 14:45:54 -------- d-----w- c:\programdata\APN
2015-04-04 12:00:52 571904 ----a-w- c:\windows\system32\oleaut32.dll
2015-04-04 11:58:32 186880 ----a-w- c:\windows\system32\pku2u.dll
2015-04-04 11:57:01 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-04-04 11:56:07 828928 ----a-w- c:\windows\system32\msctf.dll
2015-04-04 11:54:05 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-04-04 11:50:03 156672 ----a-w- c:\windows\system32\ncsi.dll
2015-04-04 11:50:02 52224 ----a-w- c:\windows\system32\nlaapi.dll
2015-04-04 11:50:02 242688 ----a-w- c:\windows\system32\nlasvc.dll
2015-04-04 11:50:00 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-04-04 11:48:16 308224 ----a-w- c:\windows\system32\scesrv.dll
2015-04-04 11:45:11 523776 ----a-w- c:\windows\system32\termsrv.dll
.
==================== Find3M  ====================
.
2015-04-09 02:38:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-04 14:42:40 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-04-04 11:28:39 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-04 11:28:39 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-06 05:15:20 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:15:20 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:10:34 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:10:29 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:10:29 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:10:26 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-06 05:10:18 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-06 05:10:11 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-06 05:09:44 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-06 05:09:31 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-06 05:07:50 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-02-26 03:11:26 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:13:52 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13:49 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09:16 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 02:22:35 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-20 02:22:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:09:08 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-20 01:56:53 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-02-20 01:56:07 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-20 01:50:00 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 01:41:52 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- c:\windows\system32\jscript9.dll
2015-02-20 01:24:21 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-02-03 03:16:31 3973048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-03 03:16:30 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:11:55 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:11:55 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-02-03 03:11:52 9728 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:11:52 8192 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:11:48 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:11:35 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:11:35 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:11:35 100864 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:11:18 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:10:13 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:09:03 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-02-03 03:00:23 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 02:26:42 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-01-30 23:56:12 370488 ----a-w- c:\windows\system32\drivers\cng.sys
.
============= FINISH: 13:32:02.40 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2014 8:18:14 PM
System Uptime: 4/12/2015 3:55:45 PM (22 hours ago)
.
Motherboard: Dell Inc. |  | 0GM819
Processor: Intel® Core™2 Duo CPU     E8400  @ 3.00GHz | CPU | 3000/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 391.567 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
Z: is FIXED (NTFS) - 466 GiB total, 247.381 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Service:
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Service:
.
==== System Restore Points ===================
.
RP32: 4/4/2015 3:14:15 PM - Scheduled Checkpoint
RP33: 4/5/2015 11:28:53 PM - Windows Update
RP34: 4/13/2015 12:00:02 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Google Chrome
Google Update Helper
Hauppauge WinTV NT4/Win2000 Drivers
Java 8 Update 40
Java Auto Updater
Johnson Controls - Launcher 1.3
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office Professional Plus 2013 - en-us
Network Recording Player
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Symantec Endpoint Protection
.
==== Event Viewer Messages From Past Week ========
.
4/9/2015 7:03:09 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service.
4/13/2015 10:41:06 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
4/10/2015 2:14:14 PM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
.
==== End Of File ===========================

Edited by boopme, 13 April 2015 - 01:34 PM.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 13 April 2015 - 02:09 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 annmarie1031

annmarie1031
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 April 2015 - 02:39 PM

Here are FRST scans.  Thank you.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2015
Ran by Bob (administrator) on BOB-PC on 13-04-2015 15:34:50
Running from C:\Users\Bob\Downloads
Loaded Profiles: Bob (Available profiles: Bob)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MoneyStartUp10.0] => C:\Program Files\Microsoft Money\System\Activation.exe [241714 2001-07-25] (Microsoft Corporation)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKU\S-1-5-21-2974050969-1131203105-4219412244-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe [960688 2015-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-06-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2974050969-1131203105-4219412244-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-2974050969-1131203105-4219412244-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2974050969-1131203105-4219412244-1001 -> {7946FF29-DFA8-4D04-8348-E3070850F2B5} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=C0EE673F-94A7-4DE4-AF5A-7287427A71AC&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17280&doi=2015-04-04&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-04-04] (Microsoft Corporation)
BHO: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-20] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-04] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-04] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-04] (Oracle Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25] (Microsoft Corporation)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-06-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-04] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2014-06-03]

Chrome:
=======
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
CHR Extension: (Google Drive) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-19]
CHR Extension: (Google Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Google Wallet) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe [1746576 2013-10-20] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\snac.exe [288656 2013-10-20] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx86.sys [1164504 2015-03-09] (Symantec Corporation)
R1 ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\ccSetx86.sys [134744 2013-10-20] (Symantec Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2015-03-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2015-03-16] (Symantec Corporation)
S3 HCWBT8xx; C:\Windows\System32\drivers\HCWBT8XX.sys [472644 2006-01-25] (Hauppauge Computer Works)
R1 IDSVix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20150410.011\IDSvix86.sys [479448 2015-04-03] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150412.022\NAVENG.SYS [95704 2015-03-16] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150412.022\NAVEX15.SYS [1636696 2015-03-16] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSP.SYS [603224 2013-10-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSPX.SYS [32344 2013-10-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SyDvCtrl32.sys [28576 2013-10-20] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMDS.SYS [367704 2013-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMEFA.SYS [935512 2013-10-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-06-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\Ironx86.SYS [175192 2013-10-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMNETS.SYS [341080 2013-10-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [126440 2014-06-03] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [72880 2013-10-20] (Symantec Corporation)
U3 mbr; \??\C:\Users\Bob\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 15:34 - 2015-04-13 15:35 - 00011968 _____ () C:\Users\Bob\Downloads\FRST.txt
2015-04-13 15:34 - 2015-04-13 15:34 - 00000000 ____D () C:\FRST
2015-04-13 15:33 - 2015-04-13 15:33 - 02096640 _____ (Farbar) C:\Users\Bob\Downloads\FRST64 (2).exe
2015-04-13 15:33 - 2015-04-13 15:33 - 01135616 _____ (Farbar) C:\Users\Bob\Downloads\FRST.exe
2015-04-13 15:32 - 2015-04-13 15:32 - 02096640 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
2015-04-13 15:32 - 2015-04-13 15:32 - 02096640 _____ (Farbar) C:\Users\Bob\Downloads\FRST64 (1).exe
2015-04-13 14:43 - 2015-04-13 14:43 - 00000491 _____ () C:\Users\Bob\Desktop\The Home Depot - Shopping Cart.url
2015-04-09 20:43 - 2015-04-09 20:43 - 00000153 _____ () C:\Users\Bob\Desktop\Identify Your Breyer - Quarter Horse Mare.url
2015-04-08 20:19 - 2015-04-13 13:37 - 00000000 ____D () C:\Users\Bob\Desktop\shopping
2015-04-05 08:44 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-05 08:44 - 2014-08-21 02:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-05 08:44 - 2014-08-21 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-04 13:25 - 2015-04-04 13:26 - 00000000 ____D () C:\Users\Bob\Documents\New folder (2)
2015-04-04 13:25 - 2015-04-04 13:25 - 00000000 ____D () C:\Users\Bob\Documents\Heater
2015-04-04 13:25 - 2015-04-04 13:25 - 00000000 ____D () C:\Users\Bob\Desktop\ACCOUNTS
2015-04-04 13:25 - 2015-02-18 18:25 - 00000264 _____ () C:\Users\Bob\Documents\Memorial Obituaries - Schweppenheiser, Robert.url
2015-04-04 13:25 - 2014-08-27 07:41 - 00000273 _____ () C:\Users\Bob\Documents\HP Recalls Computer Power Cords for Burn Hazard  NBC 10 Philadelphia.url
2015-04-04 13:22 - 2015-04-04 13:22 - 00000000 __RSH () C:\MSDOS.SYS
2015-04-04 13:22 - 2015-04-04 13:22 - 00000000 __RSH () C:\IO.SYS
2015-04-04 13:22 - 2015-04-04 13:22 - 00000000 ____D () C:\Program Files\WinTV
2015-04-04 13:20 - 2015-04-04 13:20 - 04176437 _____ () C:\Users\Bob\Desktop\tdsskiller.zip
2015-04-04 13:18 - 2015-04-04 13:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-04 13:17 - 2015-04-04 13:17 - 00000000 __SHD () C:\Users\Bob\AppData\Local\EmieBrowserModeList
2015-04-04 10:45 - 2015-04-04 10:45 - 00000000 ____D () C:\ProgramData\APN
2015-04-04 10:43 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-04 10:30 - 2015-04-08 14:39 - 00000000 ____D () C:\Users\Bob\Desktop\STAY OUT!
2015-04-04 08:01 - 2015-03-06 01:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-04 08:01 - 2015-03-06 01:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-04 08:01 - 2015-03-06 01:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-04 08:01 - 2015-03-06 01:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-04 08:01 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-04 08:01 - 2015-03-06 01:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-04 08:01 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-04 08:01 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-04 08:01 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-04 08:01 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-04 08:01 - 2014-12-18 21:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-04 08:00 - 2014-10-17 21:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-04 07:58 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-04 07:57 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-04 07:56 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-04 07:56 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-04 07:55 - 2015-02-25 23:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-04 07:55 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-04 07:55 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-04 07:55 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-04 07:55 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-04 07:55 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-04 07:55 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-04 07:55 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-04 07:55 - 2015-02-19 22:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-04 07:55 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-04 07:55 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-04 07:55 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-04 07:55 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-04 07:55 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-04 07:55 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-04 07:55 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-04 07:55 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-04 07:55 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-04 07:55 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-04 07:55 - 2015-02-19 21:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-04 07:55 - 2015-02-19 21:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-04 07:55 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-04 07:55 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-04 07:55 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-04 07:55 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-04 07:55 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-04 07:55 - 2015-02-19 21:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-04 07:55 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-04 07:55 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-04 07:55 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-04 07:55 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-04 07:55 - 2014-12-18 22:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-04 07:55 - 2014-12-11 13:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-04 07:55 - 2014-10-24 21:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-04 07:55 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-04 07:55 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-04 07:55 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-04 07:54 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-04 07:53 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-04 07:53 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-04 07:53 - 2015-02-20 00:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-04 07:53 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-04 07:53 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-04 07:53 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-04 07:53 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-04 07:53 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-04 07:53 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-04 07:53 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-04-04 07:53 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-04 07:53 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-04 07:53 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-04 07:50 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-04 07:50 - 2014-12-05 23:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-04 07:50 - 2012-10-03 12:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-04 07:50 - 2012-10-03 12:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-04 07:49 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-04 07:49 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-04 07:49 - 2015-02-02 23:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-04 07:49 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-04 07:49 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-04 07:49 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-04 07:49 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-04 07:49 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-04 07:49 - 2015-02-02 23:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-04 07:49 - 2015-02-02 23:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-04 07:49 - 2015-02-02 23:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-04 07:49 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-04 07:49 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-04 07:49 - 2015-02-02 23:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-04 07:49 - 2015-02-02 23:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-04 07:49 - 2015-02-02 23:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-04 07:49 - 2015-02-02 23:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-04 07:49 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-04 07:49 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-04 07:49 - 2015-02-02 23:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-04 07:49 - 2015-02-02 22:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-04 07:49 - 2015-01-30 19:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-04 07:49 - 2014-10-31 18:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-04 07:49 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-04 07:49 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-04 07:48 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-04 07:45 - 2014-10-13 21:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 15:27 - 2014-06-19 17:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 15:25 - 2014-06-04 18:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 13:58 - 2014-06-03 20:18 - 01493731 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 13:33 - 2014-06-03 20:20 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 13:24 - 2014-06-04 17:30 - 06395800 ____R () C:\Users\Bob\Documents\MONEY Backup.mbf
2015-04-13 13:24 - 2014-06-04 17:27 - 06393856 _____ () C:\Users\Bob\Documents\MONEY.MNY
2015-04-13 12:55 - 2014-06-03 22:38 - 00000000 ____D () C:\ProgramData\Symantec
2015-04-13 10:38 - 2009-07-14 00:39 - 00111564 _____ () C:\Windows\setupact.log
2015-04-13 07:26 - 2014-06-19 17:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 07:02 - 2014-06-04 18:10 - 00000000 ____D () C:\Users\Bob\Documents\Outlook Files
2015-04-12 16:04 - 2009-07-14 00:34 - 00019040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 16:04 - 2009-07-14 00:34 - 00019040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 15:56 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 22:37 - 2014-06-04 23:50 - 00007609 _____ () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2015-04-08 22:38 - 2014-06-04 20:53 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 15:15 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-04-04 14:05 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-04 13:54 - 2014-06-04 16:39 - 00046824 _____ () C:\Windows\PFRO.log
2015-04-04 13:38 - 2014-06-04 17:37 - 00000000 ____D () C:\Users\Bob\Documents\TurboTax
2015-04-04 13:33 - 2014-06-19 17:34 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-04 13:25 - 2014-09-04 09:54 - 00000000 ____D () C:\Users\Bob\Documents\Fax
2015-04-04 13:22 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system
2015-04-04 13:10 - 2009-07-14 00:33 - 00434832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 10:59 - 2014-06-03 21:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-04 10:44 - 2014-09-15 19:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-04 10:43 - 2014-09-15 19:28 - 00000000 ____D () C:\Program Files\Java
2015-04-04 10:42 - 2014-09-15 19:28 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-04 09:25 - 2014-06-04 20:53 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-04 09:25 - 2014-06-04 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-04 09:25 - 2014-06-04 20:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-04 07:31 - 2014-06-04 16:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-04 07:28 - 2014-06-04 18:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-04 07:28 - 2014-06-04 18:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-04 07:10 - 2014-06-04 23:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-04 07:10 - 2014-06-04 23:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe

==================== Files in the root of some directories =======

2014-06-04 23:50 - 2015-04-09 22:37 - 0007609 _____ () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\APNSetup.exe
C:\Users\Bob\AppData\Local\Temp\jre-8u40-windows-au.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-04 15:08

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2015
Ran by Bob at 2015-04-13 15:36:11
Running from C:\Users\Bob\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hauppauge WinTV NT4/Win2000 Drivers (HKLM\...\Hauppauge WinTV NT4/Win2000 Drivers) (Version:  - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Johnson Controls - Launcher 1.3 (HKLM\...\{FA90DBAD-8F5B-4701-A1AE-19AE94851CDE}) (Version: 1.3.0.1106 - Johnson Controls, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Money 2002 (HKLM\...\{E7298FD8-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.80 - Microsoft)
Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}) (Version: 10.0.80 - Microsoft)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Network Recording Player (HKLM\...\{2AC49604-8A5B-45A4-B7ED-10BC1E5106A3}) (Version: 2.29.3212 - Cisco WebEx LLC)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Symantec Endpoint Protection (HKLM\...\{A84E6630-FE81-4D1F-BBA0-4BFBCC1D9493}) (Version: 12.1.4013.4013 - Symantec Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

04-04-2015 15:14:15 Scheduled Checkpoint
05-04-2015 23:28:53 Windows Update
13-04-2015 00:00:02 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CFC57DB-325E-4419-AE56-60B3DC043BA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {106F2071-1925-459E-B4EE-57A100276E88} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {2551C863-B40F-4A69-A432-ED77643EC471} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {35AE04F3-A391-4BA0-A271-152E7447FE65} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-04] (Adobe Systems Incorporated)
Task: {761F0884-6213-422C-ADF0-9A32E1F63915} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7F08184C-A64F-4CAC-B236-A8F3245A1994} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {A9461B65-729C-47E5-AD65-D2E1CA24AB13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-04] (Microsoft Corporation)
Task: {CF77CCE3-6E73-4DF4-A31C-8AE4C95422D2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D6450EA0-55E5-44DD-BFC4-B335901E2C84} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-04 16:26 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-04-04 07:24 - 2015-04-04 07:24 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2974050969-1131203105-4219412244-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2974050969-1131203105-4219412244-500 - Administrator - Disabled)
Bob (S-1-5-21-2974050969-1131203105-4219412244-1001 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-2974050969-1131203105-4219412244-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2974050969-1131203105-4219412244-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 03:32:18 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/13/2015 03:31:54 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/13/2015 03:30:59 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/13/2015 00:02:54 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/12/2015 03:56:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/10/2015 00:02:24 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/09/2015 00:02:28 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/08/2015 08:04:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2015 00:02:39 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/07/2015 10:47:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b04

Start Time: 01d071a4ab5d9f9f

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (04/13/2015 10:41:06 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (04/13/2015 10:41:06 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (04/10/2015 02:14:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/10/2015 02:14:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/10/2015 01:53:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/09/2015 07:03:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service.

Error: (04/09/2015 01:43:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/09/2015 11:35:53 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/09/2015 09:40:33 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/08/2015 10:58:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Microsoft Office Sessions:
=========================
Error: (04/13/2015 03:32:18 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/13/2015 03:31:54 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/13/2015 03:30:59 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Bob\DOWNLOADS\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (04/13/2015 00:02:54 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/12/2015 03:56:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (04/10/2015 00:02:24 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/09/2015 00:02:28 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/08/2015 08:04:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (04/08/2015 00:02:39 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:bob@quantserve.com/ by: Scheduled scan.  Action: Delete succeeded.  Action Description: The file was deleted successfully.

Error: (04/07/2015 10:47:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17689b0401d071a4ab5d9f9f16C:\Program Files\Internet Explorer\iexplore.exe

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 58%
Total physical RAM: 2029.61 MB
Available physical RAM: 849.09 MB
Total Pagefile: 4059.22 MB
Available Pagefile: 2026.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.04 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:465.76 GB) (Free:391.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive z: (BKP) (Fixed) (Total:465.76 GB) (Free:247.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1F0005C7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6F27AC68)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 13 April 2015 - 02:54 PM

I don't think that this issue is related to malware. However please re-run TDSS-Killer and ESET.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 annmarie1031

annmarie1031
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 April 2015 - 04:33 PM

TDSSKiller

 

17:17:33.0391 0x25fc  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:17:37.0025 0x25fc  ============================================================
17:17:37.0025 0x25fc  Current date / time: 2015/04/13 17:17:37.0025
17:17:37.0025 0x25fc  SystemInfo:
17:17:37.0025 0x25fc 
17:17:37.0025 0x25fc  OS Version: 6.1.7601 ServicePack: 1.0
17:17:37.0025 0x25fc  Product type: Workstation
17:17:37.0025 0x25fc  ComputerName: BOB-PC
17:17:37.0025 0x25fc  UserName: Bob
17:17:37.0025 0x25fc  Windows directory: C:\Windows
17:17:37.0025 0x25fc  System windows directory: C:\Windows
17:17:37.0025 0x25fc  Processor architecture: Intel x86
17:17:37.0025 0x25fc  Number of processors: 2
17:17:37.0025 0x25fc  Page size: 0x1000
17:17:37.0025 0x25fc  Boot type: Normal boot
17:17:37.0025 0x25fc  ============================================================
17:17:39.0350 0x25fc  KLMD registered as C:\Windows\system32\drivers\69604326.sys
17:17:41.0456 0x25fc  System UUID: {8B46EFBC-FFE3-EEA9-814B-31D9F3F56353}
17:17:43.0608 0x25fc  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0x85D25, SectorsPerTrack: 0x9, TracksPerCylinder: 0xC6, Type 'K0', Flags 0x00000050
17:17:43.0624 0x25fc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0x85D25, SectorsPerTrack: 0x9, TracksPerCylinder: 0xC6, Type 'K0', Flags 0x00000050
17:17:43.0780 0x25fc  ============================================================
17:17:43.0780 0x25fc  \Device\Harddisk1\DR1:
17:17:43.0795 0x25fc  MBR partitions:
17:17:43.0795 0x25fc  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x9, BlocksNum 0x3A385199
17:17:43.0795 0x25fc  \Device\Harddisk0\DR0:
17:17:43.0795 0x25fc  MBR partitions:
17:17:43.0795 0x25fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
17:17:43.0795 0x25fc  ============================================================
17:17:43.0936 0x25fc  C: <-> \Device\Harddisk1\DR1\Partition1
17:17:43.0998 0x25fc  Z: <-> \Device\Harddisk0\DR0\Partition1
17:17:44.0014 0x25fc  ============================================================
17:17:44.0014 0x25fc  Initialize success
17:17:44.0014 0x25fc  ============================================================
17:18:27.0714 0x2070  ============================================================
17:18:27.0714 0x2070  Scan started
17:18:27.0714 0x2070  Mode: Manual; SigCheck; TDLFS;
17:18:27.0714 0x2070  ============================================================
17:18:27.0714 0x2070  KSN ping started
17:18:30.0584 0x2070  KSN ping finished: true
17:18:32.0581 0x2070  ================ Scan system memory ========================
17:18:32.0581 0x2070  System memory - ok
17:18:32.0581 0x2070  ================ Scan services =============================
17:18:33.0626 0x2070  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:18:33.0969 0x2070  1394ohci - ok
17:18:34.0016 0x2070  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:18:34.0047 0x2070  ACPI - ok
17:18:34.0110 0x2070  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:18:34.0313 0x2070  AcpiPmi - ok
17:18:34.0593 0x2070  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:18:34.0625 0x2070  AdobeARMservice - ok
17:18:34.0859 0x2070  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:18:34.0905 0x2070  AdobeFlashPlayerUpdateSvc - ok
17:18:35.0046 0x2070  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:18:35.0108 0x2070  adp94xx - ok
17:18:35.0264 0x2070  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:18:35.0436 0x2070  adpahci - ok
17:18:35.0576 0x2070  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:18:35.0717 0x2070  adpu320 - ok
17:18:35.0748 0x2070  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:18:36.0122 0x2070  AeLookupSvc - ok
17:18:36.0231 0x2070  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
17:18:36.0356 0x2070  AFD - ok
17:18:36.0387 0x2070  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:18:36.0434 0x2070  agp440 - ok
17:18:36.0512 0x2070  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:18:36.0559 0x2070  aic78xx - ok
17:18:36.0746 0x2070  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
17:18:36.0965 0x2070  ALG - ok
17:18:37.0058 0x2070  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:18:37.0089 0x2070  aliide - ok
17:18:37.0199 0x2070  [ F970EA885AEFEB1B9EB97CA7F1EB226D, 19E3B7F62A474BA9CC3824500445F9F525A2D43A597660658B05977DC198679A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:18:37.0604 0x2070  AMD External Events Utility - ok
17:18:37.0635 0x2070  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:18:37.0682 0x2070  amdagp - ok
17:18:37.0745 0x2070  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:18:37.0760 0x2070  amdide - ok
17:18:37.0854 0x2070  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:18:37.0994 0x2070  AmdK8 - ok
17:18:39.0804 0x2070  [ AB70F110143892EB41AA46500AA5CF00, D6A9C4231713EE4029ED301129B1AEB14E47228603F8BB2B40FAE245B6F2AE36 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:18:40.0131 0x2070  amdkmdag - ok
17:18:40.0428 0x2070  [ 32D68D05B871EED5572D0C2C764EA4EC, 45695582E3C84E3D684EA8A01492A6A0201D737545D0BBCEFCBE93DB790628EB ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:18:40.0490 0x2070  amdkmdap - ok
17:18:40.0599 0x2070  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:18:40.0662 0x2070  AmdPPM - ok
17:18:40.0740 0x2070  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:18:40.0802 0x2070  amdsata - ok
17:18:40.0896 0x2070  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:18:40.0943 0x2070  amdsbs - ok
17:18:40.0958 0x2070  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:18:40.0974 0x2070  amdxata - ok
17:18:41.0083 0x2070  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
17:18:41.0177 0x2070  AppID - ok
17:18:41.0239 0x2070  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:18:41.0301 0x2070  AppIDSvc - ok
17:18:41.0364 0x2070  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
17:18:41.0473 0x2070  Appinfo - ok
17:18:41.0504 0x2070  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:18:41.0567 0x2070  AppMgmt - ok
17:18:41.0582 0x2070  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:18:41.0613 0x2070  arc - ok
17:18:41.0645 0x2070  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:18:41.0676 0x2070  arcsas - ok
17:18:41.0723 0x2070  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:18:41.0816 0x2070  AsyncMac - ok
17:18:41.0832 0x2070  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:18:41.0863 0x2070  atapi - ok
17:18:42.0113 0x2070  [ AB70F110143892EB41AA46500AA5CF00, D6A9C4231713EE4029ED301129B1AEB14E47228603F8BB2B40FAE245B6F2AE36 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:18:42.0315 0x2070  atikmdag - ok
17:18:42.0362 0x2070  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:18:42.0409 0x2070  AudioEndpointBuilder - ok
17:18:42.0409 0x2070  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:18:42.0440 0x2070  Audiosrv - ok
17:18:42.0456 0x2070  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:18:42.0581 0x2070  AxInstSV - ok
17:18:42.0596 0x2070  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:18:42.0690 0x2070  b06bdrv - ok
17:18:42.0721 0x2070  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:18:42.0783 0x2070  b57nd60x - ok
17:18:42.0861 0x2070  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
17:18:42.0955 0x2070  BDESVC - ok
17:18:43.0017 0x2070  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:18:43.0064 0x2070  Beep - ok
17:18:43.0142 0x2070  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
17:18:43.0220 0x2070  BFE - ok
17:18:43.0501 0x2070  [ 9FBC275F889CE4260F76170312157196, BDCDA5C1D694357B4FC513ED706224489ABDB90B5D7140CD0F14FA5E7DCD8B03 ] BHDrvx86        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx86.sys
17:18:43.0579 0x2070  BHDrvx86 - ok
17:18:43.0626 0x2070  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
17:18:43.0735 0x2070  BITS - ok
17:18:43.0766 0x2070  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:18:43.0833 0x2070  blbdrive - ok
17:18:43.0866 0x2070  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:18:43.0924 0x2070  bowser - ok
17:18:43.0940 0x2070  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:18:44.0049 0x2070  BrFiltLo - ok
17:18:44.0080 0x2070  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:18:44.0111 0x2070  BrFiltUp - ok
17:18:44.0174 0x2070  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
17:18:44.0252 0x2070  Browser - ok
17:18:44.0267 0x2070  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:18:44.0361 0x2070  Brserid - ok
17:18:44.0377 0x2070  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:18:44.0408 0x2070  BrSerWdm - ok
17:18:44.0408 0x2070  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:18:44.0439 0x2070  BrUsbMdm - ok
17:18:44.0439 0x2070  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:18:44.0486 0x2070  BrUsbSer - ok
17:18:44.0517 0x2070  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:18:44.0579 0x2070  BTHMODEM - ok
17:18:44.0642 0x2070  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
17:18:44.0689 0x2070  bthserv - ok
17:18:44.0767 0x2070  [ 0D38EFACCEE90AD18740D28D1AE765CC, 6DFD6968F005F18D9E81AAE0729C91B2862010706A9FBB9A54809A87A632958A ] ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450} C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\ccSetx86.sys
17:18:44.0782 0x2070  ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450} - ok
17:18:44.0813 0x2070  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:18:44.0845 0x2070  cdfs - ok
17:18:44.0891 0x2070  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:18:44.0923 0x2070  cdrom - ok
17:18:44.0985 0x2070  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:18:45.0032 0x2070  CertPropSvc - ok
17:18:45.0032 0x2070  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:18:45.0047 0x2070  circlass - ok
17:18:45.0094 0x2070  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
17:18:45.0110 0x2070  CLFS - ok
17:18:45.0235 0x2070  [ B47ADD8DC983E7490BE86D59B4CB4D2E, 656C16684122A2DC4FCC2344C5075687275ACDC661DB6363D72DE224647A681C ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
17:18:45.0313 0x2070  ClickToRunSvc - ok
17:18:45.0375 0x2070  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:45.0406 0x2070  clr_optimization_v2.0.50727_32 - ok
17:18:45.0422 0x2070  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:18:45.0469 0x2070  CmBatt - ok
17:18:45.0500 0x2070  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:18:45.0515 0x2070  cmdide - ok
17:18:45.0547 0x2070  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
17:18:45.0609 0x2070  CNG - ok
17:18:45.0625 0x2070  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:18:45.0640 0x2070  Compbatt - ok
17:18:45.0687 0x2070  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:18:45.0703 0x2070  CompositeBus - ok
17:18:45.0734 0x2070  COMSysApp - ok
17:18:45.0765 0x2070  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:18:45.0781 0x2070  crcdisk - ok
17:18:45.0812 0x2070  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:18:45.0843 0x2070  CryptSvc - ok
17:18:45.0859 0x2070  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
17:18:45.0921 0x2070  CSC - ok
17:18:45.0952 0x2070  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
17:18:45.0983 0x2070  CscService - ok
17:18:45.0999 0x2070  [ CB6FF7012BB5D59D7C12350DB795CE1F, D0C614B206B69EBE735CFB158703730B42A72A46F6808D0D1C7385E3C1434AC5 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
17:18:46.0015 0x2070  ctxusbm - ok
17:18:46.0093 0x2070  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:18:46.0139 0x2070  DcomLaunch - ok
17:18:46.0171 0x2070  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
17:18:46.0233 0x2070  defragsvc - ok
17:18:46.0249 0x2070  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:18:46.0280 0x2070  DfsC - ok
17:18:46.0311 0x2070  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:18:46.0358 0x2070  Dhcp - ok
17:18:46.0373 0x2070  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
17:18:46.0405 0x2070  discache - ok
17:18:46.0436 0x2070  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:18:46.0483 0x2070  Disk - ok
17:18:46.0514 0x2070  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:18:46.0561 0x2070  Dnscache - ok
17:18:46.0592 0x2070  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:18:46.0639 0x2070  dot3svc - ok
17:18:46.0810 0x2070  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
17:18:46.0873 0x2070  DPS - ok
17:18:46.0904 0x2070  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:18:46.0966 0x2070  drmkaud - ok
17:18:47.0029 0x2070  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:18:47.0107 0x2070  DXGKrnl - ok
17:18:47.0200 0x2070  [ 0535BFBEDB9378DDD15BDF9957D57D71, CA93DD66AF1DC8DFFE370C41EEDF57F6073B4859257BE35E30914F81C1478034 ] e1express       C:\Windows\system32\DRIVERS\e1e6232.sys
17:18:47.0231 0x2070  e1express - ok
17:18:47.0309 0x2070  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
17:18:47.0387 0x2070  EapHost - ok
17:18:47.0481 0x2070  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:18:47.0637 0x2070  ebdrv - ok
17:18:47.0684 0x2070  [ F289F7EDE8375C33450CBFCF07CDF0CD, 23FBCC2D1750559247E296A8EAB46A7E838189D5425AADD7C1C946BCC2DD1DAD ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:18:47.0715 0x2070  eeCtrl - ok
17:18:47.0746 0x2070  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] EFS             C:\Windows\System32\lsass.exe
17:18:47.0855 0x2070  EFS - ok
17:18:47.0918 0x2070  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:18:48.0011 0x2070  ehRecvr - ok
17:18:48.0043 0x2070  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
17:18:48.0074 0x2070  ehSched - ok
17:18:48.0121 0x2070  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:18:48.0152 0x2070  elxstor - ok
17:18:48.0167 0x2070  [ 8DE31E848D20C6873A6AC10D9B7C1524, 7FF63C19FCC1B6D6FEDBFDE13EBE139885BEE0D5F6BEF50B37FC3B64980A1F93 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:18:48.0199 0x2070  EraserUtilRebootDrv - ok
17:18:48.0214 0x2070  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:18:48.0277 0x2070  ErrDev - ok
17:18:48.0323 0x2070  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
17:18:48.0370 0x2070  EventSystem - ok
17:18:48.0401 0x2070  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:18:48.0448 0x2070  exfat - ok
17:18:48.0479 0x2070  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:18:48.0511 0x2070  fastfat - ok
17:18:48.0604 0x2070  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
17:18:48.0667 0x2070  Fax - ok
17:18:48.0682 0x2070  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:18:48.0729 0x2070  fdc - ok
17:18:48.0823 0x2070  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
17:18:48.0854 0x2070  fdPHost - ok
17:18:48.0885 0x2070  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:18:48.0916 0x2070  FDResPub - ok
17:18:48.0947 0x2070  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:18:48.0963 0x2070  FileInfo - ok
17:18:48.0963 0x2070  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:18:48.0994 0x2070  Filetrace - ok
17:18:49.0010 0x2070  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:18:49.0010 0x2070  flpydisk - ok
17:18:49.0041 0x2070  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:18:49.0057 0x2070  FltMgr - ok
17:18:49.0103 0x2070  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
17:18:49.0213 0x2070  FontCache - ok
17:18:49.0275 0x2070  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:18:49.0291 0x2070  FontCache3.0.0.0 - ok
17:18:49.0322 0x2070  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:18:49.0337 0x2070  FsDepends - ok
17:18:49.0353 0x2070  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:18:49.0369 0x2070  Fs_Rec - ok
17:18:49.0400 0x2070  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:18:49.0447 0x2070  fvevol - ok
17:18:49.0478 0x2070  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:18:49.0493 0x2070  gagp30kx - ok
17:18:49.0556 0x2070  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:18:49.0618 0x2070  gpsvc - ok
17:18:49.0712 0x2070  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:18:49.0727 0x2070  gupdate - ok
17:18:49.0727 0x2070  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:18:49.0743 0x2070  gupdatem - ok
17:18:49.0790 0x2070  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:18:49.0930 0x2070  hcw85cir - ok
17:18:50.0071 0x2070  [ E4AEF0DAACBE59B048BE0224A6D0E601, 134A4422E07831701B91CD4ADAD79A4CDC8D3C203794E320F098FC7BEF481A17 ] HCWBT8xx        C:\Windows\system32\drivers\HCWBT8XX.sys
17:18:50.0164 0x2070  HCWBT8xx - ok
17:18:50.0242 0x2070  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:18:50.0320 0x2070  HdAudAddService - ok
17:18:50.0383 0x2070  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:18:50.0398 0x2070  HDAudBus - ok
17:18:50.0445 0x2070  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:18:50.0507 0x2070  HidBatt - ok
17:18:50.0523 0x2070  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:18:50.0554 0x2070  HidBth - ok
17:18:50.0585 0x2070  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:18:50.0617 0x2070  HidIr - ok
17:18:50.0648 0x2070  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
17:18:50.0710 0x2070  hidserv - ok
17:18:50.0757 0x2070  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:18:50.0866 0x2070  HidUsb - ok
17:18:50.0882 0x2070  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:18:50.0929 0x2070  hkmsvc - ok
17:18:50.0991 0x2070  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:18:51.0085 0x2070  HomeGroupListener - ok
17:18:51.0178 0x2070  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:18:51.0272 0x2070  HomeGroupProvider - ok
17:18:51.0334 0x2070  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:18:51.0350 0x2070  HpSAMD - ok
17:18:51.0475 0x2070  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:18:51.0521 0x2070  HTTP - ok
17:18:51.0537 0x2070  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:18:51.0553 0x2070  hwpolicy - ok
17:18:51.0599 0x2070  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:18:51.0631 0x2070  i8042prt - ok
17:18:51.0693 0x2070  [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:18:51.0740 0x2070  iaStorV - ok
17:18:52.0005 0x2070  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:18:52.0239 0x2070  idsvc - ok
17:18:52.0551 0x2070  [ 98011ACE154F1F8F2792960DA5C7ED3F, 37790BCEF66F9CB037E688487FEDD473DF0930D890143DEACCCAC4DB10A3CEE4 ] IDSVix86        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20150410.011\IDSvix86.sys
17:18:52.0613 0x2070  IDSVix86 - ok
17:18:52.0645 0x2070  IEEtwCollectorService - ok
17:18:52.0691 0x2070  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:18:52.0723 0x2070  iirsp - ok
17:18:52.0910 0x2070  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:18:53.0035 0x2070  IKEEXT - ok
17:18:53.0050 0x2070  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:18:53.0066 0x2070  intelide - ok
17:18:53.0206 0x2070  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:18:53.0222 0x2070  intelppm - ok
17:18:53.0269 0x2070  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:18:53.0300 0x2070  IPBusEnum - ok
17:18:53.0331 0x2070  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:18:53.0443 0x2070  IpFilterDriver - ok
17:18:53.0583 0x2070  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:18:53.0708 0x2070  iphlpsvc - ok
17:18:53.0739 0x2070  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:18:53.0770 0x2070  IPMIDRV - ok
17:18:53.0833 0x2070  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:18:53.0880 0x2070  IPNAT - ok
17:18:53.0911 0x2070  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:18:54.0129 0x2070  IRENUM - ok
17:18:54.0160 0x2070  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:18:54.0176 0x2070  isapnp - ok
17:18:54.0238 0x2070  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:18:54.0285 0x2070  iScsiPrt - ok
17:18:54.0316 0x2070  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:18:54.0348 0x2070  kbdclass - ok
17:18:54.0394 0x2070  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:18:54.0410 0x2070  kbdhid - ok
17:18:54.0457 0x2070  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] KeyIso          C:\Windows\system32\lsass.exe
17:18:54.0472 0x2070  KeyIso - ok
17:18:54.0596 0x2070  [ 4DAC97CF81FAE4B2988AEF0DF40D04AE, 5560304972693DE5D5B21CE010A76067FA5B64AD5968122EE9F8248B3EA4878E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:18:54.0612 0x2070  KSecDD - ok
17:18:54.0627 0x2070  [ 9EED5E0B7BF784C491C2289A09920BDA, 9E82EB777A01AB32EDA2AE0420546602A82C850D68D2C0AEDB4EA5ADEDF835E6 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:18:54.0674 0x2070  KSecPkg - ok
17:18:54.0752 0x2070  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:18:54.0814 0x2070  KtmRm - ok
17:18:54.0908 0x2070  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:18:55.0002 0x2070  LanmanServer - ok
17:18:55.0033 0x2070  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:18:55.0095 0x2070  LanmanWorkstation - ok
17:18:55.0142 0x2070  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:18:55.0173 0x2070  lltdio - ok
17:18:55.0220 0x2070  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:18:55.0251 0x2070  lltdsvc - ok
17:18:55.0267 0x2070  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:18:55.0282 0x2070  lmhosts - ok
17:18:55.0314 0x2070  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:18:55.0329 0x2070  LSI_FC - ok
17:18:55.0360 0x2070  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:18:55.0376 0x2070  LSI_SAS - ok
17:18:55.0392 0x2070  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:18:55.0392 0x2070  LSI_SAS2 - ok
17:18:55.0407 0x2070  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:18:55.0454 0x2070  LSI_SCSI - ok
17:18:55.0470 0x2070  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:18:55.0548 0x2070  luafv - ok
17:18:55.0610 0x2070  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:18:55.0641 0x2070  Mcx2Svc - ok
17:18:55.0657 0x2070  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:18:55.0672 0x2070  megasas - ok
17:18:55.0704 0x2070  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:18:55.0719 0x2070  MegaSR - ok
17:18:55.0735 0x2070  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
17:18:55.0750 0x2070  MMCSS - ok
17:18:55.0766 0x2070  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
17:18:55.0813 0x2070  Modem - ok
17:18:55.0828 0x2070  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:18:55.0844 0x2070  monitor - ok
17:18:55.0875 0x2070  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:18:55.0891 0x2070  mouclass - ok
17:18:55.0906 0x2070  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:18:55.0938 0x2070  mouhid - ok
17:18:55.0969 0x2070  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:18:55.0969 0x2070  mountmgr - ok
17:18:56.0000 0x2070  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:18:56.0016 0x2070  mpio - ok
17:18:56.0031 0x2070  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:18:56.0062 0x2070  mpsdrv - ok
17:18:56.0094 0x2070  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:18:56.0156 0x2070  MpsSvc - ok
17:18:56.0172 0x2070  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:18:56.0234 0x2070  MRxDAV - ok
17:18:56.0265 0x2070  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:18:56.0312 0x2070  mrxsmb - ok
17:18:56.0328 0x2070  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:18:56.0359 0x2070  mrxsmb10 - ok
17:18:56.0390 0x2070  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:18:56.0406 0x2070  mrxsmb20 - ok
17:18:56.0437 0x2070  [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:18:56.0452 0x2070  msahci - ok
17:18:56.0468 0x2070  [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:18:56.0484 0x2070  msdsm - ok
17:18:56.0562 0x2070  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
17:18:56.0608 0x2070  MSDTC - ok
17:18:56.0655 0x2070  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:18:56.0686 0x2070  Msfs - ok
17:18:56.0733 0x2070  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:18:56.0874 0x2070  mshidkmdf - ok
17:18:56.0952 0x2070  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:18:56.0967 0x2070  msisadrv - ok
17:18:57.0232 0x2070  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:18:57.0326 0x2070  MSiSCSI - ok
17:18:57.0326 0x2070  msiserver - ok
17:18:57.0435 0x2070  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:18:57.0513 0x2070  MSKSSRV - ok
17:18:57.0700 0x2070  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:18:57.0810 0x2070  MSPCLOCK - ok
17:18:57.0825 0x2070  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:18:57.0888 0x2070  MSPQM - ok
17:18:57.0934 0x2070  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:18:57.0981 0x2070  MsRPC - ok
17:18:58.0012 0x2070  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:18:58.0044 0x2070  mssmbios - ok
17:18:58.0075 0x2070  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:18:58.0137 0x2070  MSTEE - ok
17:18:58.0168 0x2070  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:18:58.0231 0x2070  MTConfig - ok
17:18:58.0262 0x2070  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:18:58.0278 0x2070  Mup - ok
17:18:58.0449 0x2070  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
17:18:58.0636 0x2070  napagent - ok
17:18:58.0792 0x2070  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:18:58.0855 0x2070  NativeWifiP - ok
17:18:58.0995 0x2070  [ 80FBA3EED69BCA4B82555B21AA0AD902, FE4BBF045E31757CC3E6D9234F39EF4F586CE14A1399DC705875CD45F87AC971 ] NAVENG          C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150412.022\NAVENG.SYS
17:18:59.0104 0x2070  NAVENG - ok
17:18:59.0494 0x2070  [ 3F96C4FA47BDB31680088FA4126E191F, E8712D86B5A5AB3D7AF20D8384EBC4863877D424A560ED8A1C5500EA27E38E8E ] NAVEX15         C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150412.022\NAVEX15.SYS
17:18:59.0557 0x2070  NAVEX15 - ok
17:18:59.0713 0x2070  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:18:59.0838 0x2070  NDIS - ok
17:18:59.0916 0x2070  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:18:59.0962 0x2070  NdisCap - ok
17:18:59.0994 0x2070  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:19:00.0040 0x2070  NdisTapi - ok
17:19:00.0072 0x2070  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:19:00.0196 0x2070  Ndisuio - ok
17:19:00.0274 0x2070  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:19:00.0337 0x2070  NdisWan - ok
17:19:00.0399 0x2070  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:19:00.0430 0x2070  NDProxy - ok
17:19:00.0508 0x2070  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:19:00.0586 0x2070  NetBIOS - ok
17:19:00.0633 0x2070  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:19:00.0696 0x2070  NetBT - ok
17:19:00.0727 0x2070  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] Netlogon        C:\Windows\system32\lsass.exe
17:19:00.0805 0x2070  Netlogon - ok
17:19:00.0883 0x2070  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
17:19:00.0930 0x2070  Netman - ok
17:19:01.0023 0x2070  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
17:19:01.0132 0x2070  netprofm - ok
17:19:01.0164 0x2070  [ 005C38BA492291801AA5F71DAE3C1A7B, E43F0CE95D646B41FC681E0B95721598EA74C45975BEEE1C5EFFB0D238253B0E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:19:01.0226 0x2070  NetTcpPortSharing - ok
17:19:01.0273 0x2070  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:19:01.0288 0x2070  nfrd960 - ok
17:19:01.0366 0x2070  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:19:01.0507 0x2070  NlaSvc - ok
17:19:01.0585 0x2070  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:19:01.0647 0x2070  Npfs - ok
17:19:01.0710 0x2070  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
17:19:01.0788 0x2070  nsi - ok
17:19:01.0834 0x2070  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:19:01.0897 0x2070  nsiproxy - ok
17:19:02.0152 0x2070  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:19:02.0210 0x2070  Ntfs - ok
17:19:02.0230 0x2070  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
17:19:02.0270 0x2070  Null - ok
17:19:02.0310 0x2070  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:19:02.0360 0x2070  nvraid - ok
17:19:02.0390 0x2070  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:19:02.0420 0x2070  nvstor - ok
17:19:02.0460 0x2070  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:19:02.0480 0x2070  nv_agp - ok
17:19:02.0490 0x2070  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:19:02.0530 0x2070  ohci1394 - ok
17:19:02.0730 0x2070  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:19:02.0980 0x2070  ose - ok
17:19:03.0582 0x2070  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:19:03.0800 0x2070  osppsvc - ok
17:19:03.0956 0x2070  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:19:04.0050 0x2070  p2pimsvc - ok
17:19:04.0097 0x2070  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:19:04.0175 0x2070  p2psvc - ok
17:19:04.0222 0x2070  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:19:04.0253 0x2070  Parport - ok
17:19:04.0284 0x2070  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:19:04.0315 0x2070  partmgr - ok
17:19:04.0331 0x2070  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:19:04.0362 0x2070  Parvdm - ok
17:19:04.0440 0x2070  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:19:04.0548 0x2070  PcaSvc - ok
17:19:04.0642 0x2070  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
17:19:04.0673 0x2070  pci - ok
17:19:04.0688 0x2070  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:19:04.0704 0x2070  pciide - ok
17:19:04.0720 0x2070  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:19:04.0735 0x2070  pcmcia - ok
17:19:04.0751 0x2070  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:19:04.0766 0x2070  pcw - ok
17:19:04.0979 0x2070  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:19:05.0136 0x2070  PEAUTH - ok
17:19:05.0344 0x2070  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:19:05.0475 0x2070  PeerDistSvc - ok
17:19:05.0663 0x2070  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
17:19:05.0865 0x2070  pla - ok
17:19:05.0957 0x2070  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:19:06.0002 0x2070  PlugPlay - ok
17:19:06.0025 0x2070  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:19:06.0060 0x2070  PNRPAutoReg - ok
17:19:06.0132 0x2070  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:19:06.0212 0x2070  PNRPsvc - ok
17:19:06.0275 0x2070  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:19:06.0327 0x2070  PolicyAgent - ok
17:19:06.0415 0x2070  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
17:19:06.0490 0x2070  Power - ok
17:19:06.0630 0x2070  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:19:06.0661 0x2070  PptpMiniport - ok
17:19:06.0677 0x2070  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:19:06.0726 0x2070  Processor - ok
17:19:06.0757 0x2070  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:19:06.0798 0x2070  ProfSvc - ok
17:19:06.0813 0x2070  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:19:06.0815 0x2070  ProtectedStorage - ok
17:19:06.0862 0x2070  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:19:06.0909 0x2070  Psched - ok
17:19:06.0940 0x2070  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:19:07.0002 0x2070  ql2300 - ok
17:19:07.0018 0x2070  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:19:07.0034 0x2070  ql40xx - ok
17:19:07.0080 0x2070  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
17:19:07.0112 0x2070  QWAVE - ok
17:19:07.0158 0x2070  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:19:07.0205 0x2070  QWAVEdrv - ok
17:19:07.0293 0x2070  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:19:07.0318 0x2070  RasAcd - ok
17:19:07.0415 0x2070  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:19:07.0446 0x2070  RasAgileVpn - ok
17:19:07.0524 0x2070  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
17:19:07.0555 0x2070  RasAuto - ok
17:19:07.0602 0x2070  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:19:07.0633 0x2070  Rasl2tp - ok
17:19:07.0680 0x2070  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
17:19:07.0727 0x2070  RasMan - ok
17:19:07.0743 0x2070  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:19:07.0805 0x2070  RasPppoe - ok
17:19:07.0852 0x2070  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:19:07.0899 0x2070  RasSstp - ok
17:19:07.0914 0x2070  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:19:07.0977 0x2070  rdbss - ok
17:19:08.0039 0x2070  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:19:08.0055 0x2070  rdpbus - ok
17:19:08.0117 0x2070  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:19:08.0195 0x2070  RDPCDD - ok
17:19:08.0320 0x2070  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:19:08.0445 0x2070  RDPDR - ok
17:19:08.0523 0x2070  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:19:08.0585 0x2070  RDPENCDD - ok
17:19:08.0616 0x2070  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:19:08.0632 0x2070  RDPREFMP - ok
17:19:08.0710 0x2070  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:19:08.0819 0x2070  RDPWD - ok
17:19:08.0928 0x2070  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:19:08.0959 0x2070  rdyboost - ok
17:19:09.0022 0x2070  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:19:09.0084 0x2070  RemoteAccess - ok
17:19:09.0131 0x2070  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:19:09.0193 0x2070  RemoteRegistry - ok
17:19:09.0225 0x2070  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:19:09.0271 0x2070  RpcEptMapper - ok
17:19:09.0318 0x2070  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
17:19:09.0334 0x2070  RpcLocator - ok
17:19:09.0365 0x2070  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
17:19:09.0381 0x2070  RpcSs - ok
17:19:09.0427 0x2070  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:19:09.0459 0x2070  rspndr - ok
17:19:09.0474 0x2070  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:19:09.0537 0x2070  s3cap - ok
17:19:09.0552 0x2070  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] SamSs           C:\Windows\system32\lsass.exe
17:19:09.0583 0x2070  SamSs - ok
17:19:09.0615 0x2070  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:19:09.0646 0x2070  sbp2port - ok
17:19:09.0693 0x2070  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:19:09.0755 0x2070  SCardSvr - ok
17:19:09.0786 0x2070  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:19:09.0817 0x2070  scfilter - ok
17:19:10.0005 0x2070  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
17:19:10.0098 0x2070  Schedule - ok
17:19:10.0152 0x2070  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:19:10.0172 0x2070  SCPolicySvc - ok
17:19:10.0237 0x2070  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:19:10.0284 0x2070  SDRSVC - ok
17:19:10.0315 0x2070  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:19:10.0362 0x2070  secdrv - ok
17:19:10.0378 0x2070  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
17:19:10.0393 0x2070  seclogon - ok
17:19:10.0425 0x2070  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
17:19:10.0471 0x2070  SENS - ok
17:19:10.0487 0x2070  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:19:10.0549 0x2070  SensrSvc - ok
17:19:10.0643 0x2070  [ 18E1127C5341E2F037439033EE0D0D4B, 74ABC4EC09F7050A35C353D2367900CBD92ADD4785CF379CBD46DFAADAFE8844 ] SepMasterService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
17:19:10.0705 0x2070  SepMasterService - ok
17:19:10.0737 0x2070  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:19:10.0752 0x2070  Serenum - ok
17:19:10.0815 0x2070  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:19:10.0846 0x2070  Serial - ok
17:19:10.0861 0x2070  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:19:10.0877 0x2070  sermouse - ok
17:19:10.0908 0x2070  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:19:10.0924 0x2070  SessionEnv - ok
17:19:10.0939 0x2070  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:19:10.0986 0x2070  sffdisk - ok
17:19:10.0986 0x2070  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:19:11.0002 0x2070  sffp_mmc - ok
17:19:11.0017 0x2070  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:19:11.0033 0x2070  sffp_sd - ok
17:19:11.0064 0x2070  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:19:11.0080 0x2070  sfloppy - ok
17:19:11.0111 0x2070  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:19:11.0173 0x2070  SharedAccess - ok
17:19:11.0189 0x2070  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:19:11.0251 0x2070  ShellHWDetection - ok
17:19:11.0267 0x2070  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:19:11.0283 0x2070  sisagp - ok
17:19:11.0314 0x2070  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:19:11.0361 0x2070  SiSRaid2 - ok
17:19:11.0376 0x2070  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:19:11.0407 0x2070  SiSRaid4 - ok
17:19:11.0423 0x2070  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:19:11.0470 0x2070  Smb - ok
17:19:11.0641 0x2070  [ 274D13E3AA30BD8F86165FC0B662894E, B15577BD69C8D4014D61EA04E8E4A4EE84F8FFB0F5E888CB4130C2014E9A146C ] SmcService      C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
17:19:11.0766 0x2070  SmcService - ok
17:19:11.0875 0x2070  [ 7C6085C72FE7415B2E643990FB484CCB, 560E89AABD456F4EA48AA9E157BF3846530281BED206D4D6DDF7341B31CBC226 ] SNAC            C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\snac.exe
17:19:11.0891 0x2070  SNAC - ok
17:19:11.0922 0x2070  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:19:11.0938 0x2070  SNMPTRAP - ok
17:19:11.0953 0x2070  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:19:11.0969 0x2070  spldr - ok
17:19:12.0000 0x2070  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
17:19:12.0031 0x2070  Spooler - ok
17:19:12.0125 0x2070  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
17:19:12.0234 0x2070  sppsvc - ok
17:19:12.0265 0x2070  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:19:12.0281 0x2070  sppuinotify - ok
17:19:12.0328 0x2070  [ D52D335CEF10FA933141863100226610, 40A545972E5D8B58DD7746D7BFEE7829F7061B70BA214381ECA5A324EC3655F1 ] SRTSP           C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSP.SYS
17:19:12.0343 0x2070  SRTSP - ok
17:19:12.0359 0x2070  [ FE9BD381778A344F0E39AE2D5E607D7F, 04F7EEE5ADF802BE120CFC730D5D5B97AF561278ABDE3C094E43174886C3867B ] SRTSPX          C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SRTSPX.SYS
17:19:12.0390 0x2070  SRTSPX - ok
17:19:12.0421 0x2070  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:19:12.0484 0x2070  srv - ok
17:19:12.0515 0x2070  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:19:12.0546 0x2070  srv2 - ok
17:19:12.0609 0x2070  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:19:12.0640 0x2070  srvnet - ok
17:19:12.0655 0x2070  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:19:12.0687 0x2070  SSDPSRV - ok
17:19:12.0702 0x2070  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:19:12.0749 0x2070  SstpSvc - ok
17:19:12.0780 0x2070  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:19:12.0796 0x2070  stexstor - ok
17:19:12.0843 0x2070  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:19:12.0874 0x2070  StiSvc - ok
17:19:12.0905 0x2070  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:19:12.0921 0x2070  storflt - ok
17:19:12.0936 0x2070  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
17:19:12.0983 0x2070  StorSvc - ok
17:19:13.0014 0x2070  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:19:13.0030 0x2070  storvsc - ok
17:19:13.0045 0x2070  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:19:13.0092 0x2070  swenum - ok
17:19:13.0139 0x2070  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
17:19:13.0186 0x2070  swprv - ok
17:19:13.0217 0x2070  [ FBB45518D08A7010E804234188D8CB3F, CB8AD5BB61F1952029ACD43BD90AC2F2E2D5FDA5217EDC1D65E61A53990052B1 ] SyDvCtrl        C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SyDvCtrl32.sys
17:19:13.0233 0x2070  SyDvCtrl - ok
17:19:13.0248 0x2070  [ 5A193E5E0F0A776430E5D62A051C1E16, A65E927581CD92F9769F540D3292EF12299273F9EEE99DECAE01E2B52B8DB465 ] SymDS           C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMDS.SYS
17:19:13.0264 0x2070  SymDS - ok
17:19:13.0389 0x2070  [ 68762EF9ED8A8D4A07112B3E3590EA29, 1D07F12351F5CC0D296841D7084159BB547CB76209F10E7117E851750B66497A ] SymEFA          C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMEFA.SYS
17:19:13.0467 0x2070  SymEFA - ok
17:19:13.0513 0x2070  [ E987A9CB539147527F56943BB34B7375, 4627C3E237549587B53CBD0D89AC2CEFF03C04F7624E2868936BCE5D70496AFD ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
17:19:13.0529 0x2070  SymEvent - ok
17:19:13.0576 0x2070  [ 34A34E3E3B37E36DA570489ABE7A9AE0, E72E6F8EE1194FDE4750CFFAF1817B2F277845F41FABD56B4C2B8F0F50C6B2D3 ] SymIRON         C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\Ironx86.SYS
17:19:13.0591 0x2070  SymIRON - ok
17:19:13.0654 0x2070  [ 51165F9280509289CE1B1959275240F4, 51F7ACE923D94A4C8D01729177577560C8E86523F7E6BA3717F8C722FB7A241C ] SYMNETS         C:\Windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x86\SYMNETS.SYS
17:19:13.0669 0x2070  SYMNETS - ok
17:19:13.0903 0x2070  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
17:19:13.0966 0x2070  SysMain - ok
17:19:13.0997 0x2070  [ 5A9A5CE08168E6D23BED96B97E002DF9, 498B5CDCEFFC49AB20FF8A82B5D621F2A55776EFAFA1A025BDDDBBBE991063E0 ] SysPlant        C:\Windows\system32\Drivers\SysPlant.sys
17:19:14.0013 0x2070  SysPlant - ok
17:19:14.0044 0x2070  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
17:19:14.0059 0x2070  TabletInputService - ok
17:19:14.0075 0x2070  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:19:14.0122 0x2070  TapiSrv - ok
17:19:14.0137 0x2070  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
17:19:14.0184 0x2070  TBS - ok
17:19:14.0231 0x2070  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:19:14.0278 0x2070  Tcpip - ok
17:19:14.0340 0x2070  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:19:14.0387 0x2070  TCPIP6 - ok
17:19:14.0418 0x2070  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:19:14.0481 0x2070  tcpipreg - ok
17:19:14.0527 0x2070  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:19:14.0574 0x2070  TDPIPE - ok
17:19:14.0590 0x2070  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:19:14.0621 0x2070  TDTCP - ok
17:19:14.0637 0x2070  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:19:14.0668 0x2070  tdx - ok
17:19:14.0761 0x2070  [ 1ACE75CCABF098F96ED839C8AB45B9ED, 48CCA0025B42973448B390CCDD8279D021B1A9255B1AF1B0BC0A6EE993CC4E40 ] Teefer2         C:\Windows\system32\DRIVERS\Teefer.sys
17:19:14.0777 0x2070  Teefer2 - ok
17:19:14.0793 0x2070  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:19:14.0839 0x2070  TermDD - ok
17:19:14.0871 0x2070  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
17:19:14.0917 0x2070  TermService - ok
17:19:14.0933 0x2070  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
17:19:14.0964 0x2070  Themes - ok
17:19:14.0964 0x2070  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:19:14.0995 0x2070  THREADORDER - ok
17:19:15.0011 0x2070  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
17:19:15.0042 0x2070  TrkWks - ok
17:19:15.0073 0x2070  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:19:15.0105 0x2070  TrustedInstaller - ok
17:19:15.0136 0x2070  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:19:15.0151 0x2070  tssecsrv - ok
17:19:15.0183 0x2070  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:19:15.0229 0x2070  TsUsbFlt - ok
17:19:15.0261 0x2070  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:19:15.0292 0x2070  tunnel - ok
17:19:15.0323 0x2070  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:19:15.0339 0x2070  uagp35 - ok
17:19:15.0354 0x2070  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:19:15.0385 0x2070  udfs - ok
17:19:15.0401 0x2070  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:19:15.0417 0x2070  UI0Detect - ok
17:19:15.0448 0x2070  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:19:15.0463 0x2070  uliagpkx - ok
17:19:15.0479 0x2070  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:19:15.0526 0x2070  umbus - ok
17:19:15.0526 0x2070  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:19:15.0557 0x2070  UmPass - ok
17:19:15.0588 0x2070  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:19:15.0604 0x2070  UmRdpService - ok
17:19:15.0635 0x2070  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
17:19:15.0666 0x2070  upnphost - ok
17:19:15.0729 0x2070  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:19:15.0791 0x2070  usbccgp - ok
17:19:15.0807 0x2070  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:19:15.0853 0x2070  usbcir - ok
17:19:15.0869 0x2070  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:19:15.0885 0x2070  usbehci - ok
17:19:15.0916 0x2070  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:19:15.0931 0x2070  usbhub - ok
17:19:15.0947 0x2070  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:19:16.0025 0x2070  usbohci - ok
17:19:16.0103 0x2070  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:19:16.0150 0x2070  usbprint - ok
17:19:16.0243 0x2070  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:19:16.0306 0x2070  usbscan - ok
17:19:16.0337 0x2070  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:19:16.0384 0x2070  USBSTOR - ok
17:19:16.0415 0x2070  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:19:16.0431 0x2070  usbuhci - ok
17:19:16.0446 0x2070  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
17:19:16.0477 0x2070  UxSms - ok
17:19:16.0509 0x2070  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] VaultSvc        C:\Windows\system32\lsass.exe
17:19:16.0524 0x2070  VaultSvc - ok
17:19:16.0571 0x2070  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:19:16.0587 0x2070  vdrvroot - ok
17:19:16.0618 0x2070  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
17:19:16.0649 0x2070  vds - ok
17:19:16.0665 0x2070  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:19:16.0680 0x2070  vga - ok
17:19:16.0696 0x2070  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:19:16.0727 0x2070  VgaSave - ok
17:19:16.0774 0x2070  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:19:16.0789 0x2070  vhdmp - ok
17:19:16.0805 0x2070  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:19:16.0821 0x2070  viaagp - ok
17:19:16.0836 0x2070  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:19:16.0857 0x2070  ViaC7 - ok
17:19:16.0888 0x2070  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:19:16.0904 0x2070  viaide - ok
17:19:16.0919 0x2070  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:19:16.0950 0x2070  vmbus - ok
17:19:16.0982 0x2070  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:19:16.0997 0x2070  VMBusHID - ok
17:19:17.0013 0x2070  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:19:17.0028 0x2070  volmgr - ok
17:19:17.0060 0x2070  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:19:17.0075 0x2070  volmgrx - ok
17:19:17.0091 0x2070  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:19:17.0122 0x2070  volsnap - ok
17:19:17.0216 0x2070  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:19:17.0247 0x2070  vsmraid - ok
17:19:17.0356 0x2070  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
17:19:17.0403 0x2070  VSS - ok
17:19:17.0418 0x2070  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:19:17.0434 0x2070  vwifibus - ok
17:19:17.0465 0x2070  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
17:19:17.0496 0x2070  W32Time - ok
17:19:17.0512 0x2070  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:19:17.0543 0x2070  WacomPen - ok
17:19:17.0621 0x2070  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:19:17.0652 0x2070  WANARP - ok
17:19:17.0652 0x2070  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:19:17.0671 0x2070  Wanarpv6 - ok
17:19:17.0733 0x2070  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:19:17.0795 0x2070  WatAdminSvc - ok
17:19:17.0842 0x2070  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
17:19:17.0956 0x2070  wbengine - ok
17:19:17.0972 0x2070  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:19:18.0019 0x2070  WbioSrvc - ok
17:19:18.0050 0x2070  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:19:18.0066 0x2070  wcncsvc - ok
17:19:18.0097 0x2070  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:19:18.0128 0x2070  WcsPlugInService - ok
17:19:18.0159 0x2070  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:19:18.0175 0x2070  Wd - ok
17:19:18.0206 0x2070  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:19:18.0237 0x2070  Wdf01000 - ok
17:19:18.0253 0x2070  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:19:18.0315 0x2070  WdiServiceHost - ok
17:19:18.0331 0x2070  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:19:18.0346 0x2070  WdiSystemHost - ok
17:19:18.0378 0x2070  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
17:19:18.0409 0x2070  WebClient - ok
17:19:18.0424 0x2070  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:19:18.0456 0x2070  Wecsvc - ok
17:19:18.0487 0x2070  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:19:18.0518 0x2070  wercplsupport - ok
17:19:18.0671 0x2070  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
17:19:18.0764 0x2070  WerSvc - ok
17:19:18.0811 0x2070  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:19:18.0827 0x2070  WfpLwf - ok
17:19:18.0842 0x2070  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:19:18.0858 0x2070  WIMMount - ok
17:19:18.0905 0x2070  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:19:18.0952 0x2070  WinDefend - ok
17:19:18.0967 0x2070  WinHttpAutoProxySvc - ok
17:19:19.0014 0x2070  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:19:19.0045 0x2070  Winmgmt - ok
17:19:19.0108 0x2070  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:19:19.0186 0x2070  WinRM - ok
17:19:19.0217 0x2070  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:19:19.0232 0x2070  WinUsb - ok
17:19:19.0264 0x2070  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:19:19.0310 0x2070  Wlansvc - ok
17:19:19.0326 0x2070  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:19:19.0357 0x2070  WmiAcpi - ok
17:19:19.0373 0x2070  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:19:19.0388 0x2070  wmiApSrv - ok
17:19:19.0466 0x2070  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:19:19.0544 0x2070  WMPNetworkSvc - ok
17:19:19.0560 0x2070  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:19:19.0607 0x2070  WPCSvc - ok
17:19:19.0638 0x2070  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:19:19.0669 0x2070  WPDBusEnum - ok
17:19:19.0700 0x2070  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:19:19.0716 0x2070  ws2ifsl - ok
17:19:19.0747 0x2070  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:19:19.0763 0x2070  wscsvc - ok
17:19:19.0763 0x2070  WSearch - ok
17:19:19.0872 0x2070  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
17:19:20.0012 0x2070  wuauserv - ok
17:19:20.0028 0x2070  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:19:20.0075 0x2070  WudfPf - ok
17:19:20.0106 0x2070  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:19:20.0137 0x2070  WUDFRd - ok
17:19:20.0137 0x2070  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:19:20.0153 0x2070  wudfsvc - ok
17:19:20.0184 0x2070  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:19:20.0200 0x2070  WwanSvc - ok
17:19:20.0215 0x2070  ================ Scan global ===============================
17:19:20.0231 0x2070  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
17:19:20.0262 0x2070  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:19:20.0278 0x2070  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:19:20.0309 0x2070  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
17:19:20.0340 0x2070  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
17:19:20.0340 0x2070  [ Global ] - ok
17:19:20.0340 0x2070  ================ Scan MBR ==================================
17:19:20.0356 0x2070  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:19:20.0668 0x2070  \Device\Harddisk1\DR1 - ok
17:19:20.0683 0x2070  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:19:20.0746 0x2070  \Device\Harddisk0\DR0 - ok
17:19:20.0746 0x2070  ================ Scan VBR ==================================
17:19:20.0761 0x2070  [ 51390704D4D3B682FA0272E858C33F23 ] \Device\Harddisk1\DR1\Partition1
17:19:20.0761 0x2070  \Device\Harddisk1\DR1\Partition1 - ok
17:19:20.0761 0x2070  [ 89D972B5DCDDB59A4BA662C5289D158D ] \Device\Harddisk0\DR0\Partition1
17:19:20.0761 0x2070  \Device\Harddisk0\DR0\Partition1 - ok
17:19:20.0761 0x2070  ================ Scan generic autorun ======================
17:19:20.0824 0x2070  [ F0CC8EB90C1E7C0A4B3CCBAAF773337C, BA6DCFCF8890D52B126F9C68467B174F8FFB1BD872F22E5D6F011B0C937B1ABA ] C:\Program Files\Microsoft Money\System\Activation.exe
17:19:20.0855 0x2070  MoneyStartUp10.0 - detected UnsignedFile.Multi.Generic ( 1 )
17:19:24.0302 0x2070  MoneyStartUp10.0 ( UnsignedFile.Multi.Generic ) - warning
17:19:27.0188 0x2070  [ 4260CDD7292900C79EF2F360C28100C1, 6022554523FA23CC596F4917D7A7BBA7C0C8B9F13AD4DF5AAE92C78A9BEF4E5C ] C:\Program Files\Citrix\ICA Client\concentr.exe
17:19:27.0220 0x2070  ConnectionCenter - ok
17:19:27.0282 0x2070  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:19:27.0454 0x2070  Sidebar - ok
17:19:27.0485 0x2070  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:19:27.0516 0x2070  mctadmin - ok
17:19:27.0532 0x2070  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:19:27.0563 0x2070  Sidebar - ok
17:19:27.0578 0x2070  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:19:27.0594 0x2070  mctadmin - ok
17:19:27.0610 0x2070  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
17:19:27.0641 0x2070  Sidebar - ok
17:19:27.0734 0x2070  [ 2EC58592401DF51E46BF79523A5E35F2, 2B3CFC4FD12D2C1DF33E7F815F4453FDBDF4C6672BFE32D038CED0F16398EB46 ] C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
17:19:27.0766 0x2070  FlashPlayerUpdate - ok
17:19:27.0766 0x2070  Waiting for KSN requests completion. In queue: 7
17:19:28.0780 0x2070  Waiting for KSN requests completion. In queue: 7
17:19:29.0794 0x2070  Waiting for KSN requests completion. In queue: 7
17:19:31.0010 0x2070  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\WSCSavNotifier.exe ( 12.1.4013.4013 ), 0x71000 ( enabled : updated )
17:19:31.0042 0x2070  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe ( 12.1.4013.4013 ), 0x41010 ( enabled )
17:19:33.0881 0x2070  ============================================================
17:19:33.0881 0x2070  Scan finished
17:19:33.0881 0x2070  ============================================================
17:19:33.0881 0x26d0  Detected object count: 1
17:19:33.0881 0x26d0  Actual detected object count: 1
17:19:54.0192 0x26d0  MoneyStartUp10.0 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:54.0192 0x26d0  MoneyStartUp10.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

 

 

ESET Results as soon as it is done.

 



#6 annmarie1031

annmarie1031
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 April 2015 - 05:36 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1f469978c4ee5a4da095d0650ef133fd
# engine=23366
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-13 10:23:18
# local_time=2015-04-13 06:23:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Symantec Endpoint Protection'
# compatibility_mode=3601 16777213 100 99 26192580 46568292 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 26196136 180508589 0 0
# scanned=138427
# found=5
# cleaned=0
# scan_time=3235
sh=403391C0F5CC3717776353A7A7FE5EC92CF23929 ft=1 fh=26f8c6c9a85b3073 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\ProgramData\APN\APN-Stub\ORJ-SPE\ApnSetup.exe"
sh=403391C0F5CC3717776353A7A7FE5EC92CF23929 ft=1 fh=26f8c6c9a85b3073 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\All Users\APN\APN-Stub\ORJ-SPE\ApnSetup.exe"
sh=403391C0F5CC3717776353A7A7FE5EC92CF23929 ft=1 fh=26f8c6c9a85b3073 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Bob\AppData\Local\Temp\APNSetup.exe"
sh=17582E15CF3B8883D79CFDCA5DB236DA95AD294D ft=1 fh=9b5492e6bf3634b0 vn="Win32/Toolbar.AskSBar potentially unwanted application" ac=I fn="C:\Users\Bob\Documents\Drivers\Nero_BackItUp-4[1].0.38.0c_update.exe"
sh=17582E15CF3B8883D79CFDCA5DB236DA95AD294D ft=1 fh=9b5492e6bf3634b0 vn="Win32/Toolbar.AskSBar potentially unwanted application" ac=I fn="Z:\BKP 4-3-15\Documents\Drivers\Nero_BackItUp-4[1].0.38.0c_update.exe"
 



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 14 April 2015 - 02:40 AM

Hi there,

as I have mentioned already before, obviously the issue isn't related to malware.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 annmarie1031

annmarie1031
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 14 April 2015 - 09:30 AM

Any thoughts on why the high disk activity?  If I go into Windows Task Manager, Performance, click on Resource Manager, then click Disk, PID 4 sometimes has a high level of activity?  It is accessing all kind of files on the computer...

 

Thank you!



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 14 April 2015 - 03:10 PM

I suggest you start a new topic in the Windows 7 forum.
 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 16 April 2015 - 03:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users